Six Things I Saw at My First Black Hat (2018)
Ever wondered what goes on at Black Hat's event on security information and research? Check out this first-time attendee's experience and six key takeaways.
Join the DZone community and get the full member experience.Join For Free
Everybody Knows Their Stuff, Loves Talking, and Has Tons of Questions
These Black Hat security gurus are conversationalists. Everything is about a discussion with this crowd. The questions were amazing. Something that was equally as impressive was the depth of knowledge displayed by vendors and booth presenters. Everybody on the floor had a ton of knowledge about their product and the specific security challenge it solved. It’s unlike anything I’ve ever seen at a tech show!
Picking the Right Security Tools Can Seem Like a Full-Time Job
Tools are necessary, but companies have to be very strategic in picking the right ones for each job. These Black Hat attendees are some of the smartest and most careful shoppers you’ll ever meet. There were sessions that did nothing but compare vendors. That’s an unusual level vendor-nitty-gritty to get into at a conference. This crowd may have security budgets, but vendors will have to work hard to convince them to spend.
Machine Learning (ML) Is on a Roll!
While there may be some difference of opinion as to what exactly ML is, everyone seemed to agree it’s the future. If we put all the Black Hat attendees in a room, I’m not sure they would agree on the definitions of artificial intelligence, machine intelligence, machine algorithms, threat intelligence, and machine learning.
If you’re looking at any of these technologies, asking vendors these questions may help you figure out if a solution will help your company:
- What practical results does it produce specifically?
- How will it adapt over time to the ever-shifting threat landscape?
- As a percentage, how many false positives (unneeded alerts) does the solution return?
Facial Recognition Is Making for Angry Faces
This was particularly noticeable as DefCon started at the end of Black Hat. Facial recognition is a hot topic, and not in a good way. Recognition keeps getting better, but many people are not happy about all the amazing new tech! Some attendees are more concern about how the technology will be used rather than whether it will work.
Security Teams Need to Be Team Players
Parisa Tabriz, Google’s Director of Engineering, doesn’t love silos. When it comes to security, she admires them even less. In so many words, she told security teams to stop hoarding information and control. The shortage of security personnel is too great, and the problem is too vast. Security teams cannot succeed if they don’t cooperate across teams and departments.
The IoT Can’t Be Controlled but Companies Should Still Try
The geometric progression of the IoT is unstoppable. Along with it comes an equal progression of security risks. Companies need to look at ways to lock out or restrict devices that are blessed by the IT powers that be. It may seem like an impossible task, but what’s the alternative?
Now, You Try!
If you work in IT — even if you’re not in cybersecurity — I highly recommend going yourself. If you go to a Black Hat conference, here are my tips for getting the most out of it.
- Talk to attendees — they are smart and want to help
- Visit lots of vendors and ask questions — no sales fluff here; you get the engineers
- Prioritize your sessions — which awesomeness do you want most?
Oh, and one more thing: be strategic about your swag. Honestly, I have never seen a more swag-hungry crowd! If swag is your thing, here’s a pro tip: bring an extra (empty) backpack and hit the show floor early on day one.
Published at DZone with permission of Ami Casto, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.