BSides

BSides
Name	BSides
Genre	Conference
Focus	Information security
First	2009
Founder	Mike Bergman; Jack Daniel; Chris Nickerson
Type	Community-driven
Frequency	Annual / Regional
Location	Global

BSides

BSides is a decentralized series of information security community conferences that emphasize accessible technical talks, hands-on workshops, and informal networking within the computer security and cybersecurity ecosystems. Founded in 2009 as an alternative to large commercial gatherings, the events foster grassroots participation from practitioners affiliated with entities such as Microsoft, Google, Cisco Systems, IBM, Amazon (company), SANS Institute, CERT Coordination Center, and independent researchers. Attendees include personnel from National Security Agency, Department of Homeland Security (United States), Europol, Interpol, and myriad regional startups, academic labs at Massachusetts Institute of Technology, Stanford University, Carnegie Mellon University, and contributors from projects like Metasploit, Wireshark, OpenSSL, and Kali Linux.

Overview

BSides events operate as community-focused adjuncts to major gatherings such as Black Hat, DEF CON, RSA Conference (company), and regional meetups including ShmooCon and OWASP Global AppSec. Formats prioritize short-form presentations, unconference tracks, capture the flag competitions, and vendor-neutral panels, often held in alternation with or near established conferences in locations like Las Vegas, San Francisco, London, Berlin, Sydney, Singapore, and Tel Aviv. The series is organized by local volunteers from organizations including ISACA, (ISC)², Linux Foundation, Apache Software Foundation, and university security groups, and attracts attendees ranging from analysts at FireEye and CrowdStrike to contributors of The Honeynet Project and Electronic Frontier Foundation.

History and Origins

Origins trace to a post-2009 schism when practitioners sought alternatives to established corporate conference models dominated by entities such as Reed Exhibitions and Informa PLC. Early organizers—security consultants and founders with ties to Black Hat USA, DEF CON, and incident response firms like Mandiant—created an initial template emphasizing low cost and volunteer governance, inspired by community events organized by 2600: The Hacker Quarterly and Chaos Computer Club. Over time, regional chapters proliferated across North America, Europe, Asia, Africa, and South America, spawning coordinated endeavors involving partners such as Cisco Talos, Kaspersky Lab, Palo Alto Networks, Splunk, Elastic (company), and national research institutions like Fraunhofer Society.

Organization and Structure

Each BSides is locally organized under loose guidelines encouraging noncommercial sponsorship and transparent governance; typical stakeholders include university security clubs at University of Oxford, University of Cambridge, University of Melbourne, and Universidad de Buenos Aires, municipal hackerspaces like Noisebridge and C-base, and professional groups such as SANS Institute and ISSA. Leadership roles—conference chairs, program committee members, volunteers, and track leads—coordinate submission systems that mirror models used by ACM SIGCOMM, IEEE Symposium on Security and Privacy, and USENIX. Funding derives from community sponsors including GitHub, Red Hat, Docker (software), Oracle Corporation, and local incubators, while code of conduct policies often reference frameworks used by Ada Initiative and standards upheld at PyCon.

Events and Format

Typical BSides events feature multi-track schedules combining peer-reviewed talks, lightning talks, workshops, and hands-on labs associated with toolchains like Metasploit Framework, Burp Suite, Nmap, and Ghidra. Ancillary activities include capture the flag competitions inspired by DEF CON CTF, peer mentoring sessions modeled after Mozilla Festival, and informal "hallway" discussions that echo formats from SXSW and TEDx. Speaker selection blends invited experts—researchers from Google Project Zero, Facebook Security, Apple Security—with independent presenters formerly associated with incidents publicized by Stuxnet reporting, WannaCry analysis, and vulnerability disclosures tied to CVE entries curated by MITRE.

Community and Culture

BSides culture emphasizes openness, mentorship, and low-barrier participation, attracting a diverse cohort from women who code chapters, minority-focused groups like Black Girls CODE, veterans' programs linked to USO, and academic outreach programs at University of California, Berkeley and Georgia Institute of Technology. The ethos mirrors practices advocated by Electronic Frontier Foundation and community-driven projects such as OpenSSL and Let's Encrypt. Volunteerism, sponsorship transparency, and speaker support are core tenets; many chapters adopt inclusive policies influenced by initiatives from Girls Who Code, Ada Lovelace Day, and diversity efforts at IEEE and ACM.

Notable Conferences and Incidents

Several BSides events have gained prominence when speakers revealed influential research or when organizers addressed security incidents. Noteworthy moments include technical disclosures paralleling research from Project Zero and CERT Coordination Center; live demonstrations influencing vendors like Microsoft and Apple to issue patches; and community responses to on-site incidents echoing procedures used by SANS Institute and FBI. High-profile editions in Las Vegas and San Francisco drew notable figures from RSA Conference (company) and DEF CON, while regional chapters in London, Berlin, Sydney, Buenos Aires, and Tel Aviv catalyzed collaborations with local institutions such as GCHQ, Bundesamt für Sicherheit in der Informationstechnik, Australian Signals Directorate, and national CERT teams.

Category:Information security conferences