BayThreat 2012

Dec 11, 2012
Andrea Bailiff-Gush

Share with Your Network

The third annual BayThreat conference was held this past weekend (Dec 7th and Dec 8th) in Sunnyvale, CA. Ryan Huber and myself from Risk I/O attended the event.  BayThreat is a security conference that has a great community feel.  This year’s event outgrew its previous location, and was held at the festive Firehouse Brewery in the historic section of Sunnyvale.

Baythreat’s 2012 theme brought two sides of hackerdom together: Attackers vs Defenders.  The two speaking tracks “Breaking Security” and “Building Security” did an excellent job showcasing the different techniques for hacking into a system and the best practices for
defending an IT infrastructure.  There were many thought provoking speakers who gave insightful talks.

On a side note, the show organizers were very sensitive to picture taking.  I brought a Canon DSLR to take a few snapshots for this blogpost.  After the third picture, I was asked to stop taking pictures and delete the images I had taken.  Apparently the session I attended  had a no-picture/ no-record policy.

One of the standout talks that Ryan and I attended was Jay Jacobs from Verizon.  In the lecture entitled “InfoSec Dataviz,” Jay discussed how the human brain can better understand threat data and statistical analysis through graphical representation.  As an example, Jay presented a recorded video of a system being port scanned over a 30-day period.  It was clear from watching the video that most attackers approach systems for windows of opportunity looking for known ports that may be open with known vulnerabilities.  Interestingly, during the 30-day period, only one would-be attacker scanned every port on the systemsequentially.  Fascinating.

BayThreat was a great show, and I’m glad Risk I/O was able to sponsorthe event and help support the security community in the San Francisco Bay area.  We are looking forward to being involved again in 2013.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.