By: Radhika Gupta
Last weekend, all thanks to the Women in Tech Fund, I had the pleasure of attending not only one, but two security conferences in Paris. The two conferences were Hack in Paris, and Nuit du Hack (which means "Night of Hack" in French), and they bring in people from all over the world that are passionate about one thing - information security. There was a wealth of knowledge and experience floating around and it was inspiring, as well as impressive. I want to share with you five things I've learned after attending these conferences.
1) Hack in Paris consisted of talks, while Nuit du Hack had talks (both in French and English), workshops, a Bug Bounty, and Capture the Flag (CTF). A Bug Bounty is when you are compensated for reporting a bug or vulnerability in a company's software, and a CTF is a security competition where you have events that consist of different challenges that range in difficulty, and once an individual challenge is solved, the hacker is given a "flag" and they submit this flag to the server and earn points. At Nuit Du Hack, hackers stayed up all night to gain the most points by 9 am.
2) Besides these challenges, there were also incredible talks given by researchers and developers. My favorite talk from Hack in Paris was about using bluetooth technology to hack a car, and at Nuit Du Hack, my favorite talk was about using quantum physics for encryption. In most of the talks, there were definitely points where I would get lost because the technical details were way beyond what I have learned, but even just seeing everything that's going on the field opened my eyes to the importance and various aspects of info sec.
3) Even though I wasn't able to capture all the flags in the CTF, I still learned about various tools used to find the flag, from using command line tools to invert the colors of an image, to getting the hidden byte code from a capture file and translating it. However, none of this would've been possible if I hadn't learned many of things I have learned since the start of the summer. This summer I am working for the Stratosphere IPS project with the CTU University of Prague. My time here includes analyzing real malware threat attacks, designing and developing a solution in python to facilitate the search of Indicators of Compromise (IoC) from a main analysis interface called Manati into the Hadoop Big Data cluster, and working on a survey of security needs for NGOs. The first step to attack a CTF is dissect a pcap (packet capture) file, and because of what I've learned from my time at Stratosphere Lab so far, I was able to watch and follow my coworker Veronica as she captured the flags one by one.
4) In both the conferences, the first thing I noticed was that only about 5% of the people in these conferences were girls. However, both Hack in Paris and Nuit du Hack had at least one woman speaker, and both of my favorite talks from each conference was given by a girl. Sheila Berta gave the talk on car hacking and Martina Bodini gave the talk on using quantum physics for encryption. There is evidently a lack of women in cybersecurity, and even though the numbers are growing, they are growing slowly, and we need to change that.
5) I am so grateful to have had the opportunity to attend these conferences. It was truly an eye opener to see people from all around the world come together to talk and learn about information security. I came to Paris with my team from Stratosphere Lab (#stratoteam), and from the six of us, there were two Argentinians, one Russian, one Slovak, one Greek, and me, an Indian. After these conferences, I am inspired to continue to learn more about info sec (including taking more security focused classes in school), attending more conferences, and eventually be able to speak at one of these conferences (DEF CON here I come!!!)