Why you should go to QueryCon this week

by Lauren Pearl on June 18, 2019

QueryCon takes place this week at the Convene Conference Center in Downtown Manhattan, Thursday June 20th- Friday June 21st. If you don’t have a ticket yet, get one while you can.

QueryCon is an annual conference about osquery, the open source project that’s helping many top tech companies manage their endpoints. We’ve been big fans of osquery since Facebook hired us to bring Windows support to osquery in 2016. Now we have an entire group in our Engineering practice devoted to helping clients harness the power of osquery through new features and fixes. We jumped at the chance to bring QueryCon to New York at the invitation of Kolide, the original conference organizers. We got tons of value out of QueryCon 2018. We’re super excited to bring the conference to the east coast, and to reconnect in person with the growing and vibrant osquery community.

For most of us who went to 2018 QueryCon, attending this year’s event is a no-brainer. But what about those people who missed the magic and aren’t sure? For those of you still on the fence, here are some reasons to join:

Want to know what’s going on with your endpoints? You need osquery.

If you’re an IT or Security Operations professional, and you haven’t heard of osquery yet, you’re likely in the minority. osquery is quickly becoming a standard foundational tool that top tech firms use to flexibly manage their endpoints.

With osquery, you can expose your fleet’s machine data as a high-performance relational database. Using simple, standardized SQL queries, you can explore operating system data such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

Sponsorships Available

The solution offers great benefits in isolation or as part of a multifaceted fleet management system. It’s become so ubiquitous that leading commercial endpoint management solution providers, such as Carbon Black, are harnessing osquery to support certain use cases through solutions like Live Query.

Meet someone who can build your killer feature

Being open source, osquery is free to use, transparent, and developed according to users’ needs. Unlike other tools where you have to hope that a vendor company’s feature list overlaps with your needs, with osquery, you can take control by developing new killer features yourself. That is, if you have a team of security-focused C++ developers on staff. If you don’t, QueryCon is a great place to meet those people! Whether you’re interested in learning about better osquery development techniques, hiring a team to help you, or campaigning for a community dev path that aligns with your goals, QueryCon is the place to go to get your company’s wishlist of features into the osquery project.

The community is currently evolving – get a front-row seat to the latest developments

As many community veterans know, the osquery community has seen many recent changes. Late last year, Facebook heavily refactored the entire codebase, migrating osquery away from standard development tools like CMake and integrating it with Facebook’s internal tooling. In order to maintain functionality for the majority of enterprise users who rely on standard dependencies to run osquery, Trail of Bits developed and announced a community-oriented osquery fork, osql. At this year’s QueryCon, Teddy Reed of Facebook will be announcing and discussing plans to transfer stewardship of osquery from Facebook to an open-source foundation, leveraging Trail of Bits’ osql code. Want to ask Teddy questions about the change? He’ll be offering a live Q&A on the first day of the conference! Want to know more about osql? Trail of Bits’ Stefano Bonicatti and Mark Mossberg will let you know what to expect from osql.

It’s single-track, with select and engaged attendees, and no sales talks

We’re keeping with some excellent decisions made by QueryCon 2018. The talks are single-track and laser focused on providing the osquery community with relevant information. You don’t have to wonder if some talks will be relevant; We did that work for you in our speaker screening. You can also expect a high-quality audience at QueryCon. Expect to meet other osquery users, developers, and community managers who can help you with your own deployment, help you build your killer feature, or help you weigh in on the direction of this open source project to match your company’s needs. Expect everyone you meet to be a person interested in building an open-source tool that makes security better for everyone.

Finally, as a means of protecting the special culture created in the 2018 QueryCon, we’re keeping with the “No sales talks” rule. Speakers are welcome to share new features or tools that they have built as part of an informative development, deployment, or community management topic, but talks submitted that primarily peddle a commercial product or service are strictly prohibited. We think this enhances the QueryCon experience, focuses the conversation on the tool’s progress, and ensures that information presented is trustworthy.

There are still a few tickets left

Want to join for this year’s QueryCon? You can still buy tickets at the eventbrite page and get more information, including the speaker schedule, on the conference website. We hope to see you there!