Categories
Conferences Security Tampa Bay What I’m Up To

Scenes from BSides St. Pete 2023

I attended BSides St. Pete last Saturday, the second anniversary of this event, and it was nice to see that attendance had more than doubled. It’s nice to see the that the Tampa Bay cybersecurity community is active on both sides of “The Other Bay Area!”

BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content. In 2009, when the Black Hat conference in Las Vegas received way more presentation submissions than they could take on, the rejected presenters (who still had very could presentations; there just wasn’t enough capacity for them) banded together and made their own “b-side” conference that ran in parallel with Black Hat. From that event came BSides.

Since then, BSides conferences have been held over the world. As of September 2023, nearly 900 have been held, including BSides Tampa X — the 10th BSides Tampa conference — which took place in April. BSides St. Pete 2023 took place at St. Petersburg College’s Seminole Campus and had over 300 attendees.

Opening keynote: Between Two Palms: A Session on Burnout

The day started at 9 with the opening keynote, which took place not only on the main stage, but between two palm plants, as promised in its title:

The keynote was a frank discussion moderated by John “Cochise” Buzin (one of my instructors at the UC Baseline cybersecurity course I took in the summer of 2020) and featured Chris Machowski (also one of the people behind the UC Baseline course) and Elvira Reyes.

While they stated quite clearly that they aren’t psychology professionals, they are very active in the cybersecurity field, and each of them knows something about burnout from personal experience.

Over their talk, they talked about what they identified as the five stages of burnout, starting with stage one, the honeymoon phase:

This stage is marked by the following:

  • Job satisfaction
  • Accepting responsibility
  • Sustained energy levels
  • Unbridled optimism
  • Commitment to the job
  • Compulsion to prove oneself
  • Free-flowing creativity
  • High productivity levels

Stage two is the onset of stress:

In this stage, you’ll experience:

  • CV symptoms
  • Inability to focus
  • Irritability
  • Reduced sleep quality
  • Lack of social interaction
  • Lower productivity
  • Anxiety
  • Avoidance of decision-making
  • Change in appetite
  • Headache
  • Neglect of personal needs
  • Fatigue

Then comes stage three — chronic stress:

Symptoms of this stage include:

  • Persistent tiredness
  • Procrastination
  • Resentfulness
  • Social withdrawal
  • Aggressive behavior
  • Apathy
  • Chronic exhaustion
  • Cynical attitude
  • Decreased sexual desire
  • Denial of problems
  • Feeling threatened
  • Feeling pressured
  • Alcohol/drug consumption

Next, stage 4, burnout:

Here’s what you’ll experience in this stage:

  • Obsession with problems
  • Pessimistic outlook
  • Physical symptoms
  • Self-doubt
  • Social isolation
  • Chronic headaches
  • Chronic GI problems
  • Neglect of personal needs
  • Escapist activities
  • Behavioral changes

And finally, stage 5 — habitual burnout:

And with this comes:

  • Chronic sadness
  • Chronic mental fatugue
  • Chronic physical fatigue
  • Depression

After this rather gloomy description of burnout’s stages came the things you can do to counter burnout:

They generally boil down to “take better care of yourself,” which is in agreement with what the Mayo Clinic says.

I thought their use of the iconography from the Fallout games for the topic of burnout was pretty clever.

Anonymous trooper

I passed by this fella on the way to the next session:

How to build a cybersecurity journey

I caught a bit of Ivan Marchany’s session, How to Build a Cybersecurity Journey, one of the presentations that covered how one gets into the business of cybersecurity.

Among other things, he covered building your own cybersecurity lab…

…and reminded the audience that as far as prospective employers and clients are concerned, you are your projects:

And equally important is the fact that if you don’t have some kind of online presence in this day and age, you effectively don’t exist to employers and clients:

This was a popular topic, and Ivan was playing to a standing-room-only audience:

Cyber risk management

I also caught the tail end of Dan Holland’s presentation, Complexity is the Enemy: How to start doing Cyber Risk Management. I’m pretty sure I arrived at one of the most important slides, the “risk as a product of probability and impact” slide:

I plan to share this slide on the Okta Slack’s “random” channel:

And here are the takeaways from Dan’s presentation:

A Urinal Story: Human Behavior & Security

Somehow, I managed to miss the “urinal story” part of Daniel Lopez’ and Ashwini Machlanski’s presentation on helping firm up the human element in cybersecurity. They covered key parts of managing people through the use of behavioral science and little tricks like “nudges” to get people to be more security-compliant.

This slide summarizes their key takeaways quite well:

Ashwini and Daniel handed out my favorite stickers from the conference:

My one tragic mistake

In wandering the halls and checking out what was happening in other rooms, I failed to catch Stacey Oneal’s Getting into Cybersecurity presentation, which was on my list. I owe her one — I promise I’ll catch you at your next presentation, Stacey!

Lunch

Lunch was provided by two local food trucks:

Super Grouper hadn’t opened by the time I got to the trucks, so I got an Elvis Burger from 1 Up. It’s been a while since I last had a peanut butter-and-bacon burger, and I enjoyed mine. I know it sounds weird, but it’s worth trying!

Lunch keynote: Becoming a Proactive Defender

While having lunch, I caught most of Christopher Peacock’s presentation, Becoming a Proactive Defender:

I’m going to steal his line, “The best teacher is the adversary; the adversary always gets a vote.”

IAM Security and So Can You: An Intro to Identity Access Management and How to Beat It to a Pulp

I’ve been told that there was a presenter at BSides Tampa that was a bit of dick and overdid it with his bad-mouthing Okta while I wasn’t in the room, so while this talk featured a different presenter, you’d better bet your ass that I was going to be at this one.

But Jarred “Raydar” Pemberton was a lot more reasonable than the other guy. He got an intro from Cochise, who not only mentored him, but convinced him that he should give this presentation. That was a good call; in matters of cybersecurity, if Cochise suggests you do something, it’s generally a good idea to do it.

“Does SSO scare red teamers?” Jarrad asked. “Yes,” he plied to his own question, saying that it’s the kind of thing he shied away from.

Jarrad told us about what he does for a living. It’s always fascinating to see how people who use the stuff we make work with it:

Take note of that last point: in addition to the HR staff or outside HR consultants like “The Bobs,” another person that might be at your termination meeting is someone whose job is to close your work accounts.

If you’re ever unfortunate enough to be a guest at a layoff meeting, you may encounter “The Bobs” (a term from the film Office Space). Find out more about them here.

I’m actually on the Auth0 side of Okta, which provides a service for customer logins, versus the Okta side of Okta, which handles SSO (single sign-on) for the workforce. My experience with the Okta service is mostly as a user: I use it to log into systems at work:

Yup, that’s an Okta slide! Jarrad’s take on Okta:

  • “One that I work a lot with and do like quite a bit”
  • “Super easy to use”
  • “Simple to get brought up to speed”
  • “It’s what I would recommend to an org if they can afford it”

(Note to self: Send Jarrad some swag.)

SSO, in addition to letting a workforce since into various work systems with a single set of credentials, has other uses, including certain HR-related tasks:

  • Monitoring access and, by virtue of knowing who’s logging into what, see who’s really coming into the office and who’s merely pretending to do so
  • Easily hitting the “off” button for an employee when necessary

Jarrad then went into the different types of SSO, starting with cookie sharing. It’s typically used with internally-developed applications, such as home-grown HR and payroll applications at less mature organizations that haven’t graduated to SaaS application, and if those applications have a common parent domain (that is, if they live on an URL of the form *.your-domain-here.your-tld-here. He recommends against it, as it’s pretty much broken.

He then talked about SAML — Security Assertion Markup Language — an open-standard, XML-based framework for authentication and authorization between two entities without a password.

Want to know more about OAuth? Check out my teammate Matt Raible’s article, What the Heck is OAuth?

Most of his talk was focused on the standard that also happens to be my livelihood: OAuth or Open Authorization, the open standard for access delegation, which is often used to grant websites or applications access to user information without giving them their login credentials.

He also quickly mentioned Kerberos, which is for authenticating requests among trusted hosts on an untrusted network:

Here’s some good advice from all you pentesters. Be sure to follow them, especially that last one:

It’s not the early 2000s anymore; stop using shared cookies as SSO! All an attacker has to do is acquire a cookie, and they become a legitimate person in the organization, free to wreak havoc.

There’s a particular vulnerability that is an attacker’s dream, where the *.site.tld domain is deleted, but its C record in the DNS isn’t. An attacker could register that subdomain and gather cookies, and eventually, lots of organization data:

When it comes to OAuth, you’re looking for implementation vulnerabilities, in either the client application, or the OAuth service.

In the OAuth flow, only the IdP (identity provider) holds the user credentials, which are contained in the ID token. As an attacker, you want to somehow steal the ID token, which you can then use the request the access token, which is the key to the resources you want to get your paws on.

Because of its delegated nature, OAuth relies on open redirects. A poorly-built or -configured OAuth service that fails to use a list of allowed redirect URIs could be exploited, but that’s the sort of thing that Auth0 doesn’t allow.

As far as CSRF (cross-site request forgery) attacks are concerned, they can be mitigated with OAuth 2.0’s state parameter. For each authentication request, set it to a hard-to-guess value, and see if the response is the same as the one you sent with the request.

And of course, there’s always checking for bad implementations of the standard:

Here’s another meme I’m going to share on the Okta Slack:

And finally, there’s SAML. As the mobile specialist for Auth0, I never touch the stuff:

But if you’re doing pentesting on a SAML-based setup, you’ll want to use SAML Raider, which add SAML-specific functions to Burp Suite:

Last presentations of the day

I caught a bit of Dan Fernandez’ presentation, The Boring Parts of AI: Risks and Governance of Large Language Models — you can find the slides here

…and a sliver of Cochise’s How to Wage War and Bypass Congress: a Primer on Gray Zone Warfare preso, because it’s always fun to see him go off on a rant.

Thank you, BSides St. Pete!

To Wilson Bautista and the BSides St. Pete team, my thanks for a great event for the cybersecurity community to share knowledge and gather together!

(And happy birthday, Wilson!)

Categories
Conferences What I’m Up To

I’ll be at the Oktane conference in San Francisco (Oct 3 – 5)!

Moscone Center, San Francisco.
Moscone Center, San Francisco.
Photo by Miguel Gonzalez.
Yup, I work at Okta, where I hold the title of Senior Developer Advocate.

If you’re thinking “Hey! I thought you worked at Auth0!”, that’s because Okta acquired Auth0 in May 2021. I work in the part of Okta that makes the Auth0 product.

My third anniversary at this job is coming soon — October 19th. For those interested in the story of how I landed this gig, see my article from October 2020: How I landed my job at Auth0.

I’ll be in San Francisco’s Moscone Center West at Oktane, which runs from Tuesday, October 3 through Thursday, October 5, and I’ll help run a developer booth on Developer Day, which happens on the Thursday. It’ll be in San Francisco at Moscone Center (Moscone West, to be precise). If you’re planning on attending, let me know — I’d love to catch up!

What is Oktane?

Oktane is Okta’s big annual conference, where the subject matter is all things related to digital identity.

If you’re a reader of this blog, there’s a good chance that you use at least one of Okta’s two major systems:

  • The workforce identity solution, which most people refer to as just “Okta,” to log into the various systems you use for work.
  • The customer identity solution, which goes under the brand name “Auth0 by Okta” (or “Auth0” for short), to log into applications as a customer user.

I’ll be there to help demonstrate multifactor authentication with a YubiKey, which you can keep if you try out the process…

A Yubikey.

…and I’ll also be helping out with the demo where you can try out the Auth0 CLI, which lets you do just about everything you can do on the Auth0 administrative dashboard, but on the command line:

Terminal window displaying the command “auth0 test login”.

And of course, I’ll have you-know-what with me…

Joey deVilla playing his blue accordion with an “Auth0” sticker on it.

Can you attend Oktane?

The Developer Hub at Oktane.

Yes, you can, and there are a couple of ways to attend…

If you’re a developer, you’ll probably get the most bang for your buck with the Developer Pass, which sells for a mere US$199. The Developer Pass gives you access to:

  • Keynote and luminary speakers presentations
  • Expo hall
  • The Developer Day event (see below)
  • Oktane online sessions

If you want the full in-person experience, you’ll want the Full Conference Pass, which sells for US$699 and gives you access to:

  • Keynote and luminary speakers presentations
  • Expo hall
  • In-person breakout sessions
  • Hands-on workshops
  • The Wednesday night party
  • The Developer Day event (see below)
  • Oktane online sessions

And finally, there’s the FREE option — the Oktane Online Pass, which gives you online access to:

  • Keynote and luminary speakers presentations
  • Oktane online sessions

To get any of these passes, visit the registration page.

Categories
Conferences Programming Tampa Bay What I’m Up To

DevOpsDays Tampa Bay 2023: Thursday, September 21!

DevOpsDays Tampa Bay logo laid over an aerial photo of a beach.

DevOpsDays Tampa Bay, our local edition of the DevOpsDays conferences, takes place next Thursday, September 21st, at Armature Works! Tickets are $150, and there are deals for students. Register before it’s too late!

DevOpsDays is the name given to a series of community-run technical conferences covering topics where software development (the “dev” part) and IT infrastructure operations (the “ops” part) intersect. A DevOpsDays conference isn’t a commercial affair; instead, it’s a labor of love made possible by volunteers from the community, for the benefit of the community. This makes for a friendly “community” feel, which I love in a conference.

Nora Jones keynote!

Nora Jones giving a presentation onstage. Behind her is a wall-size projection of one of her slides illustrating a unit test.

Nora’s name is often mentioned in the same breath as the phrase “chaos engineering,” which is “the process of testing a distributed computing system to ensure that it can withstand unexpected disruptions.” Or, to put it more succinctly, “f*** around and find out.”

She started doing chaos engineering as a team lead and senior developer at Jet.com (it’s since been acquired by Walmart), continued doing it at Netflix, and at Slack, she held the title of Head of Chaos Engineering and Human Factors. She’s also the co-author of the O’Reilly book Chaos Engineering: System Resiliency in Practice. These days, she’s at Jeli, where she’s the founder and CEO.

DevOpsDays Tampa Bay will start with her keynote, How do we talk to each other?, which will run from 9:00 – 10:00 a.m.

Here’s the abstract:

How surfacing communication patterns in organizations can help you understand and improve your resilience.

As a system increases in inevitable complexity, it becomes impossible for a single operator to have a clear, unambiguous understanding of what’s happening in the system. Understanding the system requires a joint effort between teammates and technology. Often, we are too focused on the single-operator experience to improve this. In this talk, we will uncover how communication patterns in organizations can reveal how systems actually work in practice, vs how we think they work in theory — and use this knowledge to improve the resilience of our systems.

Talks

Here are the conference talks, which will run from shortly after 10:00 a.m. to 2:45 p.m.

  • Realigning DevOps: Customers and Learning First, with Kishore Jalleda
  • The Startup DevOps Playbook – Making It A Success From Day One, with Aman Sharma
  • Building Resilience: A Journey of Crafting and Validating Our Disaster Recovery Plan, with Yedidya Schwartz
  • The Power of DevOps in the Real World, with Randy Pagels
  • Simplifying Cloud Native Chaos Engineering: A Deep Dive into Chaos Mesh, with Soumyadip Chowdhury
  • Best Practices for Securing CI/CD Pipelines, with Lizz Parody
  • The OpenTelemetry Hero’s Journey: Working with Open Source Observability, with Josh Lee

Open Spaces

DevOpsDays Tampa Bay is just one of the events in the Tampa Bay tech scene’s September to Remember!

From 2:45 to 4:30 p.m., there will be Open Spaces, which are unscripted and spontaneous breakout sessions on any DevOps topic. Who determines what the topics are? You do!

DevOpsDays Tampa Bay’s Open Spaces will follow the Open SPace principles, which are simple yet powerful guidelines:

  • Whoever comes are the right people.
  • Whatever happens is the only thing that could have.
  • Whenever it starts is the right time.
  • Whenever it’s over, it’s over.
  • Wherever it happens is the right place.

Armature Works!

And finally, there’s the venue itself: Armature Works, Tampa’s food hall, and my favorite local conference venue. It’s a great space to hold an event, and the food and drink there make conferences so much better. I know I’m going to get a Buddy Brew Coffee and a Bake’N Babes cookie while I’m there.

How do you find out more / get a ticket?

Head over to the DevOpsDays Tampa Bay site to find out more, and to get a ticket, visit their “purchase a ticket” page.

Categories
Conferences Security Tampa Bay What I’m Up To

BSides St. Pete IT Security Conference: Saturday, September 16!

This year’s edition of BSides St. Pete — the second BSides event to be held therehappens this Saturday, September 16 at St. Pete College, Seminole Campus, and you can still buy one of the 98 remaining (at the time of writing) “no swag” tickets if you register now! They’re a mere $20.

Want a “feel” for what a BSides event is like? Check out my writeup of BSides Tampa from April!

BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content. In 2009, when the Black Hat conference in Las Vegas received way more presentation submissions than they could take on, the rejected presenters (who still had very could presentations; there just wasn’t enough capacity for them) banded together and made their own “b-side” conference that ran in parallel with Black Hat. From that event came BSides.

BSides conferences are community events, and unlike a lot of tech conferences, they’re inexpensive. As I wrote earlier, the remaining “no swag” tickets — which unfortunately don’t come with swag but still get you in the door — sell for a mere $20.

BSides Tampa took place back in April, and it was a great event — you can check out my writeup to get a feel for it.

BSides St. Pete is just one of the events in the Tampa Bay tech scene’s September to Remember!

I’ve already got my ticket for BSides St. Pete, and if you’re interested in diving deeper into security, you should too!

Register for BSides St. Pete 2023 here!

Categories
Conferences Security The Street Finds Its Own Uses For Things

A handy hack for not getting your drinks “spiked” at Def Con

The 2023 Def Con is well under way! You might want to use this trick to make it harder to spike your drinks. This isn’t to say that everyone at Def Con is trying to surreptitiously drug other people’s drinks, but there is a certain transgressive element there, and as any security expert will tell you: you can never really be too careful.

Categories
Conferences Tampa Bay

Make the most of the “Hallway Track” at poweredUp Tampa Bay!

Joey deVilla and Anitra Pavka “work the room” at a Tampa Bay tech event.
Me and Anitra, working the room at a Tampa Bay tech event from a little while back.

The Hallway Track

It’s been my experience that some of the most important things I’ve learned and all the connections I’ve made at conferences didn’t happen at the presentations. Instead, they happened during informal and spontaneous conversations that started between presentations — typically in the hallways between the lecture rooms.

This observation is so common that it’s given rise to “unconferences” like BarCamp, whose purpose is to invert the order of things so that the conference is more “hallway” than “lecture theatre”.

Banner: poweredUP Tampa Bay Tech Festival - May 17th, 11 a.m. - 6 p.m., Mahaffey Theater, St. Petersburg, FL.

I’m not the only person to refer to this phenomenon as the Hallway Track, and it’s a great opportunity to chat with speakers, organizers, and other attendees.

At a locally-focused conference like poweredUP Tampa Bay, the Hallway Track is your best opportunity to make connections with other techies and tech-adjacent peers who live and work here in “The Other Bay Area!”

You never know where it will lead. I’ve made connectionss and friends at poweredUP, and during the 2017 edition of the conference, a conversation I had there led to my landing a job.

In this post, I’ll show you my tricks for making the most of the Hallway Track at poweredUP Tampa Bay.

Have a “personal elevator pitch.”

A personal elevator pitch is simply a single-sentence way of introducing yourself to people you meet at a conference. You will be introducing yourself over and over again, and it’s much better to have an introduction ready that to have to make it up on the spot each time.

My personal elevator pitch these days is something along the lines of “I’m a rock and roll accordion player, but in my main side gig, I’m the guy at Okta who shows mobile developers how to secure their apps, and in my side side gig, I put together the Tampa Bay tech events list and run a couple of coder meetups in town.”

The personal elevator pitch is an idea from Susan RoAne, an expert at navigating the Hallway Track and author of How to Work a Room: The Ultimate Guide to Making Lasting Connections In-Person and Online teaches, and it works. It’s pretty simple:

  • Keep it short — no longer than 10 seconds, and shorter if possible. It’s not your life story, but a pleasantry that also gives people just a little bit about who you are.
  • Make it fit. It should give people a hint of the cool stuff that you do (or, if you’re slogging it out in the hopes of doing cool stuff someday, the cool stuff that you intend to do.)
  • Show your benefits. Rather than simply give them your job title, tell them about a benefit that your work provides in a way that invites people to find out more. Susan RoAne likes to tell a story about someone she met whose one-liner was “I help rich people sleep at night”. That’s more interesting than “I’m a financial analyst”.

My suggestion: Come up with your own personal elevator pitch while on your way to poweredUP!

How to join a conversation

You’ll probably see a group of people already engaged in a conversation. If this is your nightmare…

Click the screenshot to read the Onion article.

…here’s how you handle it:

  1. Pick a lively group of people you’d like to join in conversation. As people who are already in a conversation, they’ve already done some of the work for you. They’re lively, which makes it more likely that they’re open to people joining in. They’ve also picked a topic, which saves you the effort of having to come up with one. It also lets you decide whether or not it interests you. If they’re lively and their topic of conversation interests you, proceed to step 2. If not, go find another group!
  2. Stand on the periphery and look interested. Just do it. This is a conference, and one of the attendees’ goals is to meet people. Smile. Pipe in if you have something to contribute; people here are pretty cool about that.
  3. When acknowledged, step into the group. You’re in like Flynn! Step in confidently and introduce yourself. If you’ve got that one-line summary of who you are that I talked about earlier, now’s the time to use it.
  4. Don’t force a change of subject. You’ve just joined the convo, and you’re not campaigning. Contribute, and let the subject changes come naturally.

Feel free to join me at any conversational circle I’m in! I always keep an eye on the periphery for people who want to join in, and I’ll invite them.

Show and tell

Me and Ryan Miller Galamb at PyCon US 2023 last month.
The odds of two people bringing an accordion to a conference are pretty low.

Nothing attracts our eyes like something shiny, whether it’s an interesting piece of tech, a new book, a new t-shirt you’re fond of, or even some local knowledge, such a new restaurant, cafe, or bar that just opened. It’s why I carry my accordion around; I think of it as a device that converts curiosity into opportunity (and music as well). Got an interesting thing or idea? Got a neat project that you’ve been working on? Whatever it is, park yourself someplace comfortable in the hallway, show it off and start a conversation!

Follow the Pac-Man rule

https://twitter.com/naomi_pen/status/993523739106066432

If you’re forming a conversation group, try to keep it Pac-Man shaped — that is, a circle, but with a bit of an inviting opening so that other people can join in.

Invite people to join you for lunch

There will be food trucks outside the venue between 11:00 a.m. and 2:00 p.m.. If you see someone eating lunch alone, invite them to join you!

“Touch grass,” as the kids say these days

Creative Commons Photo by Taylor Bennett Jordan.
Tap to see the source.

Don’t forget that:

  • The Mahaffey Theater is in a beautiful location: downtown St. Pete, right by the water and the Dalí Museum,
  • You don’t have to sit through every session,
  • Nothing stimulates a good conversation that going outside for a walk

If you’ve got a conversation going, or want to start one, suggest that everyone step outside, or as the kids these days say: “touch grass.”

Listen.

Yes, you’re there to talk, but so is everyone else. Make sure you listen to other people in the circle as they speak, and ask questions, too! One of the reasons you go to poweredUP is to get exposed to new ideas, and learning goes beyond the talks. Try to learn three new things at every event.

Put your stuff down

Carrying your bag or other stuff is a non-verbal cue that you’re about to leave. If you’re going to stay and chat, put your stuff down. When you’re about to leave, pick up your stuff and start saying your goodbyes.

Play “Conversation Bingo”

Created by Molly “Web3 is Going Just Great” White.
Tap to see the source.

If there are certain topics that you’d like to learn about or people you’d like to have a conversation with, put them in a list (mental, electronic, or paper) of “bingo” words. As you converse at the conference, cross off any of those topics that you cover off the list. This trick forces you to become a more active listener and will help you towards your learning goals. Yelling “BINGO!” when you’ve crossed the last item on the list can be done at your discretion.

Regular readers of this blog probably where I stand on the topic of Web3, hence the bingo card above.

Look for the Okta people and the accordion!

We’d be happy to chat with you, and I assure you, we’ll be easy to find. Come say hi!

Who wants to hit Beach Drive or The Pier afterward?

The Mahaffey is pretty close to a lot of good places to go for dinner and drinks afterward. That’s a good opportunity to keep the Hallway Track going!

I’ll see you at poweredUP!

Categories
Conferences Tampa Bay

poweredUP is next Wednesday!

poweredUP, Tampa Bay’s annual tech festival organized by Tampa Bay Tech, takes place next Wednesday, May 17 at the Mahaffey Theater in St. Pete. It always features presentations and talks on top-of-mind topics for Tampa Bay’s tech leaders, and this year, the emphasis is on AI, cybersecurity, the metaverse, tech talent, and Web3.

I and some of my coworkers from Okta will be there — if you see us, come and say “hi!”.

Here’s the schedule of events:

TimeEvent
11:00 a.m.Doors Open
HTB “capture the flag” competition begins
11:00 a.m. – 2:00 p.m.Food trucks will be available during this time
12:00 p.m.Opening remarks
Tampa Bay Tech’s Meghan O’Keefe
12:10 p.m.Keynote: The metaverse mindset of Web3, AI, and the future of business
Sandy Carter, Unstoppable Domains
12:50 p.m.Industrial metaverse: Accelerating time-to-market with robotics simulation and extended reality
Serge Haziyec, Softserve
1:15 p.m.Transforming healthcare with AI: Opportunities and challenges
A panel moderated by Tom Stafford, CDW, and featuring:
• Dr. Alan Weiss, BayCare Health
• Stephanie Lahr, Artsight
• Scott Arnold, Tampa General Hospital
• Pete D’Addio, Moffitt Cancer Center
1:55 p.m.Immersive re-invention
A panel featuring:
• Jason Warnke and Stu Brown, Accenture
• Tim Moore, Vu Technologies
2:20 p.m.Technology & sports: A winning combination
A panel moderated by Julie Souza, AWS, and featuring:
• John Breedlove, Tampa Bay Buccaneers
• Scott Gutterman, PGA Tour
• Andrew McIntyre, Vinik Sports Group
3:00 p.m.The good, the bad, the AI: Exploring the risks and benefits of ChatGPT
Joseph Cortese, A-Lign
3:25 p.m.The hacker’s duel: Red team vs. blue team live demo
Jeremy Rasmussen and Micahel Mallen, Abacode
4:00 p.m.HTB “capture the flag” competition ends
4:00 p.m.Fireside chat: Building the next generation of innovators
Featuring:
• Melissa Fulmore-Hardwick, CSI Companies
• Robyn Mussler, Connect-IT 360
4:45 p.m.Happy hour and networking
6:00 p.m.Event ends, but I’m sure people will go for dinner and drinks on Beach

Tickets are $50, and you can purchase them on Eventbrite. I’ll see you there!