Black Hat 2023 Recap: What Happened in Vegas

By Tim Hurley

Black Hat USA – now in its 26th year – attracts an eclectic mix of hackers, academics, researchers, press, marketers, techies and vendors to discuss, debate and display the latest in cybersecurity. For those who didn’t make it to the conference and wondering what went down, here’s a recap of my two days on the ground in Vegas. Because not everything that happens in Vegas needs to stay in Vegas.

Unofficial Theme: One Step Ahead

I say unofficial because this is simply my take in attempting the impossible task of boiling down the panels, keynotes, demos and discussions into a single theme. As adversaries shift their collective focus and attack modes from their ransomware obsession (which is so 2021) to larger, more complex activities – identity-based cyber-attacks and data extortion – there’s an undeniable shift taking place. The good guys – AKA defenders – are overhauling their cyber defense strategies by focusing on predicting and preventing new, more sophisticated and damaging attacks.

Hot Takes, Hot Topics and Hot Talk Tracks

Amidst the searing temps, there was plenty of heat around proactive cybersecurity, cybersecurity as a service (AT&T, Sophos and many others were banging that drum), the need for better attack surface management, the recent SEC ruling on cybersecurity disclosure requirements and whether they go far enough, and of course, AI.

AI = All the Rage

Naturally, AI was front and center. And left and right. Basically everywhere. Wednesday’s keynote by Maria Markstedter, Founder of Azeria Labs, was titled, “Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow. Maria chronicled the meteoric rise of generative AI – mostly OpenAI’s ChatGPT – and discussed the massive adoption of AI from the browser a year ago to the API and application levels today.

She also dove into the corresponding rise in business use cases. “We need to take the possibility of autonomous AI agents becoming a reality within our enterprises seriously,” said Markstedter. In describing the “AI Arms” race, which she cautioned, “will not be driven by safety”, Maria pulled no punches. Her rhetorical questions were big and bold. “Can Big Tech Be Trusted?” “Will AI Kill Us All? Probably,” she noted, not so tongue in cheek. Maria did give props however to Sam Altman, noting that the OpenAI CEO did raise safety concerns around his own models.

Beyond the keynote, several vendors used the conference to launch new or improved solutions utilizing generative AI technologies – underscoring the fact that Large Language Models and ChatGPT-like functionality remain high on the hype train. As with any new tech trend, the noise level will abate, very likely timed with a corresponding rise in adoption. Most security leaders I spoke with are rather bullish on the promise of AI in delivering new capabilities and new levels of protection.

The G-Men and Women Are Here

I met several government agency folks and members of the military this week, and you could not help but notice the FBI, CIA, NSA, and DHS recruiting booths. There were two government-backed keynotes including Thursday’s presentation by Kemba Walden, acting US National Cyber Director for the Executive Office of the President, who articulated the latest strategy in place to fortify the U.S. government’s cyber posture. CISA also had a vendor-like booth with a rather continuous recruitment campaign.

Best Booths

I can’t profess to have seen ‘em all, but here are a few that stood out:

Crowdstrike – if bigger is better, they nailed it. You could not help but notice the Crowdstrike booth – adorned in the alarming black and red and their 18-foot tall Wizard Spider looking out menacingly at all passers-by. It was not lost on me and certainly, others that Crowdstrike’s massive booth was directly across from its arch-rival SentinelOne.

HUMAN – befitting their name and company persona, HUMAN’s booth was warm, inviting and comfortable. It was also huge. The centerpiece was a big book store in the center of the booth with no shortage of comfortable couches and chairs. Faux brick columns were adorned with old-school movie posters with superhero themes and artwork that, well, humanized things like PCI compliance enforcement, data protection and modern defenses. Finally, the coffee was hot and fresh and didn’t require a badge scan!

Bitdefender – the booth might have been fairly unremarkable, but their Ferrari (a major customer) simulator was a big hit and drew long lines throughout the day. According to their communications and sales folks, a ringer – a professional F2 race car driver dropped by and blew away the field.

Cymulate – (disclosure: Matter client). Their booth was as “uncorporate” as you can get and by design. The theme was “cyber punk”, a subgenre of science fiction in a dystopian setting that inspired the likes of Minority Report, Blade Runner and the TV show Altered Carbon. The black walls featured the Cymulate name and core messaging in what looked to be graffiti from a distance. Cymulate employees played the part of being mysterious and edgy with a touch of rebellion. Of course, they were all dressed in black.

Bits and Pieces

  • “Book Em” – book signings in vendor booths were common. IT-Harvest’s Richard Stiennon was in the Cymulate booth on Wednesday, handing out copies of his 2023 Security Yearbook. Thursday saw security legend Bruce Schneier promoting and signing his newest book, “A Hacker’s Mind”, at the ThreatConnect booth. He drew a line around the proverbial block.
  • “Odd Bedfellows?” – Tik Tok sponsored the networking lounge. That one was a headscratcher for this attendee and non-Tik Tokker.
  • “Stay Hydrated!” – there was no shortage of bars, watering holes and pop-up cocktail lounges on the floor. 24-ounce tall boy beers from Modelo and Bud were common sights.

Overall, it was another great year at one of cybersecurity’s premiere events, filled with learnings and takeaways that will help inform our client PR and marketing programs for the year ahead. See you next year, Black Hat!