A little presentation I did for NoVA Hackers.  Basic intent was to be more workshop than something more formal and to give everybody the tools to do their own experimentation at home.

I even inspired Jack to write a blog post.

Caveat: this has nothing to do with FISMA or Government InfoSec.  =)

Links in the Presentation:

• Zint
• ZXing
• BeeTagg
• Other Readers

Links of interest:

• Code 128
• QR Code
• Data Formatting Fun

• Save a Kitten, Write SCAP Content
• DojoCon 2009 Presentation
• QR Code Temporary Tattoos Howto
• Barcode Hacking Process
• The Accreditation Decision and the Authorizing Official

A small presentation Dan Philpott and I put together for Potomac Forum about getting sane social media policy out of your security staff. I also recommend reading something I put out a couple of months ago about Social Media Threats and Web 2.0.

• DojoCon 2009 Presentation
• The Accreditation Decision and the Authorizing Official
• Massively Scaled Security Solutions for Massively Scaled IT
• Metricon 5 Wrapup
• Certification and Accreditation Seminar, March 30th and 31st

For those of you who didn’t know the real purpose of DojoCon, it was to raise money and awareness for Hackers for Charity. If you like anything that is in this post, go to HFC and make a donation of time, equipment, tech support, and maybe money. If you’ve never heard of HFC because you’re not one of the “InfoSec Cool Kids”, now is your chance–go read about them.

The video of my dojocon presentation. The microphone was off for the first couple of minutes but I look pretty animated.

And then the compliance panel that I tried not to dominate:

And finally, my slides are up on slideshare:

• Massively Scaled Security Solutions for Massively Scaled IT
• Building A Modern Security Policy For Social Media and Government
• Barcode Hacking
• Metricon 5 Wrapup
• DojoCon DDoS Video

My presentation slides from Sector 2009.  This was a really fun conference, the Ontario people are really, really nice.

Presentation Abstract:

The US Federal Government is the world’s largest consumer of IT products and, by extension, one of the largest consumers of IT security products and services. This talk covers some of the problems with security on such a massive scale; how and why some technical, operational, and managerial solutions are working or not working; and how these lessons can be applied to smaller-scale security environments.

• A Layered Model for Massively-Scaled Security Management
• Metricon 5 Wrapup
• DojoCon 2009 Presentation
• Where is Rybolov?
• Building A Modern Security Policy For Social Media and Government

I sat down with Jim Manico a month or so ago when he was in DC and recorded a podcast for the OWASP Podcast.  It’s now live, check it out.

• Your Friendly Neighborhood C&A Podcast Panel
• Guerilla CISO “Staff” Hit the Campaign Trail
• OWASP AppSec Conference 09
• Caught on Tape!
• Old Saint NIST: Ho Ho Hold on, what’s this?

This week’s lolcats are a shout-out to the B-Sides crew who manage to do unconferences at major security conferences. Think of it as emerging ideas for the security set.

• Lolcats Protect the End Users
• Lolcats and QR Codes
• Redundant Lolcats
• Look Out, Sir Bruce, IKANHAZFIZMA is Coming for You
• Cellular Phone Hacking