A Beginner’s Guide To BSidesSF

Someone asked me recently what kind of conference was BSidesSF... so this is what my answer would be in 10 minutes...

I’ve been lucky enough to been able to attend BSidesSF ever since it was at the DNA Lounge and even a couple times at OpenDNS (Dan Hubbard was a very welcoming host, thanks Dan!). OpenDNS used to even have quarterly talks at its space as well. I even spoke one year at BSidesSF about AWS and Federated Identity, way before it was a thing.

Many CISO’s have never been to a BSides before, and I was asked once what type of people go there. I tried to avoid saying “It depends”, but it really does based on which BSides it is. So I started off with a history lesson of what BSides is first, then went from there.

Although succinctly, I did say security practitioners, engineers, and security leaders at startups.

A Brief History Of BSides

Prompt: “Give me a one paragraph history and summary of BSides”

BSides is a community-driven framework for organizing information security events, created to expand the scope of conversation beyond traditional space and time confines. The idea is to provide a platform for security practitioners, engineers, and leaders to present and participate in an intimate atmosphere, with discussions, demos, and interactions from participants. It is a global event where conversations for the next big thing in cybersecurity are happening, and it promotes collaboration and knowledge sharing among attendees.

The Venue

Ok, this is the best part. BSidesSF is held at a movie theater! And yes, the talks are in the theaters, including the IMAX theater! I didn’t believe it either the first time I went, but yeah… they got the whole theater for a weekend!

Fun fact: The San Francisco IMAX is the 2nd largest IMAX screen in the US.

Not only that, but there is a beautiful terrace overlooking Yerba Buena gardens where you can network and meet other security folks. Quite an environment to meet new and old friends.

The Talks

The talks at BSidesSF are really high quality. You have engineers and security leaders giving talks building some cutting edge tools and hacks at some of Silicon Valley’s biggest and most innovative security teams.

Everything from DevSecOps to shifting security culture and everything in between is discussed here.

Of course you could watch these talks online at 1.5-2x on YouTube later, but there is nothing like the energy of watching a good talk in person with some of your peers in the security field.


A good security con wouldn’t be one without a bunch of villages. Villages are areas of a conference setup to help you learn and explore a particular field of security. BSidesSF this year has several villages including:

  • Lockpick Village

  • Badge Village

  • Bug Bounty VillageShare

  • Career Village

  • Cloud Village

  • Crypto & Privacy Village

  • Day of Shecurity Village

  • Electronic Frontier Village (EFF)

  • IoT Village

I highly recommend stopping by all of these villages, taking a look, attending any talks there, and speaking to the volunteers/organizers of these villages.

If you’ve never picked a lock before, then I’d start there! So much fun!

CTF - Capture The Flag

If you’ve never done a capture the flag, I really encourage you to do it. It’s a challenge based game where you try to solve a variety of security related problems in a variety of areas such as forensics and  web application security. There are a variety of styles to the game, such as jeopardy style or level based gaming.

David Tomaschik has been doing the BSidesSF CTF for 7 years now. In fact he’s created leaderboards and other tools around the CTF

Other Considerations


Lobbycon is the main goal of the conference for a lot of people. Lobbycon is just about meeting old and new friends in the lobby and common areas all throughout the village. Talking about what’s good and discovering new things.

We humans are a social species and in case you haven’t noticed, information passes really quickly through peer-peer communications. Lobbycon is how you can discover what events are worth going to as well as an opportunity to expand your IRL social network. I’ve made some really good friends from friends of friends at conferences over the years.

Food and Coffee Is Included!

Having to leave a conference to find food is a major pain and really messes up the “flow” of a conference. Thankfully, with your ticket lunch and a light breakfast/snacks are included which makes it convenient.

They even have espresso based drinks and coffee flowing all day at the conference.

Many people forget that food is actually include with the ticket, so hopefully this is a good reminder for you.

The People

BSides is a non-profit. It take a LOT of volunteers to put on a show like this. I’ve been volunteering for several years now and I recommend you do the same. It’s a great opportunity to give back and be part of something bigger and maybe meet some people along the way.

BSidesSF is probably my favorite conference. Probably because it’s local and I’ve come to know many of the people at the conference over the years, but more than that the vibe is really nice here.

No con is perfect of course, but if you’re in the area, then I really recommend coming and exploring.

Grand Finale

I’ll leave you with this!

Join the conversation

or to participate.