I had the honor of presenting this past weekend at WordCamp Kyoto. It wasn’t my first time addressing WordCamp crowds on security topics, but it was my first time in Kyoto, Japan. I felt at home, as the attendees and organizers of this event were excellent at making everyone feel welcome.
The event itself was well organized and made all the better with the inclusion of translators whom provided a fantastic service translating my English to Japanese on the fly. The translators did such a great job a joke mid-way through the presentation successfully made it through the language barrier and got a laugh from the crowd.
Talking about crowds, the attendees of WordCamp Kyoto are by far my favorite of any WordCamp. The crowd had great questions on the topic of security which ranged from addressing concerns regarding how to best choose plugins that are secure, wether or not to block countries who are not intended audiences for the site, and even afterwards giving a concerned plugin author a run-down on the security implication of using the unserialize() functionality in PHP.
The City of Kyoto & WordPress Security
Outside of the event I enjoyed taking in the city of Kyoto, a gift secondary to the WordCamp itself. A modern city with rich history and beautiful architecture. I explored the city during a mid-day run through the Imperial Palace grounds and around Nijo Castle.
As I jogged past the ancient castle of Kyoto my mind wandered (as it does around kilometer 8.) I looked down the moats and walls of this castle and reflected on why the WordPress community here in Kyoto had such great questions and appeared so engaged about the topic of security.
Perched in the middle of the city, Nijo castle is surrounded by multiple moats, this as practicing defense in depth. The castle’s few entry points are similar to strict firewall rulesets, preventing anyone from accessing the grounds unless it’s from expected paths. The Uguisubari floors (which are designed to make noise when someone steps on the floorboards) make a strong comparison to monitoring and attack detection. The old castle was clean, had fresh paint and looked as if it could fend off ground troop attacks just as well as it could when it was first built. In other words, it was well maintained and updates to the castle were regularly performed just like your website and server should be. This castle was a monument to security best practices, so it was no wonder the community in Kyoto respected the topic of security and were engaged during the Q&A session.
I look forward to future interactions with those whom I met in Kyoto, and hope I can make it to WordCamp Tokyo in the future as it’s clear the Japanese WordPress community is full of open, inviting and great people.