February CSides Security Meet

### Talk 1: How to implement and compromise physical-layer security

Physical-Layer Security (PLS, not to be confused with physical security) is about making clever use of noise on the electromagnetic channel to make the decoding of bits impossible for eavesdroppers but not for the legitimate receiver. In theory, this provides 100% secrecy: if bits can’t be captured, they can’t be leaked and decrypted. PLS is very hard to implement though. So, instead, encryption is now the default solution for securing data on the move. But with the rise of quantum computing and Software-Defined Networking (SDN) we need to revisit this problem. In this talk I will demonstrate that with SDN effective implementation of PLS has become feasible and can contribute to a quantum-proof multi-layer defence. I will also show how the difference between theory and practice leads to actual vulnerabilities in PLS.

#### Frank den Hartog

I am currently the Cisco Research Chair in Critical Infrastructure at the University of Canberra, focussing on safeguarding critical infrastructure from cyber threats and disruptions, and doing many fun projects with students in the fields of ZTNA, Private 5G/6G, Digital Twins, Programmable Networks, and PLS. Many of you may know me from an earlier stint at UNSW Canberra at ADFA though, where I taught cyber security into undergrad and postgrad programs, providing students with their first 150 hours of their 10,000 hours journey into becoming a cyber expert. And some of you know may even know me as a proficient singer of classical music. But don’t you worry, I won’t sing today.

### Talk 2: Why are we all such weirdos?

The hacker community is a bit... feral. Not in a bad way (like in the way that a cat that learned to open doors is feral). We taught ourselves things nobody asked us to learn, broke things nobody asked us to break, and then told everyone about it for free. For decades, this worked. More than worked, it built the internet, broke the internet, and then helped fix it (now it's broken again). This talk traces the arc of hacker culture from its roots in academic curiosity and people in basements through to the modern infosec industry, and asks a simple question: why does a community that routinely reverse-engineers million-dollar software for fun collectively lose its temper when someone suggests we might need a professional licensing body? The answer, it turns out, lives in anthropology, specifically, in my opinion, in Eric Raymond's observation that the hacker world operates as a gift culture. In a gift culture, status isn't derived from what you accumulate but from what you give away. Knowledge shared freely. Tools built and released. Vulnerabilities disclosed (eventually). The entire economy of respect in our world runs on contribution, not credential. Professionalisation — with its gatekeeping, its fees, its continuing professional development points, and its implicit message that you need permission to do this isn't just a bureaucratic inconvenience. It's a fundamental challenge to the value system the community was built on. It says: your worth comes from a piece of paper, not from what you've shipped, broken, or taught someone in a conference hallway at 2am. This talk is a well-meaning opinion piece that might make some of us in the industry understand why we are the way we are. Sounds spicy? hopefully will be just a laugh. Don't get on LinkedIn right now and start to @ me, listen to the talk first. After all it's free.

#### Remy Coll

Remy Coll is Director and Principal consultant at Redacted Information Security. He does boring things like IRAP assessments and system security governance, and exciting things like smashing together physical and online CTF challenges. Remy, along with his esteemed colleague Simon, started the current series of Black Bag competitions that have been running at BSides for the last three years, and other places in between. He often teaches and delivers online training, as well as gives less fun talks about like, security planning and strategy and stuff.

General Info:
CSides Monthly Security Meetups provide an opportunity to listen to and share security research within the Canberra region. The meeting occurs normally on the 2nd Friday of every month. Each meetup consists of 1-2 talks of around 30 mins each. Talks start at 6pm and are followed by some socialising at a local pub. New attendees are welcome, just come along! (There are no entry fees, and no tickets to book) The talks at CSides are technical. CSides welcomes new and interesting speakers to present - the topic will be on a technical or security issue. As a speaker you can be an expert, a student, someone learning a new area or maybe a regular speaker on the conference circuit, but we also love to have new and occasional speakers. Please contact one of the organisers below if you are interested in speaking. You are very welcome to propose running activites other than talks, such as hands-on workshops, an infosec quiz or something else relevant to our techie audience!