“Think of it like the Top Gear of Information Security” I enthusiastically explained to Jim over the phone. Jim Shields, the director at Leicester-based media company Twist & Shout came highly recommended by Stephen Bonner after Jim’s company had created an award-winning series of information security videos.
It was the summer of 2009 and I had spent the previous 12 months building up my blog; Infosec Cynic and I wanted to embark on an ambitious personal project. I wanted to create a web-tv show based upon information security, but with all the glitz, glamour and excitement of a Hollywood blockbuster.
Jim suggested we could make it more than just a video show. We could make it a live event. Invite a couple of hundred people down for the day, ride as close to the edge as possible. It was going to be as non-corporate as you could get. The plan was ideal. With one exception… I had no funding.
Twist & Shout helped immensely, we rebranded the website and they pulled together a slick sponsors pack. I was going to attack the market and get some funding.
But coupled with my lack experience in getting sponsorship and the fact I was asking security vendors to sponsor an almost anti-vendor event, I didn’t get very far.
So I re-evaluated my strategy.
Forward to January 2010:
“It’ll be like the Top Gear of Information Security”. It was a cold snowy day in London’s Leicester Square, I was sat across the table in Starbucks from Roberto Iacurci, a young talented film-maker. My pitch to him, I needed a cameraman, director and editor to film the Infosec Cynic show. Five months later and we had released our first season which consisted of 8 episodes. Overall, it was received better than I had thought it would… but I wasn’t fully satisfied. I was a n00b. The final product wasn’t as great as I had imagined it to be in my mind. To this day, I’m unable look back and watch an entire episode without picking up on a 1001 things I wish I could have done differently.
But it was a start and I’d achieved something I always wanted to do. I was sure I’d nail it in season 2.
In late 2010, I attended a DC4420 meeting in London. Defcon 4420 is the London chapter where a bunch of security experts meet on a monthly basis to exchange ideas, tips and network. It was a rather quiet meeting as most people were in Las Vegas attending Blackhat. It was at this meeting where I met Matt Summers. We got chatting and he told me that he had taken upon himself the responsibility to organise Security BSides London.
Bsides started up a couple of years ago in the U.S. the concept is a simple, yet powerful one. An unconference that runs parallel to a conventional security conference that’s built, driven and run by members of the security industry. To create a collaborative environment.
Without hesitation I offered my support. This is the event I was looking for, the one I even thought I could create myself. I had been looking in all the wrong places, this was the event I needed to support and help build. Something that would add real value for the security community beyond that of a vanity project.
Little did I know what I’d signed up to. In hindsight I should have realised that given the fact that I struggle even organising a kids birthday party. Luckily the security community consists of a whole lot of extremely competent people who are extremely passionate about what they do. A crack commando team of volunteers was pulled together.
To this day, I’m still not sure how Matt and the other guys managed to secure sponsorship, I know how much I sucked at getting sponsorship, but without funding the project would be dead in the water.
For the months leading up to the event we had numerous meetings, both face to face and telephone conferences. Due to the fact that everyone has day jobs, meetings were always held after hours, and by the end most of us were cranky, irritable and complaining about how their other halves had thrown their cold dinner away.
The challenge with arranging such an event is the sheer number of minor things that crop up which you didn’t think of factoring in. Deciding on the venue was hard enough, but luckily Ricey is a well-travelled person and found SkillzMatter for us. He also created the online voting application upon the basis of which talks were selected.
Jimmy took delivery of items and prepared delegate bags whilst Iggy was our resident dictator and whipped everyone into shape.
Spreckley kindly donated some of Mital Goel’s time for our PR activities. I have developed newfound respect for PR professionals.
Others such as Paul, Tomasz Miklas, Ben and many others dedicated a lot of time and effort.
Being the first event we had collectively arranged, everything had to be discussed and agreed upon. We had to figure out how to register attendee’s, manage the press, keep sponsors pleased, make sure we didn’t exceed the venue’s seating capacity for the day, market the event, get T-shirts designed then printed, get around website hosting issues, etc. etc. etc. I think you get the drift.
It was in one of our early meetings when task were being handed out that I volunteered to look after media and video production. After all, I was the alleged genius who produced the infosec cynic show. I’d just knock together a few trailers to promote the event and job done. It so happened that I’d overlooked the simple fact that it would also involve filming the talks on the day of the event. My palm met my face rather abruptly when the penny dropped.
“Hey Jim, how’s it going? Remember we wanted to do the infosec cynic event all those months ago. Well, the event is happening, umm not quite, I mean I’m involved in BSides London which is the same thing really except its being done properly and how would you like to be part of this great event and sponsor the event by filming it all for us.” I say excitedly down the phone whilst forgetting to breath.
Pause.
“Of course I will mate, I’ll bring down a cameraman and all the kit we’ll make this the best security event ever!”
I sighed a sigh of relief. Jim agreeing to film it meant the production would be top notch. Otherwise we’d have to resort to volunteers bringing their own camcorders to catch the action.
Before long April 20th 2011 was upon us. Volunteers started reaching the venue from 07:00, most of whom had been living on a few hours of sleep for the last few days. Despite that, everyone was full of energy and ready to make sure the event was a success. Bags were sorted, volunteer shirts were distributed. Everyone made themselves familiar with the layout of the venue whilst b4seb4nd gave us all small laminated cards, each with the days schedule and important contact numbers. That little laminated card saved me a number of times throughout the day. It’s funny how sometimes it’s the little things that are the most useful.
I had a small emergency 15 minutes before the start when Jim was lacking an adapter to connect the sound system to a camera. Luckily a Maplins was nearby and a quick dash there got us the much-needed part.
The day progressed extremely smoothly. The venue had plenty of space for people to break away and have their own private discussions without disturbing any of the talks. Free tea, coffee, drinks, breakfast and lunch was provided which kept everyone happy. In between making sure everything was running as it should, I only managed to catch a handful of talks, but that was OK. I knew it was all being recorded so I could watch them later.
I had a chance to catch up with so many great people, many of whom I’d met for the first time in person. It was a great community feeling. To me, that’s what made the event so great, the fact that everyone was happy to be there. There were no grumblers and trouble-makers. Everyone was polite and approachable.
By the end of the day I felt immensely proud to have been part of something so exciting. The feedback had been overwhelmingly positive. I’d had the opportunity to work with a great team to deliver something for an awesome community of security professionals.
It goes to prove that despite what the doubters say about your lack of funds, specialist knowledge, business acumen, network or industry presence. All you need to do is find some people who share a common passion and you achieve your goal of making, “The Top gear of Information Security.”
Javvad Malik 
One thought on “Bsides London– A Personal Journey”