Most people who go to Las Vegas arrive with a singularity of purpose. For many, it’s the betting. For some, it’s Cirque de Soleil and other shows. For the InfoSec community around the world, Vegas in early August is all about security research.
In one week, Black Hat USA will begin again in Las Vegas for two days of massive information overload — also known as “drinking from the information firehose” — and a lot of hours spent on one’s feet. But in the end, it’s all worth it, because there’s simply no other place where you can find so much InfoSec expertise under one roof and so much opportunity to share information. More to the point, there’s no other place where I can find so many people interested in the same esoteric research and analysis as me.
The Black Hat event offers a unique research opportunity through its briefings, its exhibit hall, and, above all, its attendees. These are the reasons I go back every year.
The days before Black Hat, for me, become a matter of getting my schedule in order, a task more complicated than it sounds. Over the course of two days, there are more than 100 briefings, and each timeslot may have between five and 10 topics, leaving attendees with difficult choices. For example, on Wednesday morning, I must choose between Applied Machine Learning for Data Exfi and Other Fun Topics and Memory Forensics using Virtual Machine Introspection for Cloud Computing, among other topics. Luckily, the sessions are recorded, because I’m faced with similar choices during the other timeslots as well.
The Business Hall is always an exhilarating part of the Black Hat experience. Every security company you can imagine is in attendance — there will be 250 exhibitors this year. While many will have slick displays with contests and prizes to draw you in, I tend to head for the back of the hall where the small booths are situated. I like visiting the startups to see what interesting, new things they may be doing with technology. And I’m sure I’ll visit the finalists in the “Best of Black Hat Award” to see what is garnering the most press attention.
The best part of Black Hat, and the main reason I go, is to connect with other attendees. I have found that there is much to be learned from what other folks are doing in their approach to dealing with vulnerabilities and the new threat vectors. In the past, I’ve met people with whom I’ve been able to collaborate on research, and I’ve identified potential partnerships that have made good strategic sense for my company and our research organization.
This year, Black Hat predicts that there will be 11,000 people at the Vegas event, and I look forward to sharing ideas with my fellow attendees and hearing about the kind of work they’re doing. Outside of this field, there’s a tendency to think that, because we face similar problems, we deal with them in a similar fashion. But, as we know, there’s a lot of gray between the “black” and the “white,” and people are developing incredibly creative ways to contend with what are increasingly difficult and nuanced challenges.
There’s always something to learn at Black Hat, whether it’s some new security findings or interesting applications of machine learning, or trends in the way companies are identifying anomalous patterns and prioritizing and blocking threats. Whatever we find next week, I have no doubt that it will be interesting, exhausting, and well worth the trip. I hope to meet you there.
Deepen Desai is the Director of ThreatLabZ, the Security Research arm of Zscaler. ThreatLabZ leverages its aggregate view of billions of daily web transactions from millions of users around the world to identify new and emerging threats as they occur. Learn more at www.zscaler.com/blogs/research.
Zscaler will be at Black Hat in booth 754. We’ll being featuring live presentations and demos of five products: Cloud Security, APT Protection, Cloud Application Visibility and Control, Cloud Firewall, and the new Zscaler Private Access. Learn more at www.zscaler.com/blackhat2016/.