It's an odd dichotomy for cybersecurity leaders and vendors this summer: Many of us are gearing up for Black Hat USA 2020, long one of the most influential conferences in the industry. But none of us are booking plane tickets, setting aside (just a little bit of) cash for the blackjack tables, or booking dinner meetings at whichever steakhouse doesn't require going out into the Las Vegas heat. Everything is online this year, from the show floor to the breakout sessions to the prospect meetings we're all still scrambling to schedule.
The big challenge for the cybersecurity community this time around is creating the same engagement and enthusiasm for the event that we have when we can all be in the same convention halls, suites, dinner venues, and late-night events at Mandalay Bay. The importance of the event hasn't changed a whit; this is one of the community's best opportunities to come together, share what we've learned in the past months, and plan for how we'll protect each other and the public for the remainder of this pandemic and beyond.
COVID's emergence posed an obvious, real, and ongoing health crisis, but the subsequent efforts to keep businesses up and running with a remote workforce posed a different crisis. The attack surface surrounding the remote worker — especially for businesses that hadn't had robust remote work toolings in place to begin with — is significant. Many businesses had to prioritize new IT and security projects to accommodate new solutions to handle a remote workforce, according to a new report from McKinsey. WIRED wrote of the technical shortcomings schools faced before COVID arrived, which were exacerbated by the abrupt shift to online learning. And for enterprises that had not moved to a fully digital world, the rush to do so — which was an impressive accomplishment, to be sure — opened security gaps that need to be addressed now. At Black Hat virtual, we need to ensure we collaborate to stay protected as bad actors always follow the money. For instance, DHS and the Cybersecurity and Infrastructure Security Agency published an alert on how threat actors are taking advantage of COVID to put a new face on familiar, classic attack vectors.
What concerns me the most about the moment we're in right now is that the bad actors are getting more sophisticated by the day. The simple attacks don't work as often anymore. I've seen this script numerous times in the course of my career when I look at the work our research teams publish. What worked six months ago may not work now. The only way we can fight back against a more sophisticated opponent is through knowledge-sharing and collective protection, both formal and informal. I'm grateful that the Black Hat community is there to swap war stories of how we've succeeded — and failed — against adversaries. Those conversations, even digitally, will make the difference. Cybersecurity is a team sport.
The conversations that the cybersecurity community will have at this year's Black Hat (and at the subsequent DEF CON) will be instrumental in shaping how we all respond going forward as the world has changed. It's our responsibility, as a security community, to take this digital conference just as seriously as we would take an in-person one. We need to collaborate with the practitioners, decision-makers, and yes, even vendors to work together collectively against attackers.
Looking on the bright side, a digital event will make life infinitely easier for attendees and vendors in a lot of ways. Attendees will be able to participate in virtual one-on-one meetings as well as visit more panels and breakouts than they might have at a traditional physical event, as will vendors. Not to mention, of course, the airfare and hotels. I myself am planning to spend much of my time in virtual meetings with our technical teams and customers, and in our virtual booth, because the conversations you have there are often the most authentic ones in the whole event.
What I will miss the most is directly engaging face-to-face with customers who have become friends, catching up with fellow security leaders, and discovering new ways we can all help the security ecosystem get stronger. I have been impressed by Black Hat's efforts to try to replicate this virtually, as I can't imagine how difficult it is to pull this off in a matter of months, but I'm fully expecting this year's virtual event to be as consequential as any other.