Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.
One of the biggest complications with hosting events is becoming an entity that can legally collect and pay money. Usually this requires organizers to formalize into some kind of non-profit or other business structure. We were able to bypass all of that by relying on HackClub. HackClub is an organization focused on high school clubs to get kids into STEM activities, they provide a framework for new groups and partner with companies like google to streamline getting setup with things such as gSuite. The biggest benefit we saw was HackClub Bank, a way to get Bsides Harrisburg as a non-profit and get access to bank accounts and debit cards. This allowed us to invoice sponsors and pay for what we needed.
Making a Discord
In order to plan an event, organizers had to be able to communicate with each other. We decided on using Discord to track our conversations, calls, and tasks. Eventually we opened the discord to all conference attendees so they had a place to chat before the event and so we have a way to stay in touch until the next year’s conference.
Finding speakers and volunteers
There was many other organizer activities that I was not directly involved in. Developing and keeping a website updated, social media management, getting shirts and badges printed. There’s a lot involved in running a conference and I am just happy to not be doing it alone.
In 2019, there was a BSides Harrisburg event, partially hosted by Harrisburg University. While the PA Hackers community was involved, I was told that the University covered a lot of planning especially when it came to a venue. For this year, we wanted to ensure that organizers had the ability to fully plan the event without relying on external partners. When it came to finding a venue, we wanted to find a hotel or conference center in the Harrisburg area so we could have a room block reserved if attendees wanted to stay overnight. We found Best Western Premier, a hotel with attached conference center and restaurant. While visiting the venue, we got a tour and were immediately thinking how we could apply the layout for our conference. Best Western had a large open room for vendors, the ballroom could be split to provide multiple talk tracks, and there were additional rooms to dedicate to villages.
Finding sponsors was the most critical task of organizing the event. Without sponsors, we would not have the funding for the venue, inviting key speakers, or providing food and materials for attendees. Sponsors are the blood of a conference and for a while during planning, we were worried about not being able to host the event. From the initial idea to the date we set with the venue, we had roughly six months to get everything planned. Given that part of that planning was over Christmas, vendors we reached out to were either out of budget for the year or chose to wait until the next year’s budget before committing.
I am very thankful to the companies and organizations that did sponsor BsidesHBG 2023. We had a successful event because of them. Some takeaways learned from this year is that we need to be reaching out more often to sponsors early on, and to a wider net of companies. There’s many local technology companies that may be hiring or in need of security so they would have an interest in getting involved in the community.
If sponsors are the blood of a conference, then volunteers would be the muscle. BsidesHBG was lucky to partner with two organizations, Raices and Blacks in Cyber (BIC). Between these groups and volunteers who completed our call for volunteers directly, we had more than enough help to ensure the event went smoothly. Based on my past experience helping with GrrCON, I attempted to set up a volunteer schedule where everyone would get half the day to enjoy the conference. There were teams covering registration, individuals covering the talk tracks, and emcees in both tracks. These volunteers scanned tickets, helped speakers with timing talks, monitored for badges and more. With a range of experience from new volunteers to veterans, everyone worked well and relied on one another so that no incidents were brought to organizers.
I would be overjoyed to see the 2023 volunteers return to help with the next year’s event.
While conferences may be best know for their presentations, there are other parts of the event that also attract a lot of attention. BsidesHBG had a Capture the Flag (CTF) event hosted by CTF313 and a lockpick village hosted by Fox_Pick. CTFs and lockpick villages are common at security conferences; they provide hands-on, fun activities for attendees to learn unique skills and test themselves.
CTF313 provided a jeopardy style game where teams of 4 competed to get the high score. CTF313 is unique in that it has a wide range of jeopardy categories, while most other CTFs target a specific theme. This allowed for attendees new to the field to have a wide choice of topics to dig into, some familiar topics would be cryptography, forensics, or programming challenges. Some memorable chatter from the CTF included the struggle endured to try and read information off a floppy disk but not being able to find the hardware even after calling local stores in the area. There were also unique categories outside the usual themes. One being history, where attendees completely unfamiliar with cybersecurity could rely on research or other skills to find flags. The CTF also integrated challenges within the conference, some speakers had flags hidden in their presentations, the website included hidden details, and even the lockpick village had some flags available. BsidesHBG staff is very thankful for the talented contributions from the CTF313 crew, and I’m personally excited to get to see the CTF they provide at a conference again since Converge.
Fox Pick hosted the lockpicking village for our Bsides event. They brought custom rigs to learn and test lockpicking on. Attendees were able to see how locks work and how to pick various kinds like padlocks, dead bolts, or even handcuffs. Fox Pick has a time challenge to get uncuffed and pick three dead bolt locks. The individual who completes the fastest wins a prize. The real winner though was Hak4kidz, an organization that Fox Pick sponsors and all donations from this challenge went to support teaching kids about STEM and helping them explore technology.
We had an amazing lineup of speakers for our first conference. Our keynote speaker Tracey (InfosecSherpa) started the day off strong with a wide introduction to many key point and challenges to our industry. My personal favorite talk of the day was presented by TJnull, who gave us some red team open source intelligence (OSINT) tips. He showed some tools and methods used for OSINT and was even able to provide us with a case study. I am looking forward to applying what I learned in a future Trace Labs search party to find missing persons.
We had many other speakers as well with great talks. Reviewing penetration testing, introducing an open source project: infection monkey, teaching about SEO and social media automation, and getting into the industry via discord. I was not able to attend them all myself but I’m hoping to update this point with links to anyone who took notes at the conference. Check out the speakers page in the 2023 archive to get all the speaker bios.
2023 was a great first event for BsidesHBG. Thanks to our venue, sponsors, special events, and speakers, our team was able to bring 186 people a fun and educational day of cybersecurity. The organizers will be leaving the discord open and keeping the community involved. We are taking our lessons learned and next year will be even better!