I'm on Hawaii Island for the Tropical AgTech conference at UH Hilo! It's my favorite town on Earth, and if you've got a favorite memory or place in East Hawaii, drop me a line! I'll try to keep up with my end-of-the-month marathon of articles, but they may be shorter than usual.

The C5 Forum that kicks off Wednesday at Fort Shafter is a brand new initiative aimed at bringing together a number of organizations and associations to discuss "Command, Control, Computers, Communications, and Cyberdefense." It's another update to "C2," which became "C4ISR," a term that suggests a strong military focus to the proceedings.

The agenda is a bit more broad than that, mixing in corporate cybersecurity and even academic research. But to someone who is still developing their knowledge in the space, it can seem intimidating.

Whether you're looking for a more practical exploration of security, or just happen to love tech conferences, next week's Loco Moco Security Conference could be what you're looking for.

Related Reading: New conference widens gateway to the cybersecurity industry

IRL FTW

This year's LocoMocoSec will be held on Oahu, after the inaugural event in 2018 on Hawaii Island and the second on Kauai in 2019. The 2020 event was held virtually.

"The first one was about five years ago, and this will be our fourth event," recalls co-founder and lead organizer Neil Matatall. "We did one virtual and then we decided not to do a second virtual one, so we took a year off."

Matatall, based in Kailua-Kona, is currently a software engineer for political organizing platform ActBlue, and previously worked for GitHub and Twitter. And while he's been working remotely for more than a decade, he wasn't a fan of the virtual format.

"We had a lot of really good speakers, but I think there was also a bit of virtual conference fatigue at the time because everyone was doing it," he tells me. "In the end, most people were just listening to the conference while they're doing their chores or other work, so no one was going to be participating or engaging."

Of course, returning to an in-person event this year wasn't a foregone conclusion, as COVID variants continued to emerge.

"We were discussing it in early January, thinking omicron was calming down, but also not knowing what the next variant is going to do," he says. "But we saw case numbers going down and with restrictions being lifted, there is a kind of pressure to get back into things, to do it in a way that's going to make everyone happy."

This year's LocoMocoSec conference is being held at the Waikiki Beach Marriott Resort & Spa.

Prioritizing product security

LocoMocoSec is pitched as a "product security" conference, and is oriented around efforts to keep a product or service secure throughout its lifespan: design, build, deploy, maintain and upgrade. And a product can be anything from an app to a gadget, from a website to a widget.

Product security is increasingly important, and increasingly difficult, as systems become more interconnected and expand from servers and terminals to mobile devices and the Internet of Things.

And product security is different from, but related to, cybersecurity, which is focused on defending the systems and technology used by an organization.

"The primary person we're looking to draw is the person who's working in that defensive role," Matatall says.

"One thing I found about that role is that it's actually one of the most welcoming roles to people who aren't in cybersecurity, because a lot of it comes down to just code," he continues. "You have a lot of people who make the transition from quote-unquote regular software engineer to an app security engineer or a product security engineer."

In fact, he says, computer science background helps, but it's not mandatory.

"None of my co workers have a computer science degree," Matatall notes. "One was an English major, and one was a finance major, so it definitely shows that you don't necessarily have to have the background to get into this."

Matatall stresses that anyone with an interest in security is welcome.

"We definitely try to cater to both the experienced audience as well as the early-on audience, and that's kind of reflected in some of the speakers," he says. They include:

• Patrick Thomas: Senior Security Partner at Netflix (the streaming media giant).

• Martin Georgiev: Product Security Engineering Manager at Uber (the ubiquitous rideshare app).

• Nishchala Tangirala: Security Engineer at Atlassian (behind Jira, Bitbucket, Trello, and Confluence).

• Dino Dai Zovi: Head of Security at Cash App (Square's popular app to send, receive, save or invest money).

• Nathanial Lattimer: Senior Security Engineer at Robinhood (a stock trading and investing app).

LocoMocoSec also has special offerings for entry-level attendees.

"We have a program where we try to get people who are new to the workforce, or they're switching jobs, to get them training going in," Matatall explains. "Beyond attending the conference and absorbing the talks and having conversations with others, there's an actual opportunity to get structured, hands-on workshop training.

"Hopefully, you come out on the other side with a marketable skill," he adds.

LocoMocoSec starts with all-day training workshops on Monday and Tuesday, June 27 and June 28, covering Microsoft Azure and Amazon Web Services security, code security reviews, and API security.

From there, it rolls into a single-track program on Wednesday and Thursday, June 29 and June 30.

"We like to keep everyone in the same conversation, so everyone has the same experience," Matatall explains. "If we ever get to the point of considering adding a second track, we'll probably cap attendance instead, because we're really strongly sold on the idea of everyone having the same story, and having things in common to talk about."

LocoMocoSec local links

Matatall highlighted many of the speakers he was excited to bring to Waikīkī: Dino Dai Zovi from Cash App, Coleen Coolidge from Twilio, Kymberlee Price from New Relic, and — representing the Aloha State — Chenoa Farnsworth from Blue Startups.

But Matatall wisas especially happy to have Jim Manico on stage.

"Jim used to live in Hawaii, slaving away for a long time as a school teacher," Matatall says. "He's actually the reason I'm in security, and he also the reason I'm in Hawaii."

Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He has over 20 years of experience building software as a developer and security architect.

Manico is also one of the co-founders of LocoMocoSec, along with Matatall, Maui-born techie Jeremiah Grossman, and Ron Paris, who left Hawaii Island for California a few years ago.

Matatall says it was largely Manico's idea to get things going again this year.

"If you've ever met him, he's one of the most charismatic people in the world," he explains. "He can walk into a room of 100 strangers and walk out with 100 friends, who will then tell all their friends about Jim who they just met.

"To have him be the opening keynote to get things going seemed like a good idea after all the support he's given us."

The Loco Moco Security Conference runs from June 27 to 30 at the Waikīkī Beach Marriott Resort and Spa. Registration for Hawaii residents is $700, general admission is $1,800, or $2,800 with training workshop.