Another Black Hat USA is in the books, and we’re already looking forward to 2024. The energy across the event was great, and as always, it was fun to catch up with colleagues, customers, and friends in person. I polled my colleagues on their takeaways from this year and what changed from BHUSA 2022.
Quality of conversations
The quality of conversations was great and the best in years. Attendees were in “ready-to-learn” mode. It’s always exciting to dive into conversations with attendees and understand their pain points and challenges.
AI in cybersecurity
AI is definitely a hot topic. It wasn’t on display in vendor booths as much as everyone expected, but was a popular topic in conversations. The consensus was the buzz about generative AI and its impact on security across people, processes, and technology is strong, and we will see and hear a lot more heading into 2024. From a technical perspective, where GenAI has been incorporated into tools like SIEMs, for example, some colleagues thought it was pretty impressive. On the people and ethics side, it raised some interesting questions about the potential impacts on practitioners and functions, where the balance will be when adopting AI, and to what degree the outputs can be trusted.
New vendors everywhere
Many colleagues remarked on the number of new vendors and new solutions in the Business Hall. This is symptomatic of how the expanding attack surface is impacting cybersecurity. There are new challenges emerging that create gaps to be filled in the market.
It was really positive to see the U.S. Government leveraging the event for promotion and outreach. DARPA announced their AI Cyber Challenge. CISA had a large presence as well. Overall, continuing to see the Government and the hacker community get closer is a win.
Application security on the rise
Several colleagues mentioned the focus on application security, especially DevSecOps, API security, and SBOM. It’s yet another part of the attack surface that is getting more attention.
Cyber risk was in the air
BHUSA is well known as hacker summer camp, but there was increased interest in cyber risk management and quantification. Maybe this isn’t as surprising as cyber risk moves away from being qualitative and performed in spreadsheets and powerpoints, and evolves into quantification leveraging purpose-built solutions (like ThreatConnect RQ).
There were several creative approaches to hiring cybersecurity talent. Some enterprises had their own booths and attended specifically to recruit, while others were walking around with signs on their shirts. Either way, filling in the talent gaps is critical for many organizations and this looked like a cool way to address that challenge.
If you’re interested in where ThreatConnect will be next, please visit our Events page, and if you’re attending, pre-book a meeting with one of our Threat Intel Ops or Cyber Risk Quantification experts or just stop by, say hello and see a demo of our solutions.