The Black Hat evolution

When the Black Hat conference moved to the Mandalay Bay hotel, I was curious as to what would be different. Over the years, Black Hat has evolved into something very different than how it started. Whether it has been a good or bad evolution depends on your perspective.

As background, I have the honor of being the first keynote speaker at the first Black Hat conference. The original event was an add on to the Defcon conference. At the time, Back Hat was the idea of one of the Jeff Moss' friends who noticed that more and more corporate people were attending Defcon. The thought was to put on a more upscale event with similar content, and without the havoc of Defcon. The first year, at the soon to demolished Aladdin hotel, held all attendees in a relatively small conference room that sat less than 100 people.

[A practical survival guide to Black Hat and DEF CON]

The most memorable session, of course except for my own, involved hackers talking about how they had no guilt in releasing vulnerabilities. Those vulnerabilities inevitably caused damages, not to the vendors of the products, but to the end users of the systems who were left unprepared to fix the vulnerabilities, before suffering an inevitable attack.

Over the next few years, the Black Hat hype grew, which continued to grow Black Hat attendance. Through those years, I tended to speak on Social Engineering and related topics, and as such, I had packed audiences. Black Hat sessions tended to be on some highly technical subjects that the typical "suits", looking very out of place, did not understand.

Over time, as the number of tracks grew, more sessions were added, and the technical depth sometimes seems shallow. There are just so many Zero Day vulnerabilities to go around. Every year though, a few notable Zero Day attacks make great press. The top headlines however come from the sessions that are cancelled. Cancelling a session makes more news than the story itself.

What is notable is that the cancelled sessions are usually due to employers having policies that forbid the release of information. The reasons are due to the work either being proprietary, found under some non-disclosure agreement, or more frequently that the employers have policies against releasing Zero Day vulnerabilities.

[Slideshow: Black Hat USA 2014: Scenes from the show

As Black Hat started attracting more sponsors, the number of vendor-sponsored parties started to grow. The parties became bigger attractions than the event itself. Also, it seemed that more people were going not because of the event, but because everyone else was going. For lack of a better term, Black Hat turned into the RSA Conference, but in Las Vegas.

However, Black Hat still strives to release Zero Day vulnerabilities. As important, Black Hat has attracted a robust B-Sides event. Defcon is still as iconic as ever. The combination of all three of those events means that a large number of new exploits might be released.

The ironic part is however that the reason why people are attending is not because they want to learn about how the vulnerability came about from some collegial perspective, but because they have to figure how to deal with the potential damage that will come when the vulnerability is released.

I know several senior security executives who attended the events solely to attend a few sessions that were anticipated to put their organizations at serious risk. Ironically none of these people were from vendor organizations, but from organizations who were users of the products in question.

These people are left very vulnerable, depending on the scope of the vulnerability to be released. While they have very strong security programs, they know that their architectures can crumble depending upon the nature of the vulnerability. They are not going to get rid of the products in question, or stop using the vendor in question, as rarely is a vendor negligent. It is not possible for any vendor to write perfect software, so the goal of shaming the vendor doesn't work.

[Slideshow: 10 disturbing attacks at Black Hat USA 2014]

With the lack of any pre-disclosure of information, these security executives have to attend the presentations and quickly determine whether or not the potential vulnerability represents a threat to their organization. If there is a threat, then they have to figure out how to temporarily mitigate the problem until the vendor can release a patch.

However as a significant number of Black Hat attendees see little value in the sessions, and just want to attend the parties and catch up with their friends, a Business Pass was created. This allowed for expo and keynote attendance.  It is clearly a business decision to attract revenue from those people who are skipping the conference itself and just attending the surrounding events. The decision worked, and there were approximately 9,000 attendees this year.

While I would normally recommend that if they have to create a pass for people who are not interested in the sessions, but want to attend their events, that they reevaluate their programming and consider having sessions that attract a wider variety of people. That would increase their revenue. Again though, as I previously stated, Black Hat is becoming much more like RSA, which has an Expo Plus pass, which is basically the same as the Black Hat Business pass.

[Black Hat presentation on TOR suddenly cancelled]

It is fascinating how Black Hat evolved since a comparatively dingy conference room, in a dying hotel, to now the top venue in Las Vegas. Black Hat has made its name by being notorious. Unfortunately, that creates problems for many of the people who made it successful.  While I realize that the pre-releasing vulnerabilities goes against what makes Black Hat notable, it will serve its attendees well. Maybe that is an area that should evolve along with the other aspects of the conference. It will be interesting to see where the conference ends up in another decade or so.

Join the CSO newsletter!

Error: Please check your email address.

Tags Black Hat ConferencesecuritySecurity Leadership

More about AladdinRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ira Winkler

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts