Like so many technical people, I’m shifting a good bit of my focus to security. Reading about cybersecurity is one thing, but talking to the world’s leading experts is another! Last week I had my first exposure to Black Hat and its many security gurus. Here are a few of my takeaways.
Everybody Knows Their Stuff, Loves Talking, and Has Tons of Questions
These Black Hat security gurus are conversationalists. Everything is about discussion with this crowd. The questions were amazing. Equally impressive was the depth of knowledge displayed by vendors and booth presenters. Everybody on the floor had a ton of knowledge about their product and the specific security challenge it solved. It’s unlike anything I’ve ever seen at a tech show!
Picking the Right Security Tools Can Seem like a Full-Time Job
Tools are necessary, but companies have to be very strategic in picking the right ones for each job. These Black Hat attendees are some of the smartest and most careful shoppers you’ll ever meet. There were sessions that did nothing but compare vendors. That’s an unusual level vendor-nitty-gritty to get into at a conference. This crowd may have security budgets, but vendors will have to work hard to convince them to spend.
Machine Learning (ML) Is on a Roll!
While there may be some difference of opinion as two what exactly ML is, everyone seemed to agree it’s the future. If we put all the Black Hat attendees in a room, I’m not sure they would agree on the definitions of artificial intelligence, machine intelligence, machine algorithms, threat intelligence, and machine learning.
If you’re looking at any of these technologies, asking vendors these questions may help you figure out if a solution will help your company:
- What practical results does it produce specifically?
- How will it adapt over time to the ever-shifting threat landscape?
- As a percentage, how many false positives (unneeded alerts) does the solution return?
Facial Recognition Is Making for Angry Faces
This was particularly noticeable as DefCon started at the end of Black Hat. Facial recognition is a hot topic, and not in a good way. Recognition keeps getting better, but many people are not happy about all the amazing new tech! Some attendees are more concern about how the technology will be used than whether it will work.
Security Teams Need to Be Team Players
Parisa Tabriz, Google’s Director of Engineering, doesn’t love silos. When it comes to security, she loves them less. In so many words, she told security teams to stop hoarding information and control. The shortage of security personnel is too great, and the problem is too vast. Security teams cannot succeed if they don’t cooperate across teams and departments.
The IoT Can’t Be Controlled but Companies Should Still Try
The geometric progression of the IoT is unstoppable. Along with it comes an equal progression of security risks. Companies need to look at ways to lock out or restrict devices that are blessed by the IT powers that be. It may seem like an impossible task, but what’s the alternative?
Now You Try!
If you work in IT—even if you’re not in cybersecurity—I highly recommend going yourself. If you go to a Black Hat conference, here are my tips for getting the most out of it.
- Talk to attendees – they are smart and want to help
- Visit lots of vendors and ask questions — no sales fluff here you get the engineers
- Prioritize your sessions – which awesomeness do you want most?
Oh, and one more thing: be strategic about your swag. Honestly, I have never seen a more swag-hungry crowd! If swag is your thing, here’s a pro tip: bring an extra (empty) backpack and hit the show floor early on day one.
Happy Black Hatting. That’s a verb now.