Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

8/20/2020
10:30 AM
Jeff Wilson
Jeff Wilson
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay

Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.

In the first week of August 2020, as I prepped my kids for the start of virtual 7th and 12th grade, I attended my first full virtual conference.

To its credit, Black Hat USA 2020 turned hard left once it was clear that large live events wouldn’t be happening in the second half of 2020, and what they managed to pull off was nothing short of a miracle. Even if, from an analyst’s perspective, the event was nothing like an in-person event, it was incredibly useful for all involved.

Walking downstairs to my makeshift living room office was weird. But was it weirder than walking through a casino at 7:00am to spend a day meeting with cybersecurity technology vendors? Considering I’ve been attending conferences like Black Hat for a quarter of a century, yes, it was weird.

But then I did something that I haven’t done in at least 15 years: I went to a keynote.

You see, typically the first morning (and every other morning) of a show is spent hustling from a hotel suite breakfast meeting to a second breakfast meeting at the buffet at Mandalay Bay. In these meetings, I catch up with old friends and customers, talking about the show and what they’re announcing.

Keynotes are often little more than hot wind from big-dollar sponsors. But not at Black Hat. This year's day one keynote came from a Georgetown professor of computer science and law, and it was about election integrity. I spent an hour developing a new level of anxiety about the 2020 U.S. presidential election, learning from a speaker with deep knowledge of this critical issue.

As it seemed that most vendors staffed their booths with salespeople, I didn’t have the same networking opportunities an in-person conference would have presented, so I dove into more sessions on a wide range of topics, such as how to defend containers (like a ninja), more on election security, reverse engineering Tesla batteries, and adversarial use of AI and ML.

Wednesday's locknote wrap-up session came fast, and the discussion gave me a second list of sessions I needed to go back to and watch on demand.

I woke up Thursday morning excited to tune into the second day keynote; Renée DiResta from Stanford’s Internet Observatory was presenting a session titled “Hacking Public Opinion,” and this one session made the entire event for me.

DiResta offered a deep and thoughtful discussion about the information operations capabilities of China and Russia, the techniques they are using to sow discord outside their borders, and the ways they manipulate public opinion in their own countries. This “fake news” discussion was revelatory and powerful and frankly should be made public for the world to see, especially ahead of the November election in the U.S.

The rest of Thursday was much like the rest of day one. I attended more briefings and a few sponsored sessions (most of which were delightfully technical and not just thinly veiled sales pitches).

The day two locknote discussion gave me a second list of sessions to watch on demand, but I couldn’t stop thinking about DiResta’s presentation and the implications of it. And that’s weird as well. I attended a technical conference on cybersecurity, and I walked away with significant conclusions about democracy, voting, and disinformation that have personal, global, and political implications.

So yes, Black Hat USA 2020 virtual was weird. But it was a good kind of weird. It felt like the first conferences I attended 25 years ago as a junior analyst, when I was just looking to learn as much as I could.

In the end, this new way to do Black Hat mirrored my personal COVID-19 experience; it gave me a chance get off the relentless commercial treadmill of being an industry analyst, to slow down and learn something new.

As I compare the overall experience at Black Hat USA 2020 with the last large conference I attended in San Francisco right before shelter-in-place started, I greatly prefer Black Hat—and not just because I got to wear shorts and see my kids before and after the event.

As a write this, I just found out that California has been warned about the possibility of a fire tornado, and I had to do a quick search, because that sounds straight out of Pokémon. But that’s 2020 for you, the year where everything was weird.

Jeff has more than 25 years of experience analyzing the cybersecurity technology market and providing guidance to vendors. He possesses one of the longest-running and most accurate forecast track records in cybersecurity technology, with forecast models dating back to ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20538
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
CVE-2021-20559
PUBLISHED: 2021-05-10
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
CVE-2021-20577
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
CVE-2021-29501
PUBLISHED: 2021-05-10
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable...
CVE-2020-13529
PUBLISHED: 2021-05-10
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.