"Birds of a Feather" sessions are "informal meetings at conferences, where the attendees group together based on a shared interest and carry out discussions without any pre-planned agenda." (Thanks, Wikipedia). The first two ShmooCon events had a complete track, "BoF It," devoted to such sessions.
Right after ShmooCon 14 (January 2018), Nicole Schwartz (@amazonv) suggested:
Idea to flesh out later, does it already exist? Mini intro
beginner (0 experience) wctf, fox and hound, crypto challenge,
etc. Non prize, limited duration. Talk goes over answers in
detail before con ends. Valuable?
David Schuetz (@DarthNull) loved this idea, and a short burst of Twitter conversations rapidly ensued (well, actually, it might have been the next day). He then set up this repository and a slack channel #intro-bof-it on the HackerSummerCon slack (hackercon.slack.com).
David called it "intro-bof-it" because his first thought was that this would be great to put back into the BOF IT room at ShmooCon, and because the goal was short, introductory level instruction, more than longer, advanced, formal training classes. This name may not survive, but it works for now.
Information Security Conferences are packed with talks of all levels, to describe, reveal, and promote various technologies and techniques. They also frequently host contests of all shapes and sizes, where attendees can put the knowledge from talks to practical use. What's often missing, however, is a bridge between talks and contests, a way for people who are intrigued by the concepts but have no experience actually putting them into practice.
While most contests are open and inviting to first-time-players, the very nature of the competition (often for tickets to the next year's conference) makes getting help from peers difficult, and the level of intensity (and experience) exhibited by many of the individuals and teams may be itself intimidating. The result of this is that it can be difficult for interested attendees to "break into" the contests, which keeps them from learning and having fun. Which, of course, is the whole point of the contests in the first place.
The goal of this project is to develop and maintain short classes, mostly at an introductory-level, which can be presented at conferences or local hacker or maker meetups. These are not meant to be formal, all-day training sessions, but short workshops that may take place over an hour or two. Keeping them short makes them more accessible, and allows casually interested attendees to drop in without having to miss more than one or two mainline talks.
Ideally, such workshops could be offered a few times over a weekend conference, to further increase the opportunities for people to join in. Even better, instructors could have additional "non-instruction" time after each session to work with students, answer questions, and help them to better understand (or even master) the content.
Once developed, these workshops could live here (or in another public archive), and be used by anyone who has the skills and confidence to present them to attendees. They could be run on-the-fly in, say, a chill-out room, or formally scheduled through the con with dedicated times and space.
We are not trying to develop:
* Formal "talks" that'd be part of the main conference program.
* Half-day or full-day formal training programs
* Additional contests (though random giveaways could be fun)
These should be short, easy, fun sessions to help bring attendees from "huh, that looks interesting" to "I actually tried it out and it was fun, where do I go to learn more?!?"
Initially, the conversation focused on some of the more common contests; Frequent subjects at information security conferences -- things like:
* Cryptography (classical crypto, steganography, puzzles)
* Wireless CTF (Wi-Fi and Bluetooth, Fox & Hound)
* Traditional CTFs
But there's no reason to limit this to just contests. The format can be easily used for other topics:
* Ham Radio exam preparation
* Learning a disassembler / debugger
* Building services in a container
Or whatever else seems useful to each to others. The sky is the limit!
We're still trying to define, for want of a better description, "ground rules." Come talk with us on the Hacker Summer Camp slack, in the #intro-bof-it channel.
Our first line of business is to develop a basic outline for courses, and perhaps a process for reviewing and maintaining them.
Then we'll probably start letting people build things. We have to figure out a process for building stuff, how to handle situations where many contributors want to work on the same topic, how to handle adding the workshops to the repository (branching? pull requests?), and whether it's opened up as a fully free-form kind of thing, or if a few people act as gatekeepers for workshop developers and contributors. (Right now, that may defacto be just David and Nicole).