Back to Blog View Archive →

BSidesSF 2025

28 April 2025

Background

This past weekend, I went to BSidesSF 2025 in San Francisco. The conference was held at City View at Metreon, right in downtown SF, overlooking Yerba Buena Park. It's one of the largest community-driven security conferences in the area, and it brings a great mix of professionals, students, researchers, and hackers together.

me at bsides

Me at BSidesSF 2025

Tickets

I scored my ticket using the student discount, 50% off, through my .edu email. Definitely worth it for how much access you get to talks, workshops, villages, and the whole vibe.

Travel

The trip started by driving from Merced to San Francisco Friday afternoon. I had two passengers, one dropped off in San Jose and another in the Mission District in SF. After handling drop-offs, I headed toward the University of San Francisco (USF) where I was staying.

Lodging

Hotels were way too expensive, so my friend at USF let me crash at his apartment for two nights. It worked out great and it was only a 15-minute drive to the venue. We caught up over dinner at the USF dining hall. I stuck with chicken, rice, and veggies to stay on track with protein goals. Their dining system is different, you get your food first and pay after. Parking in downtown was brutal, I ended up paying about $80 total for two days at the garage because street parking is nonexistent.

usf apartment view

Gorgeous view at night from my friend's apartment

SF Safety

San Francisco is beautiful but it does have rough areas. You see homelessness and drug use in some pockets. During the day it’s generally fine if you're smart and stay aware.

Vibe

The dress code was super casual with hoodies, jeans, backpacks, and hacker T-shirts everywhere. It felt natural and welcoming. Definitely not a corporate environment, which made it easy to meet people.

Coat Check

BSides offered a coat check area for backpacks, jackets, or even small luggage. It was super useful, they gave you a ticket to pick up your stuff later. Nearby, there was a table full of free gear such as: stickers, tote bags, network equipment like cables and a random UPS (minus the battery). I grabbed one thinking I’d reverse engineer it later... but forgot it at the venue when I left. Oh well, maybe next time.

Villages

  • Adversary: simulation story-game focused on mimicking real-world attacker behavior.
  • Lock Picking: learned about the different techniques of how to pick locks and managed to pick all locks ranging from 1 pin to 6 pins.
  • Embedded Systems: hands-on guided labs on topics such as web vulnerabilities, firmware hacking, etc.
  • Hardware Challenge: hack a computer to gain access to a txt file with a secret code from another computer.
  • Crypto & Privacy: booklet filled with challenges and puzzles.
  • Career: gained useful insights on the cybersecurity landscape from professionals in the field.
hardware challenge village

Photo taken of the hacking challenge done at the Hardware Challenge Village

Booths

Big companies like Anthropic, Datadog, Wiz, and Code Red Partners had booths. A lot of AI discussions going on. I wasn't seriously job hunting, but it was useful to chat with reps about industry trends. I ended up exchanging LinkedIns with someone from Anthropic and we’re planning a coffee chat soon to talk career paths.

CTF

There was a Capture the Flag (CTF) competition running throughout the conference. I didn’t dive too deep into it, mostly jumped in during the Saturday night party. Managed to solve a pwn challenge with my group. Shoutout to my colleague also from UC Merced who crushed it, won 1st place, and took home $1,500 in Amazon gift cards. Insane.

Key Insights Gained From The Talks

  • Secure Defaults: You have to know the platform (cloud providers, GitHub) deeply to set secure defaults properly. Security by default is the future.
  • GitHub and Cloud Hygiene: Master your GitHub setups, cloud configurations, because that's where vulnerabilities hide.
  • Strategic Threat Detection: Not everything needs monitoring, focus detection efforts on assets that matter most.
  • Entry-Level Roles: Customer support and security support roles are great entry points into the industry. They often transition directly to security engineering.
  • AI and AppSec: Relying too much on AI-generated code without human review leads to vulnerabilities. Understand what the AI is producing.
  • Simulation Environments: Talks on gamifying DDoS and incident response training were really engaging; fun and practical ways to simulate security crises.
incident response talk

Photo taken at the Incident Response Talk gamifying a data breach

Catering

Breakfast and lunch were provided both days. It was buffet-style with plenty of meat and vegetarian options. I usually ate outside to catch the view of the city while recharging.

Saturday Night Party

Saturday night wrapped up with a happy hour and big party. You got two drink vouchers at the bar (I handed mine off since I don’t drink). There were three full buffets, meats and soup, breads and sides, and desserts. Good food, lots of dietary options, and a dragon-themed LARPing show to top it off. It was a fun way to close out the first full day.

larp show

Medieval-themed LARP show at the Saturday Night Party

Advice

  • Know your goal; networking, learning, job hunting?
  • Plan who you want to meet or what you want to see.
  • Get comfortable talking to strangers, everyone’s there to connect. If you don't know what to say, something along the lines of "What's something cool have you worked on recently?" is a great way to strike up a conversation with anyone.
  • Pace yourself, it's a marathon, not a sprint.
bsides group

Group photo taken after eating dinner in Downtown SF

Final Thoughts

This was an amazing weekend alhamdullilah. I learned a ton, made meaningful connections, and caught up with an old friend at USF. I came out of it more motivated to keep pushing into cybersecurity and more confident that this is where I want to be.

bsides closing ceremony

See you next time BSidesSF!