Categories
Conferences Security Tampa Bay What I’m Up To

CyberX Tampa: Tonight at TheIncLab in Ybor City!

Tap to view at full size.

The topic: Cybersecurity.

The event: CyberX Tampa, an evening conference with some pretty interesting speakers and topics, and a chance to catch up with some local techies and security nerds.

The place: TheIncLab in Ybor City, in the place where The Undercroft — the guild where I took a pretty intense cybersecurity course during the pandemic — used to be.

The cost: Free as in beer. $0. Just register on their Eventbrite page.

The agenda:

TimeEvent
5:30 p.m. – 6:00 p.m.Networking
6:00 p.m. – 6:15 p.m.Special honoree: Courtney H. Jackson, founder and CEO of Paragon Cyber Solutions and Global 2022 Cybersecurity Woman Entrepreneur of the Year
6:15 p.m. – 6:45 p.m.Breakout sessions

DE&I in Cyber Panel with:
• Moderator: Suzanne Ricci | Chief Success Officer @ Computer Coach
• Courtney H. Jackson | Founder & CEO @ Paragon Cyber Solutions
• Samantha Ramos | Information Security Risk Manager @ Nextech Systems
• Hugh Percy | Mgr, Cyber Security Threat Analysis & Operations @ Moffitt

Blackhat Tactics You Should Know
• Charlton Trezevant | Senior Application Security Consultant @ GuidePoint Security
• Robert Lubin | Security Operations Center Director@ Abacode
6:45 p.m. to 7:00 p.m.Networking
7:00 p.m. – 7:45 p.m.Panel Discussion: State of Cybersecurity in Florida
• 
Moderator: Larry Whiteside | CISO @ RegScale
• Jason Allen | CTO @ Digital Hands
• Kari Schori | CIO @ Office of the Public Defender 6th Judicial Circuit
• Rolando Torres | Co-Founder & COO @ Abacode
7:45 p.m.Thank you’s and good night

What you’ll get out of it: Well, that depends on what you put into it. But trust me, there are opportunities and a lot of potential there, and I can tell you that half of winning is just showing up.

I’ll see you there!

Categories
Meetups Security Tampa Bay

I’ll be at CyberX Tampa 2022 next Tuesday, October 25!

CyberX Tampa 2022 takes place next Tuesday, October 25, from 5:30 p.m. to 8:00 p.m. at TheIncLab in Ybor City, and I’ll be there! It’ll be an evening of all things cybersecurity-related with some of Tampa Bay’s largest companies, CISOs, and tech leaders!

TheIncLab’s building in Ybor City (1320 E 9th Ave.)

Here’s the agenda:

TimeEvent
5:30 p.m. – 6:00 p.m.Networking
6:00 p.m. – 6:15 p.m.Special honoree: Courtney H. Jackson, founder and CEO of Paragon Cyber Solutions and Global 2022 Cybersecurity Woman Entrepreneur of the Year
6:15 p.m. – 6:45 p.m.Breakout sessions

DE&I in Cyber Panel with:
• Moderator: Suzanne Ricci | Chief Success Officer @ Computer Coach
• Courtney H. Jackson | Founder & CEO @ Paragon Cyber Solutions
• Samantha Ramos | Information Security Risk Manager @ Nextech Systems
• Hugh Percy | Mgr, Cyber Security Threat Analysis & Operations @ Moffitt

Blackhat Tactics You Should Know
• Charlton Trezevant | Senior Application Security Consultant @ GuidePoint Security
• Robert Lubin | Security Operations Center Director@ Abacode
6:45 p.m. to 7:00 p.m.Networking
7:00 p.m. – 7:45 p.m.Panel Discussion: State of Cybersecurity in Florida
• 
Moderator: Larry Whiteside | CISO @ RegScale
• Jason Allen | CTO @ Digital Hands
• Kari Schori | CIO @ Office of the Public Defender 6th Judicial Circuit
• Rolando Torres | Co-Founder & COO @ Abacode
7:45 p.m.Thank you’s and good night

This event is FREE to attend — simply register on the event site!

Categories
Meetups Security Tampa Bay What I’m Up To

I’m presenting “The Secret History of Login” at InfraGard Tampa Bay next Tuesday!

Are you free next Tuesday, October 18th from 9:00 a.m. to noon, for an event you can attend either in person or online? If so, perhaps you might want to catch my talk at the upcoming InfraGard Tampa Bay Members Alliance meeting. It’s titled The Secret History of Login!

Here’s the description:

If you’re reading this, the chances are very good that you’ve logged into a system or resumed a session where you logged in earlier. It’s a common enough occurrence that most of us don’t think about it unless we’re in a hurry or if we can’t remember our username/password combination.

Logging in is new enough that there are still many people alive who knew the world before usernames and passwords, yet old enough that it’s developed some problems that will take time and effort to solve. This talk will tell the strange story of how login grew from a last-minute hack to become part of our daily experience. Along the way, you’ll get an overview of some of the ways it’s been implemented, the popular software movement it inspired, how it inspired both a software movement and a whole new category of crime, and some best guesses about its future.

What is InfraGard Tampa Bay Members Alliance?

First of all, they’re affiliated with the FBI! As their About page states:

Our mission is to mitigate criminal and terrorist threats, risks and losses for the purpose of protecting our region’s critical infrastructure and the American people. Founded in 2004, the Tampa Bay chapter has established itself as a leader nationwide, setting the highest standards for programs, training and education. For the last decade, we have proudly contributed to the safety and security of Tampa Bay via an all-threats, all-hazards approach. At the national level, the InfraGard National Members Alliance was founded in 1996 and now comprises over 80 regional chapters, each linked to an FBI Field Office.

InfraGard’s success can be attributed to the unprecedented communication, collaboration and coordination it has forged at the epicenter of America’s most critical resources. Our membership is comprised of individuals that represent private businesses; local, state and federal law enforcement agencies; academic institutions; first responders and more.

All members are vetted by the FBI and pass comprehensive background checks prior to being accepted to InfraGard. The trust inherent in those who have successfully passed these checks is unmatched in any other public-private partnership in the country, making InfraGard a unique and highly successful solution to engaging the private sector in the protection of our nation’s critical infrastructure.

What’s happening at this meeting?

There’s a lot going on at this meeting — in fact, I’m not the only speaker at this one! Here’s the agenda:

TimeItem
9:00 a.m.Welcome and speaker/topic introductions by Ebony Vaz
9:05 a.m.Opening remarks by Michael Ritchie, President
9:15 a.m.Speaker 1: Kate Whitaker, Director of Cyber Outreach, Cyber Florida
10:00 a.m.Break
10:15 a.m.Speaker 2: Joey deVilla, Senior Developer Advocate, Okta — The Secret History of Login
11:00 a.m.Break
11:15 a.m.Speaker 3: Billy Sasser, Supervisory Protective Security Advisor (SPSA) CISA Region 4 — CISA’s Physical and Cyber Security Resources
12:00 p.m.Closing remarks by Michael Ritchie, President

You can attend in person or online!

They’re streaming this event, so you have the option of attending online if you can’t make it to the in-person event. Here are the registration details:

Categories
Current Events Security Tampa Bay

I’m going to the Tampa Bay’s Cybersecurity Awareness Month happy hour tonight!

October is Cybersecurity Awareness Month, and we’re celebrating both the month and Tampa Bay’s cybersecurity professionals at Shuffle in Tampa Heights tonight from 5 to 7 p.m.!

Graohic: Computer Coach Training Center logo

The folks at Computer Coach Training Center (for whom I just finished teaching a Python course) helped put this event together, and it’s your chance to meet people from Cyber Florida as well as other local people in cybersecurity (hint: I work for the Auth0 arm of Okta, which just so happens to be in that industry).

Want to join in? Register on the event’s Meetup page, and I’ll see you there!

Categories
Programming Security What I’m Up To

Learn how to add Auth0 authentication to Android and iOS apps built with React Native!

Do you write apps in React Native? Do you want to add authentication — that is, login and logout — to those apps? If so, these articles are for you!

If you’re writing an Android app in React Native and you need users to log in and log out, don’t roll your own authentication! Use Auth0 instead. You’ll get full-featured authentication and have more time to concentrate on your app’s full functionality.

The article Get Started with Auth0 Authentication in React Native Android Apps gives you a tutorial where you make an Android app that lets users log in with an app-specific username/password combination or a Google account.

There’s also an iOS-specific version of this article: Get Started with Auth0 Authentication in React Native iOS Apps. Just like the Android version, this article walks you through the process of making an iOS app that lets users log in with an app-specific username/password combination or a Google account.

Both articles appear in the Auth0 Developer Blog and were written by guest author Wern Ancheta, with technical editing and additional content by Yours Truly!

Categories
Security Video

Get to know Bellingcat and open source intelligence (OSINT)

The Bellingcat logo.

As the Russian invasion of Ukraine continues, you’re increasingly likely to hear the name “Bellingcat”. It’s the name of an independent group of researchers, investigators, and citizen journalists who practice open source intelligence (OSINT). Here’s a quick primer about Bellingcat and open source intelligence, plus a whole lot of videos about Bellingcat’s work and their reporting on aggression by Russia’s government and armed forces.

Bellingcat’s origins

Illustration: The mice planning to bell the cat.

Bellingcat get their name from Aesop’s fable, Belling the Cat. In the fable, the youngest of a group of mice who were terrorized by a cat suggests that they put a bell on the cat, which would act as an early warning system. While the suggestion was warmly received, one of the elder mice brought up a serious challenge to the plan: “Who will bell the cat?”

Eliot Higgins founded Bellingcat in 2012 after being laid off from an administrative job. He started doing independent research on the civil war in Syria by collecting and analyzing publicly available photos and footage, and cross-referencing them with reports. Since then, he’s grown the organization, who’ve gone on to apply their open source intelligence skills to stories including:

Open source intelligence

Open source intelligence, often referred to as OSINT, is a term meaning any information that can be gathered from freely-available, publicly-available sources. It’s most often used to referred to information gathered online — the kind that anyone with an internet connection would be able to access. This information could be available free of charge, or it could be acquired for a fee (e.g. a subscription to a news organization, data source, or API).

It also applies to non-online/non-digital information from books, newspapers, magazines, academic journals and papers, FOIA requests and their equivalents, and so on.

It could be in text form, but it also applies to video, photographs, sound recordings, data files, and databases.

Giancarlo Fiorella, a senior Bellingcat investigator based in Toronto, makes it clear that OSINT is not “hacking” (as in accessing computer systems or information illegally), stealing, or spying. It’s about gathering data and doing the research.

Bellingcat contribute to the Russia-Ukraine monitor map

Click the image to visit the map page.

You may have read about the Russia-Ukraine Monitor Map on my personal blog, but if you haven’t, it’s a a public resource for mapping, documenting, and verifying significant incidents that happen in the Russian invasion of Ukraine. Bellingcat are a primary contributor of information to this resource.

Videos about Bellingcat

Here’s a collection of YouTube videos on Bellingcat for those of you who’d like to know more about them or about OSINT.

Insights from Bellingcat on Russia’s Ukraine Ambitions (March 2, 2022 – Reuters Institute)

This is a Zoom interview with Christo Grozev, Bellingcat’s lead Russia investigator.

Researchers create open-source map tracking incidents in Ukraine (February 28, 2022 – CBC)

Fact-checkers on the front line of Russian propaganda machine (February 25, 2022 – CBC)

Inept Info-Wars: Bellingcat’s Eliot Higgins on Putin’s Problems with Reality (February 24, 2022 – Foreign Press Association USA)

Open-source Intelligence (OSINT) by Giancarlo Fiorella, Investigator and Trainer at Bellingcat (December 2021 – Asian College of Journalism)

This features a presentation by senior Bellingcat investigator Giancarlo Fiorella about Bellingcat, open source investigations and how they’re conducted. He goes into detail about investigating the Mahbere Dego massacres and the ethical issues and challenges in open source research.

We Are Bellingcat: An Intelligence Agency for the People (May 2021 – Talks at Google)

Ethical Matters: Bellingcat – The Citizen Intelligence Agency (April 2021 – Conway Hall)

Putin’s Assassins Exposed: An Evening w/ Bellingcat Founder Eliot Higgins (March 2021 – Renew Democracy Initiative)

I Exposed a Russian Assassination Squad (March 2021 – Vice’s “Super Users” series)

Discussion with Bellingcat Founder Eliot Higgins (March 2021 – Center for the Study of the Presidency and Congress)

How Bellingcat tracked a missile system in Ukraine (February 2020 – 60 Minutes Overtime)

Bellingcat: Truth in a Post-Truth World (2018 documentary film)

Categories
Humor Security

DAMMIT DAVE