On Friday, May 19, I attended the ISSA Summit 9 in Los Angeles to run the I Am The Cavalry booth. I Am The Cavalry was an honorary sponsor of the event and I thoroughly enjoyed the experience. From the keynotes about the current state of cyber security and life lessons learned from IT, to the in-depth breakdown of WanaCrypt0r, there was plenty to take away from each and every talk. Perhaps most importantly were the amazing connections we were able to establish at and around the booth. A speaker at the CISO panel mentioned I Am The Cavalry which also helped bring more interest over to the booth.
Of particular note, we received some very interesting questions, ideas, and even invitations to speak at other industry events, such as Big Data Day LA and SoCal Linux Expo (SCALE). One of the interesting enquiries we received was about creating a Pwn2Own for medical devices, which could facilitate more security research on them as more and more malware has been victimizing medical equipment. This brought to our attention the subject that is somewhat unique to healthcare and other special-device industries: the devices are so pricey that it is often impractical for security researchers to even get their hands on them in order to test. For example, an MRI machine costs upwards of hundreds of thousands of dollars and no known hospital currently has MRI machines to sacrifice on security tests.
Jennifer Granick, Stanford Law School’s Director of Civil Liberties, also stopped by the booth and asked to see some x86 disassembly, so I walked her through some WanaCrypt0r code which was a hot topic recently. Ms. Granick has a very thorough book that she recently published about the current state of privacy and surveillance in the United States entitled American Spies: Modern Surveillance, Why You Should Care, and What to Do About It. The book has a similar feel to Data and Goliath by Bruce Schneier, but as one would imagine, it covers a lot more policy and law rather than the technical focus of Schneier’s books. I feel this title makes a great companion to Data and Goliath and frankly was very necessary at this point in time. I’ve enjoyed the 50 pages that I’ve read so far and each page is jam-packed with value.
Last but not least, the CTF was put on by Somerset Recon from San Diego. These gentlemen are very, very skilled at what they do and brought an awesome, e-sports-esque head-to-head rig. If I would have had extra time, I certainly would have spent more time reversing binaries at the CTF, but every minute was well-spent at this event and I look forward to the next ISSA Summit.