(AppSec) Bloke On Film!

I've now done a few public talks, and finally I can prove it.

(AppSec) Bloke On Film!

I've now done a few public talks, and finally I can prove it.


It feels like it's been a long time in the making, but really it hasn't. As I've said in a good few previous posts it's been my ambition to get to speak at a public InfoSec event. That ambition was fulfilled recently at BSides London.

You know my story; August 2017 I attended BSides Manchester and became infected with the desire to share my experiences. I started blogging, became a regular gobshite (Google dat) on Twitter and ultimately felt the need to start standing in front of strangers and tell them about what my friends and I do to make life more pleasant for folks on the Web.

That was it. So, when I got the nod to speak at BSides London, I was, to use a well worn phrase "over the Moon". It never got recorded though, which was a shame.

The feedback from that talk though was extremely positive and it helped vindicate my belief that it was worth all the effort. And worth delivering elsewhere, so I set about doing a bit of my own PR; OWASP Manchester was looking for speakers, as was BSides Manchester (both local to me geographically).

So, I offered up my time to both.

And both accepted. There's a cause and effect element here. Read on.

OWASP Manchester

A couple of months back, the local chapter of OWASP announced it was running a meetup and put out a call for speakers. I was on a bit of a high on the back of my successful talk at BSides London, so I raised my hand.

The chapter leads asked for the content and context, which I duly provided. Hell, it was a presentation I'd nurtured over a number of months and was ready to just deliver.

Happily (and I was so pleased), the response was "We love it". Locked in.

Now, with BSides attendees, you're talking about a diverse bunch of information security people, ranging from outright hackers, through to people working for security product vendors. With OWASP meetups, it's all about web application security folks, as the name of the Foundation indicates.

There are no punches to be pulled. There is no bullshit you can speak. I do web app security and so do they.

That actually made me a little nervous. I felt no shred of nerves down London way (probably for different reasons), but on my home turf, talking about my core subject, I felt I needed to get it 100% right from the get go. That had me a little tense.

Anyway, I arrived at MadLab a good hour early, so as to just not be late. I noticed a couple of blokes wandering in with cases of beer and thought "Yeah, these guys are with me, or I'm with them" and followed them in. The venue was interesting.

MadLab is a space in a building, in a space near Manchester's Victoria Station, called NOMA. It caters for meetups of all kinds; arts, crafts, coders, hackers and so on. I gave my talk in a room that wasn't a room, but was more of an open space with wooden partitions and industrial looking plastic curtain doors. It was a little noisy, as sound from the rest of the place kept flooding in. That didn't matter too much though.

My Talk

For me, 2018 has been the year of the Web Application Firewall (WAF) and it's this talk that has been submitted to every BSides event. In 2019 I'll be talking about something else (assuming cons will have me!), but it's been important to me to get this piece of research and development out into the World, get it understood and challenged.

Here's my talk:

I do apologise for the occasional gaps in audio; that's down to me clumsily and accidentally covering the mic. I do apologise for the accent; I was born in Scotland, raised in Yorkshire and now live in Manchester. I do apologise if the content doesn't interest you much; but if you operate web applications it should.

It was a fantastic experience. A little like the Sex Pistols gig in June 1976 at the Lesser Free Trade Hall (Manchester), the audience was critical. I mentioned the vetting process of the chapter leads, well that was Sharka and Tim. Now friends.

Many there were friends. Some were people I know only via Twitter, but I've spent some time with helping them along in their strides into our community. And then one or two were people that have or will give me helping hand.

Namely Scott Helme and Mark Turner. Listen towards the end of the video and you'll hear Scott ask me a selection of questions about our technological approach and then at the very end, you might hear Mark confirm my acceptance to speak at BSides Manchester.

I found it hard to respond with words at that point. BSides Manchester was where it all began for me (as previously mentioned many times!), so to get the gig was enormously emotional.

P.S. At BSides Manchester last year at roughly 11AM, I received a call from my Son telling me he bossed his A-Levels, so as to get a place on an Astro-Physics course at University. I cried.

When I got the Bsides Manchester shout for this year, I cried. But I made sure I was at home first.

I'll post about my talk and the event next month.

Thanks for reading.