So I haven't been to a security conference since 2019. I kinda moved into the cloud/devops space once I realized that I'm not a dedicated security practitioner. Let's take a detour to explain Keheira's version of vocab. Security practitioner, someone that is actively working in cyber, securing systems, and has a field of expertise. Security bystander, someone that passively consumes security information, can build helpful tooling, but ultimately won't have a field of expertise. I'm a security bystander but anyway back to the point. I really had fun at the conference. Per usual I left a little early after not being able to get into the super popular "Setting up a homelab" talk. I was socially tapped, but I got a lot of cool things out of them. I'm just going to TLDR a few things I learned. ## Protecting kids There was a talk on the best way to protect your kids by locking down 3 popular apps, Minecraft, Roblox, and Discord. I don't know much about Roblox but this was a crazy talk. I do actually care about kids and their safety. Once I got into mobile security I became quite the annoying older sibling, but gotta let the kids grow (with boundaries). Anyway what you should get from this is that you can't just stop at looking at your kids settings. Do they have other accounts? Are they clicking on random links? Are they talking to randoms? Are they comfortable with you or another adult to say something when things feel off? All things to think about as technology advances, kids making money earlier online, ect. ## Non-Human Identities This talk kinda blew my mind. Lots of things here from the amount of secrets published on github by accident causing a leak to the need for us to update from using bearer tokens. I really don't know how to tldr this topic because it was just a water hose of good things. I guess I can leave with this question...do you know how you are tracking your non human identities? Do you make sure things are rotated? Are you 100% you haven't committed those secrets to github or gitlab? All valid things to think about. ## Low Code/No Code Security So not trying uninterested about this talk I was just there for the n8n demo. Then they were talking n8n injection and that's all I can think about now. How can I...others...exploit these workflows? Why are people so trusting of them? what is the verification check really like? All questions I'd like to find out. I have been working on deploying n8n servers for awhile (sorry I get distracted with kubernetes) and this felt like the sign I needed to push forward. P.S. Before we leave here I want to say that using docker as a way to protect the host OS kinda seem a bit meh to me. With something like this I'd expect something I can install directly on a host and fully utilize the resources. ## Crash Course To AI The whole purpose of this talk was to just be a pure fire hose of information. I like that type of thing because that's how I keep up with tech. This talk was very validating to me. It was seemingly explaining the "under the hood" of AI. Back in grad school (s/o to nyu for something) I took intro to ML. A lot of the definitions and such weren't hard for me to grasp because I heard them before. When it comes to learning how to integrate AI the general consensus is to get your hands on as much material as possible in any format. We are all in this for a ride as we throw things at the wall and fix things as we go. ## GenAI with Docker Ok so I'm not going to lie. I still don't know if I know the difference of GenAI. The words made sense but I'm not sure the connection was made. Anyway the demo was super cool. From my understanding the speaker used AI to build out a container to run some tooling for them. I can relate to the path of telling whatever AI that something is missing until it's like "you right". The key takeaway I had here is being QA to AI to build out tooling faster. --- Like I said all in all this was a fun conference for me to be at as I tech is in a very exciting period right now. I got a few more conference this year to attend and hopefully I can keep these going.