Monthly Archives: June 2017

AnyCon 2017 Review

I will preface this review by stating that putting on such events is by far not an easy task.  There is a ton of planning that goes into these.  On the day of the event not everything will go as planned and you will have to improvise.  Speakers will pull out, a sponsor may not deliver, or your CTF has a bunch of technical problems.  But you push through and rely on your team to help you through it.

On to the review…

This past weekend I was able to attend the first annual AnyCon security conference which took place at the Albany Capitol Center.  Overall, it was not a bad conference for a first time run.  It was the typical large conference setup with keynotes from Dave Kennedy (TrustedSec, Binary Defense, DerbyCon) and Sanjay Goel (University of Albany).  There were three tracks – Offensive, Defensive, and Educational.  For the full track listing you can hit the site up http://www.anycon.info/agenda/.  In between the talks you could head over to their onsite CTF, hardware hacking village, or play some ping pong.

The Content – As expected for a first run conference.

It was your typical set of conference talks.  Irongeek (Adrian Crenshaw) has them all posted up on his YouTube Channel.  I will let you be the judge of their quality.  Some of the talks certainly showed that pool of submitted content was not very deep and no real due diligence was done to vet the speakers.  One speaker, in fact, claimed during his talk that he single-handedly brought down the Teslacrypt C2 servers and forced the attackers to cease their DDoS attacks on his employer’s network.  That prompted some investigation by conference attendees on the legitimacy of the speaker, there is a pretty entertaining thread on Twitter.  But these things happen and will continue to happen so long as proper vetting isn’t done.  But as a first run conference, you can’t be too picky.  Speakers are not exactly knocking down your door to get accepted.  But that all comes with time.

It was pretty clear their target audience was not the seasoned professional, but that is ok.  In fact, you are hoping that those guys and gals will fill in your talk slots.  There were a good number of students attending which, I think, is great!  Hopefully they came away with more than I did from the conference and will continue to grow their skills and get out to some of the bigger conferences.

The Cost – No swag, no food, what did my 125 bucks get me?

When deciding to put on such an event, the topic of cost will be a big piece of the puzzle.  The goal should be to keep the cost low for the attendees.  Not many people are going to want shell out a ton of cash for a first run conference.  Even with the cost of $125 for a non-student, I still registered to attend as I am an avid supporter of furthering the education of the community and Albany is not a far drive.  Unfortunately, I left the conferencing wondering what I actually paid for?  I didn’t get any real swag besides what was available at the vendor tables, no free conference t-shirt, the badge was a basic plastic card badge, there was no breakfast or lunch provided on either day.  I’ve attended BSides events with a much lower cost to register ($20 or less) that included a t-shirt, breakfast, and lunch.  That is what your sponsors are for!  Your purpose for this first run conference should be to get people in the door so that they will come back next year.  As your conference grows you can bump the cost up as the demand to attend may increase.  Now, thankfully, not everyone had to pay the higher cost.  Students were offered a $50 ticket, still pretty high in my opinion.  Hopefully they pay attention to their feedback survey and work to bring the costs down or at least offer more to justify it.

Other thoughts…

Time management certainly needs some improvement.  It did not appear that any of the talks had a time keeper.  This caused the more long-winded speakers to go well over their allotted time which ate into the next speaker’s block.  Things like this can certainly throw off the whole schedule if your talks are tight.  But you will luck out during these first runs by the less experience speaker ending early.  After the keynote on Friday, there was little direction from the conference organizers on logistics.  There was no mentioning of lunch possibilities or plans for later that evening.  We were kind of left to figure that out on our own.  You need to assume that there may be a fair amount of people coming in from outside the area.  You don’t need to have a big party but you should look to the sponsors for possibly hosting a happy hour.  After the last talk, attendees just sort of went off on their own as they were not sure what else to do.  Again, if I was paying $20 bucks for a BSides event, it probably wouldn’t be a big deal, but this was close to the same price as DerbyCon but with a fraction of the content.

Summary of suggestions for next year:

  • Better time management.
  • Better vetting of speakers – don’t pollute the minds of the young by subjecting them to charlatans!
  • Swag bag – give me something to take back with me other than your event program!
  • Food, at least cover breakfast for those driving in the morning of the event.
  • Keep in contact with the attendees throughout the event, not just at the beginning and the end.
  • Look at adding a lock picking village separate from the Hardware hacking village.
  • Make the CTF an internet based one so people can work on it from their hotel rooms.