I’m not sure exactly how this all came to be. I can tell you somewhere along the way, several tweets were flying about a variety of Black Hat presentations turned down this year from pretty prominent speakers. (Mine was turned down as well, although I’m definitely not going to group myself in the prominent speakers category.) Public tweets turned in to private messages amongst several of us. I went to bed that night and when I woke up, some magical hamsters running this wheel had pulled together a killer idea, a web site and were working on the supporting structure of the event’s logistics – location, space, transportation, sponsors.

And so, soon after, Security B-Sides was born. I threw in a topic to get things rolling, thinking the fledgling event would be a room full mostly of current friends and colleagues participating in the aforementioned tweeting. Much to my surprise (and excitement) this event has exploded into something quite substantial. Over the past few weeks it’s quickly matured from the morning-after crawling infant in to a full-fledged conference with some great speakers and content.

Security B-Sides
Colocated with Neighborcon
July 29-30, 2009
10:00am – 5:00pm both days
Las Vegas

They even have some pretty snazzy badges cooked up, with the partnership of co-located Neighborcon.

The schedule is being finalized and can be found here. With a few slots still open, these are the current topics and speakers on tap for Security B-Sides Vegas 2009! For our purposes here, talks are alphabetical by last name.

  • Don Bailey 
    A presentation with tips and tricks regarding DECT hacking.  Demonstrating new software to make DECT more practical for risk and/or wireless assessments.
  • Luis Corrons
    An Inside Look at the Ever Evolving Rogue Antivirus Economy
  • Damon Cortesi
    Social Networking, the Age Before Firewalls/Unicorns and the Pitfalls of Rapid Application Development 
  • Marisa Fagan, Elizabeth Wharton
    The EX Factor: Exploring Proximity-based Identity Theft 
  • Jennifer Jabbusch (me) 
    Catching the Unicorn: A Technical Exploration of Why NAC is Failing
  • Mike Kershaw 
    Author of Kismet will talk about msf/lorcon/wifi pwnage & blind/semi-blind http ownage
  • HD Moore
    Author of Metasploit will talk about WarVOX
  • David Rook
    The Principles of Secure Development
  • Val Smith
    Founder of Attack Research. Val will be talking about global information security threats
  • PanelFeathers Will Fly!
    Moderated by Erin Jacobs, Participants including Stacy Thayer, Jennifer Jabbusch, Leigh Honeywell, Leigh Hollowell, nicolle neulist, Magen Hughes Feathers will fly Panel! – Professional Image and Gender Issues for Females in Security

If you’re attending Black Hat and/or Defcon and you’d like to join our crazy group at Security B-Sides, get on the list early by adding your name to the wiki – http://www.securitybsides.com/BSidesLasVegas

About My Talk Here
I’ve been promising my technical/industry evaluation of the NAC industry, technologies and integration. THIS is why you haven’t seen the paper yet. It will debut in full presentation format at Security B-Sides. Email subscribed blog readers (you can subscribe on the right sidebar) will receive the Catching the Unicorn article edition, possibly along with audio. This talk (and the accompanying paper) detail the technical issues with the industry’s current approach to NAC and an outline of steps to fix it from each angle. In addition to the NAC talk, I’ll be joining Erin and the girls for the Feathers Will Fly panel discussion that grew from the SecPillowFight (that’s an entirely different post).

# # #


Author, speaker, and recognized authority on network and wireless security architectures, Jennifer (JJ) Minella helps organizations solve technical problems and align teams.

View all posts


  • Hi Ben,
    Anyone that’s listened to any of my NAC presentations will surely think I planted this question!

    Yes- I ALWAYS start of NAC presentations with a little foundation-laying to cover what NAC is, as defined by each major vendor, as defined by the industry, and as defined by features included in a solution.

    You hit the nail on the head- we (as an industry) have done ourselves such an injustice by throwing around NAC and related marketing jargon that no one has a clear definition of WHAT it is. I’ll explain why and try to de-goo it all for you ;)


  • Awesome goodness, JJ! I have a request: Please, please, please define “NAC” for the masses (and me:) in your preso. There is so much marketing goo on this topic that I’ve long since become confused as to what in the world NAC actually is. Please help my poor addled brain! :)