Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:00 PM
Dan Lowden
Dan Lowden
Connect Directly
E-Mail vvv

Black Hat Virtually: An Important Time to Come Together as a Community

The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.

It's an odd dichotomy for cybersecurity leaders and vendors this summer: Many of us are gearing up for Black Hat USA 2020, long one of the most influential conferences in the industry. But none of us are booking plane tickets, setting aside (just a little bit of) cash for the blackjack tables, or booking dinner meetings at whichever steakhouse doesn't require going out into the Las Vegas heat. Everything is online this year, from the show floor to the breakout sessions to the prospect meetings we're all still scrambling to schedule.

The big challenge for the cybersecurity community this time around is creating the same engagement and enthusiasm for the event that we have when we can all be in the same convention halls, suites, dinner venues, and late-night events at Mandalay Bay. The importance of the event hasn't changed a whit; this is one of the community's best opportunities to come together, share what we've learned in the past months, and plan for how we'll protect each other and the public for the remainder of this pandemic and beyond.

COVID's emergence posed an obvious, real, and ongoing health crisis, but the subsequent efforts to keep businesses up and running with a remote workforce posed a different crisis. The attack surface surrounding the remote worker — especially for businesses that hadn't had robust remote work toolings in place to begin with — is significant. Many businesses had to prioritize new IT and security projects to accommodate new solutions to handle a remote workforce, according to a new report from McKinsey. WIRED wrote of the technical shortcomings schools faced before COVID arrived, which were exacerbated by the abrupt shift to online learning. And for enterprises that had not moved to a fully digital world, the rush to do so — which was an impressive accomplishment, to be sure — opened security gaps that need to be addressed now. At Black Hat virtual, we need to ensure we collaborate to stay protected as bad actors always follow the money. For instance, DHS and the Cybersecurity and Infrastructure Security Agency published an alert on how threat actors are taking advantage of COVID to put a new face on familiar, classic attack vectors.

What concerns me the most about the moment we're in right now is that the bad actors are getting more sophisticated by the day. The simple attacks don't work as often anymore. I've seen this script numerous times in the course of my career when I look at the work our research teams publish. What worked six months ago may not work now. The only way we can fight back against a more sophisticated opponent is through knowledge-sharing and collective protection, both formal and informal. I'm grateful that the Black Hat community is there to swap war stories of how we've succeeded — and failed — against adversaries. Those conversations, even digitally, will make the difference. Cybersecurity is a team sport.

The conversations that the cybersecurity community will have at this year's Black Hat (and at the subsequent DEF CON) will be instrumental in shaping how we all respond going forward as the world has changed. It's our responsibility, as a security community, to take this digital conference just as seriously as we would take an in-person one. We need to collaborate with the practitioners, decision-makers, and yes, even vendors to work together collectively against attackers.

Looking on the bright side, a digital event will make life infinitely easier for attendees and vendors in a lot of ways. Attendees will be able to participate in virtual one-on-one meetings as well as visit more panels and breakouts than they might have at a traditional physical event, as will vendors. Not to mention, of course, the airfare and hotels. I myself am planning to spend much of my time in virtual meetings with our technical teams and customers, and in our virtual booth, because the conversations you have there are often the most authentic ones in the whole event.

What I will miss the most is directly engaging face-to-face with customers who have become friends, catching up with fellow security leaders, and discovering new ways we can all help the security ecosystem get stronger. I have been impressed by Black Hat's efforts to try to replicate this virtually, as I can't imagine how difficult it is to pull this off in a matter of months, but I'm fully expecting this year's virtual event to be as consequential as any other.

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Dan has more than 20 years of executive-level experience in the technology and cybersecurity markets. He is the CMO at White Ops and has previously worked for large enterprise cybersecurity companies Digital Shadows, Invincea (acquired by Sophos), and vArmour, successfully ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of Lightspin,  12/3/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Assessing Cybersecurity Risk in Todays Enterprises
Assessing Cybersecurity Risk in Todays Enterprises
COVID-19 has created a new IT paradigm in the enterprise and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-12-04
Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.
PUBLISHED: 2020-12-04
Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).
PUBLISHED: 2020-12-04
Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV).
PUBLISHED: 2020-12-04
Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.
PUBLISHED: 2020-12-04
Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV).