t2 Is the best conference I have ever been to.
I think that this conference has managed to nail down something very elusive and difficult - the right balance between human interaction and technical talks. I got the distinct impression through the conference that the main event was the hallway talks and that the scheduled talks were more of a break in the session.
Disclaimer: I was one of the speakers at the conference, but I speak at many conferences…
Deciding on which security conference to attend is always a struggle. At least for me, the journey has been to go from attending the talks (live) to actually engaging with the speakers, than with other attendants to speak at such conferences and not spending time at all at the talks (I watch them on the plane ride home).
But the problem of selecting a conference to attend (especially if your employer doesn’t have an unlimited budget, or if you pay for them yourself) is complex, with many requirements and constraints when you want to maximize the impact of your investment (perhaps this is a topic for another post).
It takes quite a bit to nail down the making of a great security conference, you have a crowd with different needs and proficiency level, you have the venue that needs to support the conference, you have the team that needs to be great and look after both speakers and attendees, you have a schedule that needs to be stellar, all of which leads to most conferences failing on one of these issues or more.
t2 was able to nail down something truly significant - as a conference, they offered great content (as a speaker I am biased, but I do believe that most of the content was great), but more importantly making the interactions between people at the conference valuable.
The conference is exclusive - in the sense that they only sell 99 tickets every year. you might be surprised to hear a relatively low amount of attendees as a positive indicator, but the direct effect of this decision is that you get a small, intimate conference where you have a real chance to have a real discussion with some of the most interesting people in our field. from security researchers, hardware and SDR hackers and other conference organizers.
I didn’t really know what to expect when arriving at Finland, even though it was one of my dream locations on my bucket list for quite some time, I never made actual plans to travel to Finland. I flew in with a connection at Riga (Latvia) and to my surprise, had a turboprop plane to take me to the Helsinki airport. for me at least, this was a novel experience, walking along the tarmac, up the stairs to a relatively small plane for the short hop from RIX to HEL.
Finland itself was absurdly nice, it felt very safe, people were very polite and everyone spoke very good English, and were happy to converse with foreigners. However, the most important thing was the food! We had the pleasure of dining at the Lapland restaurant for a traditional lappish (is that a word?) meal - consisting mainly of alcohol and reindeer.
The reindeer was superb!
And as a person who does not often drink alcohol, I found myself recommending two specific beverages: Lonkero (a lemony shweps like beer) and Salmiakki (which is a mildly lickerish based alcoholic drink) - both were extremely good.
Keynote - Halvar Flake
the keynote was given by none other than @halvarflake himself, discussing his thoughts on the way incentives and risk-taking are currently aligned, and some ways he thought that we can improve on the current models being used. you can find his presentation here.
Not having a total breakdown, Mark D
Another memorable talk was given by Mark on his experiences leading the incident response team at his company during one of the greatest cyber attacks in recent memory. During that incident, his organization lost tens of thousands of laptops and a couple of thousands of servers. He went in great detail into the human aspects of running such an operation, from understanding the situation, contacting other parts of the corporation and aligning information and responses as well coordinating the response and remediations steps that needed to be taken.
Restoring operational ability to the business when your network is down is a huge challenge and the technical aspect of it is probably not the most important one.
It almost easy to forget with all the DRP and tools that we have that there are actual people running behind these operations, and during these incidents - when they happen - being human, getting people to eat, sleep and see their families is just as important as getting the right technical response in place.
In short, if your DRP assumes that everything will be back to normal in 24h - you might be surprised when an incident takes a couple of days or even week to remediate. Like anything else, planning ahead is enormously helpful, and getting a logistical support team in place (that can get people anything from something to eat to a shaving kit) really makes a difference.
while I know I am not providing many details of the contents of his talk - I do believe this was probably the one that had the deepest effect on me.
An ice-cold Boot to break BitLocker, Olle Segerdahl
Bypassing Physical Security, Knud Hojgaard
Another great talk was about the different designs and limitations of physical security locks, mainly of the keycard or RFID type and how to bypass them. the talk was very good and had a lot of real-world examples. spoiler - cloning RFID keys is very easy.
JARVIS never saw it coming
I wasn’t sure if I should include my own talk here so I will mention that we gave it and that we got some great responses from the crowd. you can find more information here
I loved this conference, and my usual partner in crime @aCaltum loved it as well - and this is definitely going on my must be at conferences