Dave Mattingly 8:46 am on June 6, 2020

Road Show

From time to time, I go from place to place.

You can keep up with me on my tour page.

Usually, this is in person, but lately a lot of it has been online.

Upcoming…

Today (Saturday), I’ll be speaking at the Layer 8 Conference about Impostor Syndrome. (Update: This has been recorded, the slides are here, and the video should be available in a couple of weeks.)

Monday 6/8/20, I’ll be speaking at the Open Security Conference about improv comedy and security. (Update: The slides and video are available.)

In two weeks, I’ll be preaching at the Origins Online game convention. (Update: The entire conference was canceled)

Dave Mattingly 11:04 am on March 4, 2020

Improv for Security

UPDATE: This has been canceled, and will be rescheduled.

I’ll post a followup once the new date is confirmed.

Register here

I’ll be teaching a workshop on how to use improv comedy techniques for security.

It’ll be Monday, March 16th from 7:00 – 9:00 pm. The workshop cost is $30 (payable online or at the door). I also accept haunted pirate doubloons and nonsequential unmarked bills in a paper bag.

Improv for Security

March 16 at 7:00pm

$30.00

OPEN Community Arts Center
2801 S Floyd St #100
Across the street from Cardinal Stadium
Park in the numbered lot (free) on the corner of Boxley and Floyd!

Register Here!

Improv Comedy as a Social Engineering / Phishing / People-Hacking Tool

See my interview on WHAS Great Day Live

Have you ever gotten an “urgent call about you car warranty” or a demand that “you need to pay the IRS by credit card right now”? Social Engineering is the practice of talking your way into or out of situations, and is often employed by the underhanded, but can also be used to defend against those very attacks.

The rules of improv comedy can apply to many social interactions, including bluffing your way to compromise a target. The constantly changing situations of improv are great practice for accepting unexpected circumstances, and happily going with the flow.

Dave Mattingly was a NASA rocket scientist while also a comedy and punk radio DJ. He led a sci-fi and RPG publishing company, while writing anti-terrorism software for DHS. He’s an itinerant preacher, entrepreneur, award-winning speaker, and occasional improv comic. In short, he doesn’t know what he wants to do when he grows up.

Dave Mattingly 12:59 pm on October 9, 2018

DerbyCon 2018

DerbyCon organizers are da bomb!

This past weekend was DerbyCon, Louisville’s infosec (information security) conference — “by hackers, for hackers.” The organizing team is all-volunteer, just bringing the community together for connections, education, and fun. Every year is more amazing than the year before.

Villages

This year, there was a brand new Mental Wellness Village, run by Amanda Berlin (@InfoSystir). Part of the time, it was a chill/relax/quiet room, with coloring books, crafts, yoga mats, and massages. And there was also several amazing talks and events there, like dealing with depression or impostor syndrome, and managing time and life. Everything I attended there was amazing. I hope to spend more time there next year.

I also spent about half my time in the Social Engineering Village, which is always a blast. Chris Hadnagy (@HumanHacker) of Social-Engineer.org (who has a brand new book!) hosts challenges and events like a capture the flag, trying to beat an FBI polygraph examiner, escaping handcuffs and crawling past a laser grid, and a panel discussion on ethics.

Patrick is about to escape handcuffs, pick a lock, and crawl through frickin’ lasers

Events

Apart from my two main hangouts (the mental and social villages), I did indeed go to a few presentations, and visited almost all the special events and villages, and competed again in Hack Your Derby.

The Hack Your Derby (@HackYourDerby) contest is an annual competition for creating something really cool and unusual with a hat. Last year, my entry was a derby that was covered in crime scene tape (yes, I keep crime scene tape in my truck; why don’t you?). This year, instead of an expensive professional derby, I used several of the cheap plastic derbies that the judges hand out to those who want them. My idea was to combine twelve hats into a giant die. It took me a few hours to use masking tape to put die-rolling numbers on the inside of the hats, staple them together in an inverted spherical shape, and rig up a chin-strap. But the idea actually worked! I wasn’t convinced it would all come together until I had the whole thing done.

The musical acts this year were Vanilla Ice and Offspring. Holy cow! At my age, though, staying up until 11:30 for an act to even start is beyond me.

My derby was a functioning d12 (12, 4, and 6 are visible)

I also loved attending CrossCon, the Sunday morning Bible study for Christian hackers at DerbyCon (and other cons).

Venue

This was our first year in the downtown Marriott instead of the Hyatt Regency. The new space did have more room, and we weren’t all squished together in the halls as we moved from session to session. On the downside, there wasn’t a single central gathering place like there was in the Hyatt. I heard a lot of complaints about rooms being cold, but I’m cold-natured anyway, so I always felt great.

Videos

You can see every video of DerbyCon on Iron Geek’s site.

I, for one, welcome our bobblehead overlords

The Hardware Village teaches soldering and other skills

Vanilla Ice and Offspring brought hackers onto the dance floor

I also loved attending CrossCon, the Sunday morning Bible study for Christian hackers at DerbyCon (and other cons).

Dave Mattingly 2:41 pm on September 26, 2017

Improv Comedy

At DerbyCon this year, I spoke about improv comedy. More specifically, how it applies to “social engineering” (talking your way out of trouble, or more maliciously tricking someone into giving up information that should be kept secret).

I didn’t even notice until posting the link here, but it amuses me that the video preview shows the demo slide that I often use, with the magic rabbit and the demolition reference.

DerbyCon

“Hackers” get a bad name in popular media, but at its core, a hacker is just someone who wants to know how something works. That could be a program, a gadget, a policy, or anything else. Sometimes that includes taking something apart or breaking it or looking for a loophole.

Several hackers founded the infosec (information security) conference known as DerbyCon in Louisville seven years ago. I’ve attended five or six (I forget), but this is the first time I’ve spoken there. The founders are all a great group of folks, and love giving back to the community and putting everyone at ease.

The conference has four main tracks — Red Team (offense), Blue Team (defense), Purple Team (bit o’ both), and 3-Way (miscellaneous topics) — plus Stable Talks (shorter sessions on a variety of topics). There are also several other areas and events, like a social engineering village, a car hacking village, a capture the flag contest, and more. It’s very popular — in fact the 2500(ish) tickets this year sold out in just 3 minutes! If I hadn’t been speaking there, I wouldn’t have been able to go.

Improv

My presentation was a Stable Talk, so I only had 25 minutes to speak. I wanted to leave time for some audience participation and exercises, so I sped through some things faster than I’d like, and there wasn’t as much detail as I’d have liked, but them’s the breaks.

Here are the salient points that I covered:

“Rules”
- Accept: Yes, and…
- Connect: Relate to your audience
- Respect: Support your partner
- Direct: Focus on action
- Project: Follow the fear
- Expect: Mistakes are gifts

Stay Creative
- Local Improv Groups
- 48-Hour Film Project, Startup Weekend, Hackathons
- Games (Who Would Win, Once Upon a Time)
- Toastmasters International, Pecha Kucha
- Learn, Travel, Meet – Engage!
- www.sharpen.design

References

Download

You can download the slides here.

in remembrance of Kemp

Dave Mattingly 2:56 pm on March 14, 2017

DerbyHacks

Students from the University of Louisville hosted DerbyHacks 2.0 on February 24-26, 2017 at the Institute for Product Realization complex, overlapping into the Engineering Garage, the Advanced Manufacturing Competency Center, and FirstBuild.

Hackathon

DerbyHacks isn’t the same kind of hackathon as the Open Data Day Public Safety Hackathon. This one is a three-day competition under the auspices of the Major League Hacking network.

I attended this hackathon as an observer/advisor, not as a competitor. I love the hackathon spirit and atmosphere; the innovation energy inspires me.

Over a hundred students from Kentucky colleges got together to create cool stuff. I’d guess that half the students were from UofL, where the event was held, but there were several from the University of Kentucky, from Berea College, and others.

Some of the teams created physical products, and others created digital ones.

Resources

There were several sponsors, presentations, mentors, tools and parts, and so so much food.

Experts from the region came to offer tips and troubleshooting to the teams.

The city’s Chief Data Officer, Michael Schnuerle (right), talked with several teams about Louisville’s Open Data Portal, and the myriad of ways that it could be used.

Teams

The full list of 26 teams is here, with the winners at the top (look for the diagonal yellow “winner” stripes).

Knowing several astrophysicists, I was quite impressed with CenterScope, that automatically centers your telescope on a star you want, without you having to manually fiddle with the delicate calibration knobs.

It was cool to see Alexa used for Smart Chess by letting you speak your move, with a synchronized electromagnetic chess board would move the piece on your board and on your remote opponent’s board. Your opponent would then speak his move, and so on.

A bunch of my friends formed the LouTrail team to recommend local restaurants and attractions. They won a special award for best use of local data.

Silent City combined the input from (proposed) sonic detectors throughout the city to map the noise pollution, much like Air Louisville did for the air quality (cleverly syncing asthma inhalers with a smartphone gadget to “phone home” when it was used, to identify to parts of town that were hardest on the lungs).

New Home for Me combined data for crimes and a dozen other sets with real estate listings, to help home buyers find a place that really fits their needs.

Physical Threat Intelligence used facial recognition technology as a “key” to grant access (and potentially other tasks).

The Smart Dollhouse was lots of fun. The team wanted to work with “smart home” technology, but since they couldn’t bring an actual house with them, they brought a tiny one. They installed cameras, motion sensors, heat sensors, and app-controlled door locks. Since the dollhouse had an elevator, which was broken, they fixed it! And also tied that to a smart app. It won the award for most potential value / biggest market.

The big winner was SnapCal, led by my friend Ishwar Agarwal, an app that uses pictures of your food to determine the calories. It sounds simple, but took a lot of computer know-how to pull off, using Machine Learning to translate an image into a food, then displaying the nutritional information. Besides being technically challenging, I think it reflects the health and fitness focus of today’s youth.

The Future

Since Louisville’s Mayor Greg Fischer was an entrepreneur himself (behind the combined soft drink / ice dispenser), he loves coming to hackathons, especially ones that are student-led and student-competed. Our future is in good hacky hands.

Dave Mattingly 11:10 am on December 31, 2015

Life in the Clouds

Here is my year, presented in word cloud format from my three feeds.

There’s a lot of overlap, as you’d expect, but each platform presents its own slice of my life.

Blog

Twitter

Facebook

Dave Mattingly 12:31 pm on November 27, 2015

Events and Comradery

Many organizations have get-togethers in December. It’s a good chance to catch up with friends and colleagues, and find new connections.

If you’re in the Louisville area, here are some of the social gatherings that I’m quite likely to attend.

11/29 – Theater Alliance of Louisville
12/01 – Wake Up/Wind Down
12/03 – El Toro Party
12/03 – Health Enterprises Network Party
12/06 – Kentuckiana Authors Party
12/07 – Artworking
12/08 – Civic Data Alliance Party
12/10 – Louisville Geek Dinner
12/10 – Louisville SQL Party
12/16 – Louisville Digital Association Party

And here are some more focused events.

11/30 – Stem Cell panel discussion
12/01 – Healthcare Quality
12/02 – Software Engineering Code that Communicates
12/03 – Angel Investors Pitch Contest
12/03 – AIGA “The Show”
12/04 – Grow Your Nonprofit Board
12/10 – Retail Tech and Security
12/11 – International Christian Youth Night
12/15 – Shelby Campus Open House

And shopping/entertainment opportunities.

12/04 – Market of Mischief with Louis-Villainz
12/04 – Roast of Darth Vader
12/05 – Flea Off Market
12/12 – Nerdy Planet’s Book Fair
12/12 – Umpteenth Annual $20 Art Sale
12/20 – All-Day Board Game Meetup

You can keep up with all the events I’m part of or interested in on my calendar.

Dave Mattingly 2:44 pm on October 1, 2015

DerbyCon

Last weekend was DerbyCon, Louisville’s hacker conference. (There’s also the Louisville Metro InfoSec Conference, that takes place the day after, but it’s more aimed a little more at the business community / general public, instead of being a “by hackers, for hackers” thing like DerbyCon.)

As always, there were amazingly cool sessions and events. There were tracks for red team/black hat, blue team/white hat, tracks for hardware/physical, software/online, and social engineering/people hacking. There was an all-weekend Capture the Flag contest, a silent auction to raise money for charity, dances, parties, and more. Sponsors lined the hallways, and the traditional “lockpick village” was set up, so hackers could try their skill at getting past dozens of kinds of security devices.

It’s always great to see friends and colleagues, and to fanboy gush with all the speakers that I stalk. I mean, admire.

Sadly, I had a nasty cough for most of it, and wasn’t able to attend the full time each day, but I was there for as long as my body could handle.

On the software side of things, I learned about OSINT, RITA, and doxxing.
On the social side, I learned about pwning people, managing people, and reading people.
On the machinery side, I learned about our power grid, industrial machinery, and medical devices.

Personally, the most valuable session was about helping law enforcement catch criminals through online research, by @DennisKuntz. At my last job, I used databases to detect and prevent fraud. Right after 9/11, I worked for Homeland Security’s bioterrorism division. It’s cool to use tech to stop the bad guys.

As a nice surprise, I attended the Believer’s Breakfast and met many fellow Christians who are hackers of various sorts, and learned about #CrossCon, the Sunday morning Bible study at DerbyCon.

DerbyCon