I'm a bit late but here it is anyway. DerbyCon was good overall this year and still is my new favorite security con. I must say I felt the talks were overall not as strong as the last two years and I didn't walk away with as many good pieces of data and ideas. A feeling I confirmed with several other people. But it was still good and it isn't clear how much of that is based on the talks that were selected, or that the talks in 2014 just aren't as good as a whole, or it is a bullshit feeling and we are building old DerbyCon's up in our mind. But like I said, still my favorite, and I still plan to go next year. On a side note I explored more of Louisville this year than the years past and I'm starting to really love that city.
All the videos can be found here:
If you didn't get to go or missed some talks here are a few I liked:
Threat Modeling for Realz – Bruce Potter
Application Whitelisting: Be Careful Where The Silver Bullet Is Aimed – David McCartney
InfoSec – from the mouth of babes (or an 8 year old) – Reuben A. Paul (RAPstar) and Mano Paul
How to Secure and Sys Admin Windows like a Boss. – Jim Kennedy
Building a Modern Security Engineering Organization – Zane Lackey
Information Security Team Management: How to keep your edge while embracing the dark side – Stephen C Gay
RavenHID: Remote Badge Gathering -or- Why we sit in client bathrooms for hours – Lucas Morris – Adam Zamora
Building a Web Application Vulnerability Management Program – Jason Pubal
This list is far from complete, I haven't watched all the videos of talks I've missed and want to see yet. But it is taking a while and I wanted to get this out. So consider that list a starting point, there are a whole lot of good talks up there. Everyone should spend a few hours to watch the ones that applies to you the most.
So far I think the best piece of info I got was from Jason Pubal's talk that exposted me to ThreadFix. It was a pain for me to get it working on Debian but that is just because I'm too stubborn to use Windows I guess. I think that might be another blog post soon. But let me say, my developers already love the thing and I just got it working. If you have developers and have to give them scan data check this tool out.
Let me know what videos you think I should watch that I didn't link. I won't watch them all so let me know if you think I'm missing something cool.