So, I’ve been going to the Black Hat USA conference in Las Vegas for almost a solid decade now, and if there’s one thing that’s for sure, it’s that the conference continues to evolve.
Given, when I first started attending Black Hat those many years ago, it was not as a marketing rep for a security solutions provider, but as a reporter attempting to get my head around the emerging threat/exploit landscape.
However, even if my time is no longer spent attending sessions, and trying (with varying degrees of success) to understand what is being presented, even just a walk across this year’s show floor evidences the continued shift towards a more business-centric audience.
This is nothing new, of course, as hardcore Black Hat attendees have been decrying the show’s evolution into more of an “RSA in the desert” for years, but it’s clear that with each passing summer this change becomes ever more the reality.
Even when I was working my first marketing gig for pen testing specialists Core Security six years ago, it was clear that ethical hackers, primarily researchers, still made up a huge swath of the Black Hat audience.
Certainly it has a lot to do with spending more of my time in the vendor exhibition space, but with each year I see more corporate names and government agencies listed on attendees’ badges, and fewer humorous attempts to dodge identification (though we do have several “ninjas” and at least one “director of rainbows and unicorns” listed among our 2014 lead gen candidates).
Firstly, neither of us would debate that there is still a treasure trove of extremely valuable research on the Black Hat schedule, and again, I can’t even make the claim in recent years of attending many of these sessions.
Another key component to consider is that there are the sister Def Con and parallel B-Sides Las Vegas shows, which cater directly and almost exclusively to ethical hackers – focused solely on research, which has allowed Black Hat to grow more… corporate.
You also, of course, have the phenomenon of people who started out as Black Hat researchers who now focus more on the security solutions side of things, having built vital businesses around the “thought leadership” (yup, it’s a loathsome term but one that works here) they used to share as conference presenters (the guys from White Hat Security are a perfect and high-profile example).
As noted above one of the other significant changes in Black Hat attendance is the ever-increasing number of people coming to the show representing various elements of the government. In years past there may have been a lot of Red Team/Blue Team types, sure – and there likely still are – but today there’s an overwhelming number of state and federal security operations and management officials that attend – with their names and titles displayed openly on their badges, another notable shift.
My impression is that many of the people who first came to Black Hat – and now may spend more time at Def Con or B-Sides – likely disparage the show’s change in interests, thinking that the event is now too focused on the business side of things.
For companies like FireMon, however, this change had made the event even more valuable, providing us with another fantastic opportunity to connect with existing customers and new prospects to tell them more about what our solutions can do.
Is the change good? Is it bad? That’s for each individual to decide on their own, but as Alan and I eventually agreed, it’s really just a natural evolution, as hacking and ethical research continue to mature and become an even bigger element of enterprise security.
No matter how you slice it, Black Hat continues to serve as an ideal venue for numerous elements of the security community to connect, and no matter what changes come it’s always a pleasure to be there.