On January 31, 2020, Shmoocon held their annual conference in Washington D.C. Each year, the event offers a glimpse into the upcoming trends of the year, defined by the needs of the federal industry. Outlined below are the top three trends observed by our ForAllSecure engineers.
Shmoocon is becoming more than just a Federal meetup.
Due to its close proximity to government HQs, Shmoocon is known to be a conference popular to the Federal audience. This year, audience dynamics have shifted and has brought together a wider range of attendees across all industries. This may be an indicator that many government cybersecurity pain points are universal. Historically, Federal challenge and needs have been considered unique, often standing alone in its own market category.
Commonalities in cybersecurity pain points don't come as a surprise for ForAllSecure. Having partnered with the Defense Innovation Unit, also known as DIU, Mayhem has an intimate understanding of the DoD’s appsec challenges. We’ve also learned that their needs are transferable and relevant to commercial industries, such as aerospace, automotive, critical infrastructure, and more. Read more about our learnings here: Top 5 Takeaways From The "ForAllSecure Makes Software Security Autonomous" Livestream
The crowd is loving mini-CTFs.
On top of the classic Capture the Packet and Hack Fortress competitions held annually at Shmoocon, there were smaller challenges at most vendor booths. Attendees were encouraged to solve security challenges to win attractive prizes ranging from exploitation prizes to simply playing smash brothers with their security-passionate comrades. It's a great place to get your hands dirty while exploring the con.
We love this trend! It also highlights the need to provide a community where security professionals can exchange ideas, challenge each other, and enjoy each other’s company. That’s one of the reasons why we decided to host the industry first FuzzCon in SF on February 25, 2020. Join us to meet fuzzing experts and connect with other passionate fuzzing enthusiasts. Register here!
Don’t know what fuzzing is? Here’s a quick read for your reference: What is Next-Generation Fuzzing
Yet again, Shmoocon delivers a rich range of topics.
Shmoocon is notorious for high quality, in-depth talks on various cybersecurity topics. This year, there were various speaking sessions on cybersecurity policies and technologies. The 5G and fuzzing sessions were recognized as some of the best talks of the con.
5G has been highly anticipated. To meet consumer expectations, telecommunications companies have opted to host 5G Hackathons, where fuzzing was a common technique within several teams’ toolbag.
Among the fuzzing sessions was a talk from our very own Mark Griffin, ForAllSecure Engineer, on, “Knowing the Unfuzzed and Finding Bugs with Coverage Analysis.” Missed it? You can still catch it in April 2020 on the ForAllSecure BrightTalk channel. Stay tuned!
Are there any other big show takeaways that we missed? Let us know on Twitter.