What’s going on?
Hi everybody, Luigi here.
First post and long time without any news, so what’s going on?
After many years since the founding of the company, we finally have our conference. The idea has ever been there in the “drawer” knocking every now and then but it required some time and the right moment before becoming mature enough.
After having spoken at various conferences (POC, PHDays, HITB, BH, NSC and S4) and learned the goods and bads from such experiences, I decided to spend the last 4 years attending many events on the opposite side as a participant… and taking notes.
Attending a conference, and I mean without being an invited guest with the derived benefits, it’s a completely different thing, even the smallest detail makes the difference moreover if you are there to spot what works and what can be done in a different way. Not necessarily better, just differently.
All the people who have worked on planning an event from scratch, even the smallest one, perfectly know how devastating is this process: budget, venue, catering, rooms, calendar, agenda, topics, call for papers, review, invites and so on.
Luckily this post is not about this stuff, let’s keep it for another post.
Who follows me on Twitter probably noticed my few rare tweets since 2014. That has been made on purpose and I know that my infosec followers don’t appreciate this decision, but maintaining a company means also obeying to restricting policies, even for me who have ever been used to full-disclosure and releasing stuff on daily basis.
On the other side that was good for the game modding community. In 2014 I had this personal desire of building a solid community focused on file formats reverse engineering, which is a very niche topic, and finally after having spent my free time and patience I recently reached my goal. As already said this is a niche, it was more like: “Ok, it’s not worth it, it’s going to take all my free time and resources, it will give me nothing in return… but someone should do it”.
In the meantime the company grew up but, honestly, I’m not an influencer and I’m not going to show off success stories or other similar things. I’m not even going to express opinions, so I’m sorry if I don’t comment or put “like” on news and posts. Keeping a low-profile is not done to look “cool”, it’s just a choice, both personal and company-related (“policies”).
It’s also due to such policies, and I’m personally sorry with all the media who contacted us in the last years, that we decided to use the conference for giving a public side back to the company and finally returning “social” without violating our internal rules.
So, what’s going on is that we are organizing an event fully financed by our company without external sponsors, even our company can’t be defined a “sponsor” since we do not use it for promoting products or services, or having a booth or doing any marketing.
We just have our own funds, ideas, and a starting point: Hong Kong. It’s a great place, moreover when typhoons are not rising any alarming signals, and probably a big challenge for an infosec meeting at its first edition.
There are many events every day worldwide, of any type and size, the field is saturated and it was necessary to take a different approach for “standing out from the crowd”, at least a bit.
Deciding to not relying on any external sources is already one of these approaches that gives us freedom on some aspects, the other challenges were focusing the event only on the asian region and only on two topics. That means it’s not a general infosec conference where it’s possible to present anything related to computer security, the 2-days event will have a set of presentations focused on the topic selected for each day.
Since the challenges weren’t enough, we opted for two unusual topics, not unusual for the West but here in Asia it’s a different situation and for sure they aren’t the current top trending topics like blockchain and 0-days exploits.
First topic: hacktivism and countermeasures.
With “hacktivism” it’s meant any cyber activity related to activism and motivated by ideals.
Ideals don’t necessarily mean something political, for example Japan suffered some cyber attacks due to their whale hunting policy.
Just few weeks ago the country said to be intended to withdraw from the International Whaling Commission (IWC).
In Hong Kong in 2014 the “ideals” were definitely political but with attacks from both the sides: http://hub.hku.hk/handle/10722/219236
That’s very different than the situation in the West where Anonymous and LulzSec have hit the news for weeks in 2011, and the various cases related to Wikileaks.
Second topic: open source intelligence, also know as OSINT.
Not exactly the top topic in the West although supported by various resources, probably one of the less known topics in Asia.
Different countries, different rules and resources.
It’s also an interesting topic for evaluating the diffusion and usage of social networks in the various asian countries, and their local alternatives.
The restrictions on just two topics offered interesting questions and ideas that we proposed inside our Call for Papers. It’s a long text for a CFP but it contains all the details and guidelines that I, as speaker, would like to see and I, as participant, would like to know before attending an event.
The goal is touching the topics on different countries, from different points of view and involving academics, security researchers, government authorities and journalists. Basically letting people to talk about their personal experiences and countries, ever supported by technical information and facts (statistics, numbers, details).
There are still two months for applying to the CFP, if somebody has any doubts feel free to contact me.
Press and the academics (both students and professors) have free access to the event, we are already involving the local Universities for letting them to attend the event as speakers and participants.
There are also other ideas that will be shared later.