“Black Hat is the most technical and relevant global information security event series in the world. For more than 16 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.
From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, the Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.” - https://www.blackhat.com/about.html
This year I got a chance to attend the Black Hat briefings:
The Black Hat Briefings were created more than 16 years ago to provide security professionals a place to learn the very latest in information security risks, research and trends. Each year, internationally leading security researchers take the stage to share their latest work and exploits in a friendly, vendor-neutral environment. Vulnerabilities are often exposed that impact everything from popular consumer devices to critical international infrastructure and everything in between. Black Hat seeks groundbreaking research to fill both 25 and 50-minute speaking slots for each annual show.
The journey to Las Vegas was briefly punctuated at Cincinnati for a couple of business meetings. Las Vegas was surprisingly hot when I landed and waited to be picked up, it is a beautiful city dotted with landmarks of the world. It was amazing to see the ‘liberty’ lady sharing the horizon with the leaning tower of Pisa, Paris. Several replicas of New York buildings jostled for space but what took my breath was the conference venue – The Mandalay Bay.
There were 8 parallel sessions in a particular time slot and in total 6 and 7 sessions for the 2 days of briefings respectively. It was very difficult to choose a particular session and I chose the following briefings where it could benefit our offerings in the future. Here’s a few sessions that I attended:
- The Tactical Application Security Program: Getting Stuff Done
- Stranger Danger! What is the Risk from 3rd Party Libraries?
- Behind the Mask: The Agenda Tricks and Tactics of the Federal Trade Commission as they Regulate Cybersecurity
- The NSA Playset: A Year of Toys and Tools
- How to Implement IT Security after a Cyber Meltdown
- Pen Testing a City
- Hi This is Urgent PLZ Fix ASAP: Critical Vulnerabilities and Bug Bounty Programs
- Harnessing Intelligence from Malware Repositories
The sessions were exhaustive and walking along the famous ‘strip’ was kind of relaxing. I wondered what made the security community to choose Vegas as the venue, is security akin to gambling? I guess most of the organizations are kind of gambling in security rather than indulging in it!