BSides Atlanta
May 4 2019 - KSU Center, Kennesaw
Directions CPE Form

About Security BSides

Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

Schedule

One day, endless entertainment Download PDF

8:00

Registration and Badge Pickup

Sponsor lobby

8:45

Opening Remarks

Security Track (Room 400)

9:00

Keynote - Software-Defined Everything, and What That Means to Security

Dave Shackleford
Security Track (Room 400)
What do security teams need to know about software-defined infrastructure, and new capabilities we may gain from using them ourselves? What will be some of the critical skill sets for security professionals now and in the future as these technologies become ever-more pervasive? In this presentation, Dave will cover everything from virtualization to containers, software-defined networking to public cloud, with a breakdown of key areas to focus on for security teams and specific advice for different security roles and positions.

All Day


Starts at 10:00

CTF: NetKotH

(Room 464)
A technical Capture The Flag event, bring your own system and attack their vulnerable virtual Machines for prizes.

CTF: OSINT

CGSilvers Consulting
(Sponsor Lobby)
A Open Source Intelligence gathering Capture The Flag event. Bring your own system, scoware the web and find the requested information about target individuals.

Resume Review

Advanced Business Engineering, Inc.
(Sponsor Lobby)
Looking to get a job in this field? Bring a printed copy of your resume for review.

Lockpick Village

Fox Pick
(Room 174)
A lockpick village. Come learn to pick lock, and participate in Felix's Challenge

10:00

Incident Response for the Overwhelmed, Understaffed and Unprepared

Tony Drake
Security Track (Room 400)
The IR consultants always say the same thing about incident response "Have a Plan, Follow the Plan". In the military they say "The battle plan goes out the window when the bullets start flying". The fact of the matter is that incident response in the real world is more like the latter than the former. Everyone knows how to work an incident when everything is wrapped up in a tight little bow, the tools are deployed, the data is accessible, and everyone is in agreement on exactly what to do and how. This talk isn't about those incidents. This talk is about the incident that happens when you are a one man shop with no tools and no resources and you need to work things out in a hurry. In short, this talk attempts to deal with the human aspects of incident response, and how to be an incident responder, not how to do incident response. I discuss the human aspects of response, and how to cope with the stresses and complexities of incident response in a modern environment where nothing goes according to plan.

The Sound of Evil - An exploration of the audio security landscape

Wes Widner
Privacy Track (Room 401)
Voice assistants are popping up everywhere. Many wonder and worry whether we are voluntarily wire tapping ourselves. Your Alexa or Google Assistant doesn't have to be a magical box that represents a possible security vulnerability in your home (or car). Come join me as we explore how voice assistants work. I'm a firm believer that you need to know how something works before you can truly secure it. Next, we'll explore the threat vectors that all voice assistants share. And finally, and how they can be protected.

Hackers, Hooligans, Heists, & History

Brian Contos
Policy Track (Room 402)
This presentation is based on 20+ years in cybersecurity working across 50+ countries.  It will explore the real-life history and use cases of hackers, hooligans, and heists. From mechanical computers to the Internet, acts of sabotage, fraud, theft, and other nefarious undertakings have been conducted with low risk, minimal hurdles, and high reward. In some cases, attackers even receive safe harbor from prosecution. Bad actors ranging from insiders and hacktivists to cybercriminals and nation-states are motivated by money, politics, revenge, and ideology. We will translate the “who, how, and why” of cyberattacks. We will identify multiple “old school” and modern-day threat vectors and organize attacks by motives like sabotage and espionage. Each threat actor type will be explored in detail with real-life use cases and personal accountants. The examples used will illustrate the diversity in threats, methods, motivations, and organizational responses.

11:00

Hudson Bush: Too Small to Fail: Securing Small and Medium Businesses

Hudson Bush
Security Track (Room 400)
Small businesses are often overlooked when it comes to mature Security Operations. In fact, some MSSPs and security vendors won’t sell to businesses with less than 150 employees. This is a huge gap, especially when you consider supply chain attacks, and breaches like Target. When you consider their place in the security ecosystem, these businesses are “too small to fail”.

How to create a Compliance baseline and simplify compliance forever

Jason Hill
Privacy Track (Room 401)
It seems there is a never-ending stream of acronyms that businesses now must learn and understand in order to be “compliant.” In fact, you may feel like a cat herder that is chasing one audit after another. Each new entrant into the pantheon of compliance complicates and weaves and even more complex web of checklists, procedures, policies, etc. Each time new letters are added to our alphabet soup of regulations we must scramble to meet those specific lists of requirements. What if there were a better way? In this presentation, we’ll take a step back and consider that all frameworks and requirements are very similar. In fact, about 80% of PCI and HIPAA controls overlap. Let’s look at the different framework audit requirements and see how we can take a common-sense approach to your next audit. At the end of the day regulations have many of the same themes. Check audit logs, protect desktops, train users, etc. The first step is to start with a baseline, a starting point upon which all other compliances can be compared. After the baseline has been established, you’ll be able to quite the noise and provide a clear path towards meeting existing and yet to come compliance matrices.

Continuous Monitoring on a Budget: OpenWRT, Python, Documented Analytic Tradecraft, and the Cloud

Ryan Wilson
Policy Track (Room 402)
Continuous monitoring sounds intimidating, needing fancy and expensive sensors and software (hardware network taps? SIEM? SOAR?) to make it work. Cost sometimes puts these tools out of the realm of the possible for cybersecurity analysts and analysts in-training wanting to secure home and small business setups. If willing to invest time instead of money, we can use free and inexpensive tools to achieve the same end. I’ll provide an overview of a continuous monitoring system built on open-source tools (e.g. Docker, OpenVPN, Apache NiFi) and cheap hardware sensors (OpenWRT routers!) to collect data. I’ll then focus on how I use Google’s cloud storage, cloud processing, and a custom tradecraft documentation tool (similar to Jupyter Notebook) for capturing the Python and PowerShell scripts used for analysis. I’ll share what worked and what didn’t work in developing and operating this system. Specifically, I’ll highlight what data I’m collecting from my sensors and systems, how I collect it (using OpenWRT, Python, and Powershell), where I’m storing it, and how I analyze it. I’ll demonstrate how to fit these pieces together for implementing and monitoring some of the CIS Top 20 Controls.

11:30

Lunch

Dreamland
Behind Security Track (Room 400)
BBQ, vegetarian options provided and labeled.

1:00

Social Forensication: A Multidisciplinary Approach to Successful Social Engineering

Joe Gray
Security Track (Room 400)
This presentation outlines a new twist on an existing social engineering attack. In the past, we have worked on getting users to plug in USB devices to drop malicious documents and executables. While this attack sometimes proves our point, it is the tip of the iceberg that can be done. Enter Social Forensication. This is a two-pronged attack, consisting first of collecting a memory image for offsite offensive forensic analysis, the second being a rogue Wi-Fi access point attack. During this presentation, we will walk through the steps to perform each attack. Since defense is just as (if not more) important as the attack itself, we will also discuss mitigations (technical and procedural) and relevant windows detections for these attacks.

Under the skin: Privacy engineering of medical devices

Vishruta Rudresh
Privacy Track (Room 401)
"Connected Medical Devices (CMDs) help sustain lives, monitor vital signs, improve medical adherence, and offer non-invasive methods of remote monitoring and auto-diagnosing. To provide these directed functionalities, CMDs collect, store, and share vast amounts of patient PII and PHI (medical data). Amid the benefits CMDs provide, privacy however, has become a matter of dispute. It has raised several ethical questions on data security, data ownership, consent, and data usage as more and more insecure products are released into the market and as conglomerates take a capitalistic approach to data usage (CMD providers are known to sell data to insurance companies and pharmaceutical companies without the knowledge or consent of the CMD consumer). This presentation primarily looks at the current state (the types of data collected, software and hardware issues that compromise privacy), reviews the impacts of privacy loss, and evaluates the challenges in implementing privacy controls from both the technical and non-technical standpoints while making a reference to case studies. It also illustrates technical techniques for preserving and enhancing privacy in medical devices. The presentation will also propose policy improvements based on a gap analysis of existing standards laid out by NIST/FDA,etc, and propose principles for privacy engineering."

Blocks and Chains - Realities of Blockchain in the Enterprise

Michael Anton
Policy Track (Room 402)
This presentation will discuss the impact of Blockchain, or digital ledgers, on the enterprise. Blockchain technology provides new infrastructure to build the next innovative applications, driving profound, positive changes across business, communities and society. Blockchain offers the opportunity to supercharge emerging technologies, such as artificial intelligence and IoT, to make everything from supply chains to digital identity management smarter and more secure. We will discuss what the future looks like after the crypto currency crash and how practitioners in IT, security, and operations should begin to prepare.

2:00

Agile Security for Modern Threats

Nathan Hamiel
Security Track (Room 400)
"Agility isn’t a concept reserved for development teams pushing code into production every couple of hours. We as security professionals need to be agile too, something we have traditionally not done well. Our challenge is the fact that not only do we need to support the development team's goals, but everyone else’s goals as well. Even if change weren’t inevitable, our jobs would still be an uphill battle. Sprinkle in some evolving threats and a dash of new technologies, and we have a recipe for what seems like a lost cause. Talent shortages, budgetary restrictions, and opposing goals create an environment that pits us against other business units, and a continued perspective based on worst case scenarios aren’t doing us any favors. Whether you're a CISO or a penetration tester, we need a significant upgrade to our approach if we hope to enjoy success addressing the challenges velocity and scale bring our way. This presentation is about shifting our perceptions and embracing opportunities in unexpected places. We can’t be successful in a vacuum and with the right mixture of agility and collaboration, security teams can adapt along with the pace of business. Let’s stop being the group of “no” and start being the group of “how” setting ourselves up for the best opportunity for success. Join the conversation and be part of securing the future."

Mobile App Vulnerabilities – The Bad, The Worse And The Ugly

Ray Kelly
Privacy Track (Room 401)
One of today’s hottest targets for hackers is mobile applications. Whether its developer inexperience, rush to market or poor coding techniques, hackers are exploiting mistakes made by mobile app developers and it can be quite costly for companies. 2018 was a terrible year for mobile app vulnerabilities and 2019 will certainly be just as challenging. In this session you will see attack vectors for mobile apps and see vulnerabilities discovered in public facing apps and how they were exploited.

Preparing for your Cybersecurity Career

Ben Knowles
Policy Track (Room 402)
Every organisation has security problems -- whether they know it or not. Talented and committed professionals are needed across the vast range of security work. How can you help? Are you trying to get started in a cybersecurity career or do you have one and are looking to advance? Come learn what you need to have (and what you don't need but may help) and how to apply your strengths and experience to hunting for jobs in security. Getting an infosec job is a lot like testing security systems or defending against an attack: Preparation and planning are what make the difference. I'll share tips and resources to help you build your own job hunting process so you can plan and execute effectively. We'll discuss "dos and don'ts" for job hunting, social networking, resumes, and I'll tell you how to prepare for and succeed in "the infosec interview". Over the last ten years I've been in hundreds of interviews for IT and security positions, primarily at large companies. I genuinely want it to be a better experience for everyone. We badly need more good people in the business and community of infosec.

3:00

IOC's: Indicators of Crap

Xavier Ashe
Security Track (Room 400)
You should be looking at Indicators of Compromise!” exclaims your CISO, regulator, vendor and mom. No problem, right? You have the most expensive security intelligence vendor and all you have to do is correlate in your expensive SIEM! Well, if you have tried this, then you are laughing with me. Come hear my exploration into implementing IOCs at a major US insurance company and a major US bank. I’ll address the differences in Indicators of Compromise vs Indicators of Attack. I will show you how not to use the MITRE ATT&CK framework, plus some tips on how it use it well. My goal is to save you from falling into the same pitfalls when dealing with Indicators of Crap.

Data Access Rights Exploits under New Privacy Laws

Amber Welch
Policy Track (Room 402)
New privacy laws have advanced individual data rights, although the ability to request access to all personal information held by a company has created new attack vectors for OSINT, phishing, social engineering, and “legal DDoS.” This talk covers regional data access options, how most companies respond to requests, and exploits for common privacy vulnerabilities. We’ll explore the psychology driving corporate responses to requests, ways to exploit these emotions, and the weakest targets for attacks. For the blue teamers, detection and defense strategies will be presented. A cheatsheet with key sections of the laws for exploits and defense will provided.

3:30

Cyberstalking - A Privacy Issue

Ismaelle Vixsama
Privacy Track (Room 401)
Social media platforms have become an integral part of our normal interactions and in some instances replacing human to human interactions altogether. There are an estimated 2.27 billion users logging onto Facebook, and 260 million logging onto LinkedIn monthly and sharing their private data. This increase in the use of social media and oversharing of information on social media has however, introduced users to a new threat: cyberstalking. Cyberstalking can range from trolling on social media to physically stalking of victims and causing them bodily harm. The Data & Society Research Institute and the Center for Innovative Public Health Research published findings in 2017 of a nationally representative study suggesting that about 8% of Americans have been stalked online with the physical threats impacting women between the ages of 18-24.   Cyberstalking has become a consequence of privacy breaches (via fake profiles, poor implementation of privacy controls, and lack of awareness of the privacy controls) that social media platforms have failed to or are struggling to address, and that the law enforcement agencies are unable to hold them accountable for the breaches. It was found that, of the estimated users logging into social media platforms, 83 million of Facebook profiles and 56 million of LinkedIn profiles were found to be fake, and that the unclear terms of services merely exacerbated the efforts of law enforcement as to who was responsible for the breach.   Nonetheless, over the years, regulations have been created to alleviate the dangers of cyberstalking, however, issues such as ambiguity in terms of services on social media platforms, user oversharing, and lax privacy controls still play a part in the growing concern of maintaining privacy on social media. This presentation will provide an overview of what constitutes “private data”, and how the mentioned issues can be contained with meaningful efforts taken by social media platforms and the users alike. The presentation also borrows elements of GDPR and the California Privacy Bill to address privacy breaches that may lead to cyber-stalking.

Alexa Knows My Kids Better Than I Do

Wes Lambert
Policy Track (Room 402)
"Hey, Alexa! What should I get Billy for his birthday?". It seems absurd, but it's become reality that we ask the electronic residents in our homes these very questions. It seems the devices with which our children interact may have a better grasp on their overall interests and activities than we (parents) do. What might be the everlasting impact from this type of lifestyle, and what do these devices know about us and our family that we might have never guessed? These questions, among others will be explored in this discussion of the continued depletion of privacy within our very own homes. While usage of such technology is certainly not mandatory, what kind of impact does it place on relationships with peers and their families, to abstain from these habits of embracing technology in such pervasive ways? How is our privacy impacted by our natural desire to conform with societal norms? This talk will offer the audience several technologically-oriented privacy implications to consider, as well as some tools and techniques to help minimize loss of privacy when interacting with smart devices and their accompanying services.

4:00

Wrap up / Giveaways

Organizers
Security Track (Room 400)

5:30

Afterparty

Coalfire
Mellow Mushroom, 1133 Chastain Rd NW, Kennesaw, GA 30144
Pizza, snacks, and soft drinks courtesy of Coalfire. Vegetarian and Gluten-free options available.

Our amazing speakers

Without them, we’d just be drinking coffee and eating lunch all day.

Dave Shackleford

Voodoo Security

Keynote: Software-Defined Everything, and What That Means to Security

Dave is the CEO and Principal Consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also Lead Faculty at IANS, a SANS analyst, instructor, and course author, and a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He’s the author of the Sybex book ““Virtualization Security: Protecting Virtualized Environments”“, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Amber Welch

Data Access Rights Exploits under New Privacy Laws

Until she’s accepted for a Mars mission, Amber Welch is pursuing the advancement of personal information privacy and data protection as a Privacy Technical Lead for Schellman & Company. Amber has been assessing corporate privacy compliance programs for the past year and prior to that, managed security and privacy governance for a suite of SaaS products. She has previously worked in companies creating ERP, CRM, event planning, and biologics manufacturing software.

Ben Knowles

Preparing for your Cybersecurity Career

Ben S. Knowles is a professional computer security consultant and educator in the Atlanta, Georgia, USA area. Ben presents at local groups and conferences on analysis, forensics, and security education, leads Community classes on defense, response, and analysis with the SANS Institute and has bugs and patches in a few public tools. Ben is a consultant on the incident response team of a global firm.

Brian Contos

HACKERS, HOOLIGANS, HEISTS, & HISTORY

Brian Contos is the CISO & VP, Technology Innovation at Verodin. He is a seasoned executive with over two decades of experience in the cybersecurity industry as well as a board advisor, entrepreneur, and author. After getting his start in cybersecurity with the Defense Information Systems Agency (DISA) and later Bell Labs, he began the process of building cybersecurity startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, and Solera Networks. Brian has worked in over 50 countries across six continents. He is a board advisor for Cylance, JASK, Appdome, and the University of South Florida. He has authored several books, his latest with the former Deputy Director of the NSA, spoken at leading security events globally such as Black Hat, RSA, and BSides, and has been on C-SPAN, Fox, CNBC, CBS News, Bloomberg, and many others. Brian is a Distinguished Fellow with the Ponemon Institute and an Official Member of the Forbes Technology Council. Brian was recently featured in a cyberwar documentary alongside General Michael Hayden (former Director NSA and CIA).

Hudson Bush

Too Small to Fail: Securing Small and Medium Businesses

Hudson Bush is a Security Architect that injects Threat Modeling into everything he does. He mostly works with Government Regulatory Compliance, Risk Management, and Business Impact Analysis. His goal is to teach others about the mistakes that he has made so that others don’t have to repeat them.

Ismaelle Vixsama

Cyberstalking: A Privacy Issue

Ismaelle is an Information Security Governance and Strategy professional with experience working with Security Governance programs across Financial Services and Public Sector. Her compliance specialties include ISO 2700X, NIST, GLBA and FFIEC. Ismaelle holds a Master’s of Science in Cybersecurity, CISM and ISO 27001 Lead Implementer certifications.

In her spare time, she enjoys traveling, watching anime and spending time with her young nieces and nephews. She is also a mentor and an advocate for women and non-binary people in technology and cybersecurity.

Jason Hill

How to create a Compliance baseline and simplify compliance forever

Mr. Hill’s accomplishments include acting information security chief of one of the largest aluminum producers in the world and Information Assurance lead for a $180M infrastructure revamp for a Department of Defense entity. Training and consulting clients have ranged large and small included dozens of Managed Security Services Providers, Fortune 500 companies, NASA and other US government institutions. Mr. Hill has had cybersecurity consulting responsibilities for a variety of clients encompassing the globe utilizing the NIST-RMF, NIST- CSF, and ISO 27001 frameworks as well as his experience as a PCI QSA. Having a background in system architecture and design Mr. Hill brings a uniquely refreshing perspective on information security which provides clients and partners value beyond industry norms.

Joe Gray

Social Forensication: A Multidisciplinary Approach to Successful Social Engineering

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu Jitsu, and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe is a regular Forbes contributor and has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading. Joe is an IBM Recognized Speaker/Presenter.

Michael Anton

Blocks and Chains - Realities of Blockchain in the Enterprise

Michael S. Anton is a Senior Product Manager at Kudelski Security, an international security company that provides innovative and tailored solutions to enterprises and public-sector clients. He works within the company’s Innovation group, where his responsibility is to evaluate emerging technologies for product development – specifically focusing on DLT and IoT.

Nathan Hamiel

Agile Security for Modern Threats

Nathan Hamiel is Head of Cybersecurity Research at Kudelski Security, an international security company providing innovative and tailored solutions to enterprises and public-sector clients. Nathan works in the innovation group defining the future of services and products for the company. A security veteran with a strong focus on software security, he has spent his nearly 20-year career helping customers around the world solve complex security challenges.

Nathan has presented his research at global security events including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon and many others. He is also a member of the Black Hat review board where he evaluates research for inclusion into the various conferences around the world.

Ray Kelly

Mobile App Vulnerabilities – The Bad, The Worse And The Ugly

Ray Kelly is an internet security professional with over twenty years of development experience, twelve of which has focused on the internet security space. Ray has been a key player in multiple successfully acquired cyber security start-ups. He was the Lead Developer and Business Unit Director for WebInspect with SPI Dynamics which is an industry leading application security scanner. Currently Ray is a Application Security Architect for Micro Focus where he contributes to security research, business vision and customer success

Ryan Wilson

Continuous Monitoring on a Budget: OpenWRT, Python, Documented Analytic Tradecraft, and the Cloud

Ryan is a cybersecurity professional, instructor, and entrepreneur. He has served the U.S. Government with his expertise for over 10 years. More recently, he has started consulting with small businesses and families to help them protect themselves from the cyberspace things that keep them up at night. When not nerding around (he really likes programming!), he loves shaping his children (a.k.a. parenting), kayaking, camping, and biking. And he recently achieved a childhood dream of computerizing his Christmas light display and syncing them to music with his Raspberry Pi. Soli Deo Gloria.

Tony Drake

Incident Response for the Overwhelmed, Understaffed and Unprepared

Tony Drake has over 25 years of experience in various areas of information security and system administration including certifications in Pen Testing, Incident Response and Forensics.

Vishruta Rudresh

Under the skin: Privacy engineering of medical devices

Vishruta Rudresh is a Senior Cybersecurity Researcher at Kudelski Security focusing on fundamental new approaches to IoT and OT environment security, including but not limited to machine learning, edge device decision making, and low power environment security. She has been working in the Information Technology industry since 2011 specializing in IoT security, malware reverse engineering, system and application administration, incident response, digital forensics, and mobile security and has a master’s degree in Information Technology- Information Security from Carnegie Mellon University.

Wes Lambert

Alexa Knows My Kids Better Than I Do

Wes Lambert is a Senior Engineer at Security Onion Solutions, where he helps customers to implement enterprise security monitoring solutions and better understand their computer networks. He is an active supporter of open source software projects, and loves helping others to solve problems with completely free and easily deployable tools.

Wes Widner

The Sound of Evil - An exploration of the audio security landscape

One of the first dates with my wife was spent overclocking a Gateway 2000 66Mhz to 175Mhz. I knew she was the one as the under-cooled chip glowed red hot and set off the smoke alarm. These days, I’m an Engineering Manager at CrowdStrike, a leading cybersecurity company. Hit me up if you’re interested in joining our team!

Xavier Ashe

Indicators of Crap

Xavier Ashe is currently the VP of Security Engineering at SunTrust. He is a Georgia Institute of Technology alumnus and has 25 years of hands-on experience in information security. Working for various security vendors and consulting firms for the last 15 years, including IBM, Gartner, and Carbon Black, Xavier has been focused on helping secure companies of all sizes. Xavier was the first hire at the startup Drawbridge Networks, where he was instrumental in bringing the first microsegmentation solution for servers and workstations to market. Mr. Ashe holds many industry certifications, including CISM, CISSP, ITIL, SOA, and others.

Our Sponsors

We thank these sponsors for making our event great!

Diamond

Gold

Silver

Bronze

Events

In-Kind

Code of Conduct

We have NO TOLERANCE for physical/verbal/sexual harassment of any human, humanoid or AI!

Our “Code of Conduct” is “Be Excellent to Each Other” AKA the Golden Rule. Failing that, it is “Do not be an Ass* or we will kick your ass out!“.

Asking questions of a speaker during their talk, to get clarity or debate a point is NOT being an ass – heckling or haranguing the speaker IS. If you are not sure, ask, or err on the side of basic decency and common courtesy. If what they are doing would not be acceptable to have done to you, your best friend, your worst enemy, your sister, niece, daughter, brother, nephew, son, mother, father, or any human being, do not let them treat anyone else that way – whether you know them or not. If someone asks you to stop – stop.

If you are having an issue with a BSidesATL participant of ANY type, find an organizer. They will assist you in determining the next steps for you to feel safe and heard.

*Staff reserves the right to determine what constitutes “Being an Ass”.