On this week’s episode of Security Nation, we had the pleasure of speaking with John Strand, CEO of BlackHills Information Security, a company that specializes in penetration testing, red teaming, and threat hunting. In this interview, we discuss how his team works remotely, how they created a virtual event in just three days amid the COVID-19 pandemic and now teach others to do the same, and his predictions on the future of events.

Here is our recap of the podcast:

Working from home as the norm

Since the beginning, almost all of the company’s work and workforce has been remote. During John’s tenure working for other organizations, he and his team were required to do onsite penetration testing. As his trips wore on, John realized he didn’t do his best work when he traveled and began to dislike onsite pen testing. When he started BlackHills Information Security (BHIS), they intentionally made it so they did not have to travel to effectively do pen testing. All of their employees were fully on board, enjoying the fact that they could stay home with their family, avoid traveling on airplanes, and so on. Today, this has become the norm for everyone.

Shifting their in-person conferences to virtual

BHIS runs two conferences: Wild West Hacking Fest in San Diego and a hacking fest in Deadwood, South Dakota, where the company is located. Earlier this year, John was flying home from RSA and BSides San Diego at the time the news of COVID-19 began to pick up in the U.S. He decided to move their upcoming in-person conference virtual … in just three days.

They managed to pull it off without a hitch, presenters, trainings, and all. They created lobby cons using Discord (which is like Slack), where there were different rooms for each track talk, breakout rooms, and a general lobby where people could talk about whatever they wanted (and even share pictures of their cats).

It wasn’t just sheer luck that helped BHIS pull this off, though. They’ve had a solid track record of running virtual events at scale for a while now. The company hosts free training webcasts that get between 1,500 to 2,000 people registered and 1,000 to 1,500 on live. They also put on free training about things like network threat hunting using open source free tools that can attract upwards of 6,500 people. So, to pull off their virtual event was really an extension of projects they had been pulling off for years, just with a new twist.

As news of COVID-19 developed and more and more event organizers came to the realization their in-person events weren’t going to happen this year, BHIS started helping many of them bring their conferences virtual, too. So far, they’ve helped Derp Con out of Denver go virtual and a BSides from Florida and Canada, too. John admits it’s not an easy task to bring an event virtual, but in the end it’s a great feeling. If you’d like to talk to the BHIS team about creating a virtual event, visit blackhillsinfosec.com and contact them.

Lessons learned creating a virtual conference

While by and large the conference went off smoothly, John said there were a few things they could do better next time. The first was changing the layout of some of the Discord channels. The second was in relation to the vendor experience.

Vendors are the lifeblood of conferences, but many event organizers don’t think of them that way. This is why many vendors aren’t treated well at conferences, but the reality is most of the event revenue is generated by vendor sponsorships. They’re the fuel that drives a lot of conferences, and having a mix of products at the show makes for a better overall experience. On top of that, the fact that vendors are there shows they’re in support of the event, and as an event organizer, it’s your responsibility to thank them for that support. Doing this virtually, though, is challenging, and something John and his team are working to optimize in the future.

Will we ever go back to events as we knew them?

John feels hopeful that we can get back to doing events as normal. Events are a huge part of our industry, and most other industries. He hopes they will continue to be available for the younger and newer generation in security to give them the experiences we’ve had thus far. In the small chance that this shift becomes somewhat permanent, we are set up to do them virtual as we have been these last few months, but there is something very fundamental to the human experience of getting together in the same place that simply cannot be replicated.

The silver lining for security

Whenever you talk about a fundamental shift in technology or the way things are done, the security industry booms. We’re in the midst of a massive shift that is still being defined as we speak, but we know from past experience and current circumstances that security will be on the forefront of it. That said, John believes people who work in security have great job stability right now. And as things continue to evolve and new flavors of technologies come on the market, they’re going to need security more than ever before. And as if the security industry wasn’t already understaffed before this began, there has never been a bigger need or time for security professionals.

Listen to the full interview

We’d like to thank John for sharing his story. To hear John’s interview in full, be sure to check out our latest episode of Security Nation, and if you like what you hear, please subscribe!