Overall, my Black Hat experience was a good one. Coming away from it, I feel like I learned a lot–from new vocabulary to new ideas. It also gave me a better appreciation for how big of an issue cybersecurity really is. It is almost overwhelming how many threats exist in the cybersecurity space–from deep fakes to social engineering to misinformation to all out war.
I think that one of the most important things I learned from Black Hat, and which is at the root of many problems, is the importance of communication about cyber issues. The industry (as represented by the speakers at Black Hat) is well aware that cyber security is coming into its own. They know that it is beginning to be seen as a legitimate concern for business and that they have the attention of people in the C-Suite. Yet, there is still a major communication gap. From my perspective at Black Hat, I had a hard time understanding everything presenters were saying and I went into it with both an interest in what they were saying and a desire to understand. I hate to rely on stereotypes, but a lot of the presenters and attendees at Black Hat were your stereotypical tech types. They are not always the most articulate and are often more adept at expressing themselves in code than they are in words. This means there is a lot of work to be done with regard to building bridges and maintaining existing bridges.
Walking through the Business Hall full of booths from various cyber security companies, the communication issue was even more glaring. While I saw the names of plenty of cybersecurity companies that I recognized like Fireeye, RiskIQ, Blackberry, and McAfee, I also came across a lot of companies that I did not recognize. As I looked at their booths, looking for any details about what they did, I saw a lot of the same, vague, esoteric, industry-specific phrases that do not really tell you what they do. To borrow a phrase from Kevin Beaumont (@Gossithedog), the booths were full of “content free buzzwords.” To be fair, for the most part, the people in the booths were able to explain to me what they did in a way that I could understand what they do. But, it was still easy to discern the difference between the showroom floor and the briefing room, each with their own idiomatic lexicon. While the people selling the various products and software are salespeople and not necessarily technologists, they too have work to do in building a bridge to the C-Suite and policy makers.
It is no wonder I saw potential communication issues when people in the industry are literally all over the map dealing with different issues, languages, threats, and technologies. Each one of them has their own priorities that do not always align with those of everyone around them. That creates a lot of opportunities for conflicts and a need for intermediaries who can understand both sides of technology and policy. The good news is that I got an overall impression of optimism out of the conference. There was a sense of community and a feeling that they are doing something big for the world–and I they are. It will be fun to watch the topic of cybersecurity to continue to develop and change.