It has been awhile but I will do a proper blog update soon. This week has been a build up for me on a number of levels, I've been up in Sydney completing the SABSA training, trying to study for that, polish up my talk then race back for Ruxcon. That and trying to sort out some admin issues with university meant I've been significantly under the pump and it all came to a head this week. So subsequently I've gotten sick and had to leave Ruxcon early (clearly I'm not up for this touring lifestyle).
I wanted to talk a bit about my talk, post the slides and some other odds and ends, so I'll be doing that in the next day or two.
But just briefly -
Ruxcon 2010 was the best year in the history of the conference. Props to Chris and the crew for organising it and the success. It is very clear he's learned from the successes and failures of other conferences and avoided all the pitfalls. To the degree that I would recommend overwhelmingly if you had to pick one conference in AU to attend, without a doubt, make it this one. I was very disappointed by AusCERT this year and I can safely say that I would not be keen to attending.
Secondly, the SABSA training really changed the way I look at architecture. This topic deserves a post on its own right and it will be forthcoming. I want to stress that this course is of benefit to ANYONE working in infosec -- I don't care if you are a pentester, a manager or an architect. David Lynas was able to really highlight how it all fits together with real world examples.
I guess, I had a kind of Neo moment (ala. The Matrix) where I feel like I 'see' the code now. It is all a bit hard to explain right now (given my sinus infection) but let me just categorically state that this course, the book and certification I believe to be strongly worthwhile. So go pick up a copy of 'Enterprise Security Architecture' by David Lynas, John Sherwood and Andy Clark. You will not be disappointed.
Anyway, I will update more soon but as this is my first conference presenting and when guys like Brett Moore, Billy Rios and Silvio Cesare are presenting, its an honor to be on the same list of speakers. I'm just grateful for the opportunity to speak. I sincerely hope that even if people disagreed with my views that some of the points made can be taken and leveraged in some way to gain better traction on client side penetration tests.
I hope you all had a terrific weekend and enjoy whats left of the conference.
PS: My apologies to Daniel Grzelak. If you read this mate, I know I promised to be there (as you are speaking as I write this) but I am really not well. Sorry to let you down, but I know you'll kick ass.