BSides Lancashire Programme

About BSides 2023

The event will be focused on valuable technical research, inclusion, diversity, and career progression. There will be insights from various disciplines and roles within the industry and will cater to anyone from the more seasoned professionals, to anyone with an initial interest in cyber.

Our BSides Lancashire event is proud to be partnered with Lancaster University and will be held in the prestigious Margaret Fell Hall on the Lancaster University Campus, with career workshops and dropins with industry leading experts.

Why Lancashire?

Lancashire has a strong and established security community and an ever-growing complement of businesses and consultancies working in the security space.

The North West Cyber Corridor is well-established, so now is the time to bring BSides back to the North West.

2019

Last North West BSides

350

Target Attendance

£5bn National Cyber Force

GCHQ

Based in Manchester

Why Lancaster University?

Lancaster University has been recognised as an Academic Centre of Excellence in Cyber Security Education (ACE-CSE) and in Cyber Security Research (ACE-CSR) by the UK's National Cyber Security Centre. It is one of only seven in the UK with both recognitions and the only one in the North West.

Over the next five years, the University will grow the diversity of talent entering into cyber security careers, through the new Cyber Security Executive MBA programme, a new BSc/MSci degrees in Cyber Security and our already existing NCSC-certified MSc in Cyber Security.

Our Venue

On

March 30th, 2023 the first-ever BSides

Lancashire will take place at the Margaret Fell Lecture Theatre, Lancaster University. The venue has a capacity of up to 350 people.

Scan the QR Code to explore the Lancaster University campus. The venue is automatically highlighted for you!

09:50 Keynote from Holly-Grace Williams

Our Morning Schedule

10:10 Ric Derbyshire

"On the State of OT Cyber Attacks and Traversing Level

3.5, the Artist Formerly Known as Airgap"

10:40 Ken Munro & Holly-Grace Williams to discuss hands on hacking workshops (10 mins each)

10:10 James Bore

An Introduction to Information Theory for Information Security

10:30 Gerald Benischke

Precision Munitions for Denial of Service

10:50 Dan Conn Removing Damn Vulnerable Code

10:10 Dr Andrea Cullen & Lorna Armitage

No More Smoke & Mirrors

Advice Desk - CV Review with Capslock

11:00 Break

11:30 Special Guest

12:00 Nick Prescot Cyber in Asymmetric Warfare

12:00

Glenn Pegden

Vulnerability Management? Completed it, Mate!

12:20 Akolade "Kay" Adelaja

Shifting Left By Building Up Security Champions

12:40 Randeep Gill

Fantastic Attack Types and How to Find Them

Technical Careers AMA (Ask me Anything) Panel

Hands on Hacking Workshop with Holly-Grace Williams

12:30

Leum Dunn AI AIEEEEEE!

Careers Advice & AMA with Chris Roberts

14:30 Special Guest

15:00 Dan Oates-Lee Domain Takeovers for Fun and Profit

Our Afternoon Schedule

15:30 Dan Cannon

A Penetration Tester Had a Job AI AI - OH :-(

16:00 Break

15:00 Sean Wright AppSec on a Shoe String

15:20 Robert Jepson The Infosec Practitioner's Guide to AI in 2023

15:40 James Mason From Salesperson to Social Engineer

Advice Desk with the Recruiters -

Rosie Anderson & Natasha Harley

Hands on Hacking with Ken Munro - Try to land an A320 with tampered electronic flight bag data

Management Careers AMA Panel

16:30 Key Note - Chris Roberts

17:00

Panel Discussion - Synopsis of the Day with Ryan Brady of BAE, Nick

Prescott of Nettitude & Dr Andrea Cullen of Capslock

17:45 Close / Awards

INNOVATION VILLAGE MORNING SCHEDULE

10:10-10:25

James Bore An Introduction To Information Theory For Information Security

10:30-10:45

Gerald Benishcke Precision Munitions For Denial Of Service.

10:50-11:05

Dan Conn Removing Damn Vulnerable Code

12:00-12:15

Nick Prescot

Cyber In Asymmetric Warfare

12:20-12:35

Akolade "Kay" Adelaja Shifting Left By Building Up Security Champions

12:40-12:55

Randeep Gill Fantastic Attack Types And How To Find Them

15:00-15:15

INNOVATION VILLAGE AFTERNOON SCHEDULE

AppSec On A Shoe

String

15:20-15:35

15:40-15:55

The Infosec Practitioner's Guide To AI In 2023

CAREER VILLAGE MORNING

Comeandtalkcareerswith

10:10-10:40

10:40-11:00

Advice Desk - CV

Armitage No More Smoke & Mirrors

Review With Capslock

12:00-12:30 Technical

Careers AMA

Career Advice & AMA With Chris Roberts

12:30-13:00

CAREER VILLAGE AFTERNOON

Comeandtalkcareerswith

15:00-15:30

15:30-16:00

Discussion

HANDS ON HACKING LAB

12:00 - 1:15pm

Hands on Hacking Lab with Holly-Grace Williams 50 spaces available

15:00 - 16:30

Hands-on Hacking with Ken

Munro - Try to land an A320 with tampered electronic flight bag data

MainStageTalkSynopsis&Bios

9:50 am Keynote

Holly-Grace Williams

@HollyGraceful

Holly Grace has sixteen years of experience working within cybersecurity, with a focus on penetration testing and cybersecurity consultancy. Holly Grace has been a CREST Certified Application Tester since 2015 and has professional software development experience in Python and Rust, including taking software products to market. She has strong experience in building and securing cloud environments, with a focus on AWS and Azure. She has performed a significant number of penetration testing engagements for a wide range of companies from innovative start-ups to multinational corporations, in fields ranging from e-commerce to banking.

Ric Derbyshire

Ric is a Senior Security Researcher at Orange Cyberdefense and an Honorary Researcher at Lancaster University, where he obtained his PhD in computer science. His research involves both offensive and defensive elements of cyber security with a focus on offensive techniques, risk assessment, and operational technology. He has disseminated his research in the form of talks at internationally recognised academic and industry conferences, as well as articles in high-impact academic journals. Outside of research, Ric has over 10 years' experience consulting and penetration testing in both enterprise IT and operational technology environments.

Over the past decade we have seen a growing awareness of cyber security within an operational technology (OT) setting. OT is used to control and monitor an industrial process by sensing and changing the physical environment. OT tends to be fragile in the face of change or unexpected variables due the open nature required of such real-time environments. This, as you may imagine, poses some remarkably interesting security challenges.

When it comes to high-precision, complex cyber-attacks against OT, few come close to the infamous Stuxnet. Despite its complexity and infamy, Stuxnet wasn’t the first cyber-attack to target OT and it certainly wasn’t the last. However, 12 years on, and despite the much-anticipated “cyber war” waged by Russia against Ukraine, we aren’t seeing a significant volume of attacks deliberately targeting OT, especially in proportion to the number of ‘traditional’ IT attacks on organisations that use it.

While we may not currently be inundated with high-precision, complex attacks against OT, such environments present a rich platform for creative, yet devastating impacts that will be alluring to a wide range of adversary motivations. Moreover, experience, educational content, and tools continue to evolve, steadily reducing barriers to entry for conducting such attacks. All of this culminates in OT cyber security being an area to watch carefully. It can no longer be dismissed as an obscure capability accessible only to state-sponsored actors. Afterall, not too long ago IT cyber security was also an obscure discipline only accessible to those with the requisite knowledge.

This talk introduces the IT/OT attack imbalance and then explores it by discussing the anatomy and typical security controls seen in an OT environment, before suggesting some reasons as to why we may not be seeing such attacks yet, and finally speculating on why and how OT may become more commonly targeted.

11:30am Special Guest

Talk synopsis

One of our Co-Founders, Sean Atkinson, has the honour of interviewing one of the most experienced cybersecurity professionals in the industry. With careers spanning over 40 years between them, in various roles within the Private and Public Sectors, this session is one for everyone. Whether you are new to the industry, or seasoned pros to visionaries, you will learn something of interest.

We will explore the past, the present, and the future of the UK cyber community and where we need to focus our efforts.

Q&A will be available, so make sure to get them in through https://app.sli.do/event/fitBUG9ADm3GtgXPUVHn4R/live/questions

Glenn Pegden

Glenn has almost a decade of Vulnerability Management experience but rarely talks publicly about it because he thinks the only thing duller in InfoSec is GRC. He is however a regular speaker at private and vendor events on the subject after a Vuln Management Tool vendor disclosed he was one of only a handful of enterprise customers with single digit vuln numbers. He also co-organises both the monthly DC151 meets in Leeds and the upcoming BSides Leeds 2023.

The uninitiated will tell you patching is easy, many of those who have tried to do it at Enterprise Scale will tell you it’s impossible. Well in one 30 min blast, I’ll try to condense as much insight and advice as possible from 6 years of going from the common huge-number spreadsheet hell to having vulnerability remediation so embedded as a BAU process that we commonly hit zero out of SLA vulnerabilities.

There are no blinky boxes, fancy tools, or third-party services covered, this talk is about changing approaches so you are seen as a facilitator, not a blocker, changing the language to win hearts and minds, and changing expectations so success isn’t defined simply by “we patched all the things”.

I’ll simultaneously be telling you Risk Driven Remediation Prioritisation is the future, and the common “patch all the CVSS 7+s” and whack-a-mole “make big numbers small” approaches don’t work at scale and should be consigned to history.

Vulnerability Management will never be cool and sexy, but this talk may be the one that makes you realize that achieving what many security influencers class as impossible, isn’t that hard if you approach it right.

Leum Dunn

Medium sized fat bloke with a piratey beard - works in infosec

- likes old vans - listens to jazz

noir and gothic rock - plays bass guitar (badly).

@_DaddytheBaddie

AI AIEEEEEE! A look at the current controversies around conversational and artistic AIs and why we in InfoSec should care. Are they the magic bullet to getting work done quickly? Or the next URL on your firewall's blocklist? How might the bad guy use them? And what can we do about it? This is a nontechnical tech talk for anyone who wants to know more about the current capabilities of the publicly available 'free to use' AI products and how they may disrupt our industry. There's no easy answers here, just lots to think about.

Daniel Oates Lee

Daniel Oates-Lee is one of the co-founders of Punk Security, an innovative security company delivering managed DevSecOps. He has over 24 years of commercial IT experience, with 17 years focused on cyber security.

Daniel has worked with some of the largest global financial companies, UK government, and the British military department on various projects ranging from security policy writing to technical implementations, red teaming, and pen-testing.

He has focused on DevSecOps and automating security testing over the last four years. In his spare time, he volunteers to help run and deliver talks at cyber security conferences, whilst also carrying out his own personal research.

@PunkSecurity

In this talk, we will explore what subdomain takeovers are and how DevOps can increase the likelihood of exposure. A subdomain takeover attack is DNS vulnerability in which an attacker can seize control of the target for somebody else's domain records, such as GitHub Pages or Azure, and then point the subdomain to a server controlled by the attacker.

We will then look at what an attacker can do with the subdomain takeover; Once the attacker has control of the subdomain, they can use it to host malicious content, redirect traffic to other sites, steal loosely scoped cookies, or launch phishing attacks against users of the affected domain.

We will cover how to defend against subdomain takeovers and how difficult it is to detect and prevent.

We will also be demoing an open-source tool we have created to see potential subdomain takeovers, and how to integrate it into DevOps pipelines.

Discussing how far AI has come and how it can be used in the future. Unique live demonstrations will use audience interaction to determine how AI can be used to create and develop a never-before seen tool to achieve a goal. With audience participation, we will explore how AI can be used to increase the capability of penetration testers, and how a mastery of the core cyber security fundamentals will become more important than ever.

An enthusiastic and determined individual, Dan has spent over a decade working in the cyber security industry. Dan has been a pentester, a consultant, the head of a pen-testing team of 30, a global head of technical assurance, a trainer, and much more.

Throughout his career, he has always been keen to share knowledge and teach tradecraft to those working their way up and finding their niche. As a professional with extensive practical experience, Dan knows what skills are required to be successful in this industry.

When not delivering security consultancy services or training, Dan enjoys focussing on community outreach programs that teach students the skills needed to join the industry as well as working with military veterans transitioning into a civilian career in cyber security.

personic and works as an advisor for several entities and organizations around the globe. His most recent projects are focused within the aerospace, deception, identity, cryptography, Artificial Intelligence, and services sectors. Over the years, he's founded or worked with several folks specializing in OSINT/SIGINT/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration, and communication word across the industry. (Likely while coding his EEG-driven digital clone that’s monitoring his tea and biscuit consumption!)

Since the late 90s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack. Prior to that, he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. (Before that, he managed to get various computers confiscated by several European entities.)

He’s considered one of the world’s foremost experts on counter-threat intelligence and vulnerability research within the Information Security industry. He’s also gotten a name for himself in the transportation arena, basically, anything with wings, wheels, tracks, tyres, fins, props, or paddles has been the target of research for the last 15 years. (To interesting effect.)

Chris has led or been involved in information security assessments and engagements for the better part of 25 years and has a wealth of experience with regulations such as GLBA, GDPR, HIPAA, HITECH, FISMA, and NERC/FERC. He has also worked with government, state, and federal authorities on standards such as CMS, ISO, CMMC, and NIST.

Chris has been credentialed in many of the top IT and information security disciplines and as a CyberSecurity advocate and passionate industry voice, he is regularly featured in national newspapers, television news, industry publications and several documentaries. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever’s taken his fancy… (Cows and camels being two of the more bizarre things, we’ll ignore things in space for now.)

As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences. CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, and numerous others have covered him in the media.

And the worst case, to jog the memory, Chris was the researcher who gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control system.

InnovationVillageTalkSynopsis&Bios

ed in ard) and he likes arious been e's ing into

Nowadays he does various bits and pieces. These include running the family company Bores Group, making homebrew of questionable quality, speaking at conferences, and writing for various publications

@Coffee_Fueled

An Introduction to Information Theory for Information Security

Information theory is the mathematical study of, well, information. Underlying decision-making around encryption, signal processing (both analogue and digital), compression, and more, understanding the basic concepts of information theory can shine new light on the constraints and optimisations of information security and related fields.

We'll run through the basic concepts of information theory, what they mean when we're talking about information in a non-mathematical sense, and how Claude Shannon's study of mathematics has been foundational for everything from compression algorithms to detecting phishing emails.

Gerald Benischke has a software engineering career spanning 25 years in the public, financial and telecoms sectors. He is consulting with Equal Experts and currently is leading the AppSec programme at HMRC Digital, having previously been an architect and technical lead in the delivery of flagship HMRC programmes. He has previously worked with MoneySuperMarket, Barclays and MBNA as software architect, tech lead and senior developer. His primary interests are around middle-tier services, databases, security, automation and functional programming.

This AppSec-focussed talk demonstrates how denial of service attacks can be carried out without throwing lots and lots of traffic at a system and effectively stopping services. This uses a couple of vulnerabilities in the play framework as an example and describes the impact. This approach can be likened to using precisionguided missiles rather than the carpet bombing of DDoS attacks.

I will explore the role that convenience for developers in frameworks combined with unexpected payloads and how this can be exploited. I also draw on how the service mesh can amplify this attack such that multiple instances can be killed with a single request. Furthermore, we look at how Web Application Firewalls (WAFs) offers no protection against this type of attack.

Lastly, I will look at what can be done to protect applications against this type of attack.

Dan Conn

Dan Conn likes to sit in the point between cyber security and development and over the past 10 years has worked as a developer in small startups, large corporates and many in between, catering for clients both public and private sector from SME size to enterprise. He has also had a strong interest in cybersecurity for just as long culminating in a postgraduate certificate in Advanced Security and Digital Forensics.

Dan is now a Developer Advocate for Sonatype, where he has recently helped the Argo CD team with threat modelling their project.

When not coding, hacking, or talking about these things… you can find Dan running, skateboarding, DJing or making music!

Dan is a member of BCS, ACM and OWASP.

@danjconn

Some coding is just damn vulnerable! All languages suffer from it and Java is no exception. The Open Worldwide Application Security Project (OWASP) has been helping developers write secure code for nearly 20 years over a plethora of languages and initiatives such as the OWASP Top 10 which highlights the 10 most prevalent security issues found in web applications at that time.

The OWASP Damn Vulnerable Website is been a great tool to learn about vulnerabilities in general.While the OWASP Vulnerable App for Java is equally useful. This talk will introduce secure coding practices in relation to OWASP Top 10, using vulnerabilities found in the OWASP Vulnerable App as examples. Due to its extensibility, we will also show that the Vulnerable App can be used to practice newer threats much easier, improving developer application security education..

Nick leads the CISO as-a-service team at Nettitude. Over 10 years, he has worked all over the world advising some of the most well-known FTSE and NASDAQ insurers, banks, and retailers on their cyber strategies around risk exposure, data security, and contingency plans in the event of a cyber incident.

12:00 Talk Synopsis

@nickprescot

Due to the level of attacks which we are seeing from Lockbit and Conti ransomware, the cost of defence is now much higher than the cost of attack. In this presentation, Nick will call on his experience in the global CISO arena to look at where companies of all shapes and sizes are spending larger and larger amounts of money on the defences within their cyber domain, and missing out the basics. Should we spending our time educating users, or more on counter-cyber offensives to take down the groups before they can wreak havoc on more unsuspecting companies?..

I am a second-year university student studying Computer Science with Cyber-Security and I currently work as an Application Security Engineer at Matillion. I am passionate about application security and enjoy learning new skills and technologies to improve my knowledge and performance. I am also interested in football, reading and writing and follow my favorite club, Chelsea avidly. I love to read books from different genres and cultures, especially fantasy and history. I am currently writing on my own fictional story based on West-African mythologies, which i hope to publish someday

Shifting Left By Building Up Security Champions: Scale Your Security Team and Culture

Cybersecurity is a challenging field with a severe shortage of qualified and experienced professionals. How can we secure our systems with limited resources and time? A solution is to build a security champions program for our organization. A security champion is someone who is passionate about security and acts as an advocate, communicator, and point of contact for their team. They help their team adopt security best practices and raise awareness of security issues. In this talk, you will learn how to build an amazing security champions program that will scale your security team and culture. You will discover how to recruit, engage, teach, recognize, reward, communicate with, measure and improve your security champions. By the end of this talk, you will be able to create and run a successful security champions program that will make your organization more secure and resilient

p d as a cyber security professional for over 20 years. His experience spans from working in SOCs for global service providers to leading vendors. His key focus has been to help organisations understand their cyber security risks and thus provide a means to strengthen their security posture through thought leadership and best-of-breed products and technologies.

Everyone’s worried about the next cyber attack, the next zero day, or the next novel exploit they’ll have to frantically patch or mitigate through some kind of work around – and then hope for the best. But patches and mitigations take time, and when exploits are out there in the wild – how can you feel less vulnerable to unknown beasts roving the internet?

The truth is that most attacks have similar operational models, similar tactics, techniques, and procedures (TTPs), and use polymorphic wrappers in order to evade the common security protection tools. Although the indicators of compromise (IoCs) are new and novel, the TTPs are often the same. Whether it’s exploiting an old known vulnerability like NTLM authentication or a new one like Log4J, there are still methods of catching and caging fantastic attackers. Machine Learning looks at patterns –especially behaviour of credentials and assets – to see what is abnormal, and recognize it as an attack.

Experienced application security engineer with an origin as a software developer. Primarily focused on web-based application security with a special interest in TLS and supply chain related subjects. Experienced in providing technical leadership in relation to application security, as well as engaging with teams to improve the security of systems and applications that they develop and maintain. Passionate to be a part of the community and giving back to the community. Additionally, enjoy spending personal time performing personal security-related research.

With budgets being cut, especially within technology, finding a means to still have the appropriate tooling and automation in place is now more important as ever. In this this talk I will be briefly covering some of the many free to tools that you can use to help improve the application security within your organisation, all with the only cost being the servers or VMs that these services need to run on. Showing that you don’t have to throw loads of money, when there are loads of freely available tooling that still will do the job.

Rob Jepson

Rob Jepson is a cybersecurity expert with extensive experience in web development, penetration testing, security engineering, and research. After starting his career as a web developer, he shifted his focus to cybersecurity and worked as a pentester and security engineer before transitioning into his current role as a research lead at Claranet CyberSecurity. Rob is well known in the cybersecurity community for his contributions, including the creation of the Burp Plugin Log4Shell-Everywhere and his workshop on using AI to enhance security tooling at the 2023 London Bsides conference. His current work involves conducting research on web application bugs, writing exploits and finding novel attack paths. Rob's recent research has been focusing heavily on the future of the web, with particular emphasis on the intersection of cybersecurity and machine learning.

@303sec

It's 2023 and we're seeing a rapid change in the tech landscape. Previously garden-walled ML technologies are now hitting the broad consumer level - Large Language Models are indistinguishable from having a conversation with a real person, photorealistic stable diffusion, functional code generation, deep reinforcement learning used for automating complex tasks - the list goes on! With these advancements, there's a new security paradigm emerging that we need to stay on top of as an industry or risk being overwhelmed by the new capabilities of bad actors. This talk will give an overview of the current state of AI in infosec, highlighting applications, limitations, and risks. It will provide practical advice for both red and blue teams to assist with evaluating and integrating AI concepts into their security strategies - including looking into some new vulnerability classes, ethical considerations, and data privacy. Ideally, you'll come out of this talk equipped with all the introductory knowledge and tools you need to confidently begin to navigate the rapidly evolving world of AIand hopefully, you'll have plenty of ideas for how to start working with machine learning in the near future!

CareersVillageTalkSynopsis&Bios

Lorna Armitage

Lorna is a Co-Founder of CAPSLOCK, an award winning cyber bootcamp. With a background in consulting, training and education, she has worked in cyber for over 15 years advising to the public and private sector and working at both strategic and operational level. Lorna is a proud northerner who is passionate and outspoken about removing barriers to entry into the cyber sector. Oh and Lego...she loves Lego!

@CapslockCyber

We believe that everybody has the potential to start a career in the cyber industry, no matter their background. This session will help people to answer questions like: “Is cyber the right path for me?”, “How can I begin a career in cyber if I don't know much about it?”, “Do I need experience or qualifications?”, and many more. Our 'No More Smoke and Mirrors' talk offers practical advice and clear steps for anyone interested in a cyber career. We're demystifying industry jargon, showing how removing barriers to cyber will make the sector better and more diverse, and proving that anyone with an inquisitive mind and transferable skills has the potential to work in cyber security.

Andrea has worked in cyber for almost 20 years in a number of roles, the most recent of which is as a Co-founder of CAPSLOCK, an award-winning cyber bootcamp. She previously worked as a senior academic; co-authoring and delivering a GCHQ-certified Masters cyber security degree and publishing extensively in the area of computer science and cyber security. She has also spent time in industry working as a cyber consultant to public and private sector organisations. She was recently granted full membership to the Chartered Institute of Information Security and is passionate about helping the cyber industry become a more diverse place to learn and work.

@CapslockCyber

We believe that everybody has the potential to start a career in the cyber industry, no matter their background. This session will help people to answer questions like: “Is cyber the right path for me?”, “How can I begin a career in cyber if I don't know much about it?”, “Do I need experience or qualifications?”, and many more. Our 'No More Smoke and Mirrors' talk offers practical advice and clear steps for anyone interested in a cyber career. We're demystifying industry jargon, showing how removing barriers to cyber will make the sector better and more diverse, and proving that anyone with an inquisitive mind and transferable skills has the potential to work in cyber security.

The afterparty will be provided by the legendary Cyber House Party. We will kick off the event with Hack the Week and Cyber Room 404 with Stuart Coulson

Followed by the legendary Ian Murphy with a stand up set to warm everyone up for our DJs

This will provide each delegate, the sponsors and the conference organizers the opportunity to celebrate together and conclude proceedings with a big….. big bang!

The Cyber House Party is run by Industry Professionals, for Industry Professionals, all in the comfort of relaxed, informal surroundings whilst raising money for our chosen charities –Papyrus. The Trussell Trust, TechVets, NSPCC, and Young Minds.

Our DJs will include

BSides Lancashire and Cyber House Party are committed to diversity, inclusivity and entry to this great industry. But it doesn't stop there.

We have a special place in our hearts for these amazing charities, helping people from all walks of life and circumstances.

The unbelievable work they do for our very own and other people in need of help can be found in the below links:

NSPCC: Tech Vets: Papyrus: YoungMinds: Trussell Trust:

www.nspcc.org.uk

www.techvets.co

www.papyrus-uk.org

www.youngminds.org.uk

www.trusselltrust.org

Any funds left over from sponsorship investment will be donated to these designated charities.

CODE OF CONDUCT

BSides Lancashire supports inclusion, collaboration, and diversity, especially the diversity of thought and opinion.

As an organization that cares about everyone that attends this event, we will not tolerate any form of harassment, and we expect a level of respect for all attendees, sponsors or speakers at this event.

We support the Respect in Security pledge.