As the cyber world gears up for Black Hat Las Vegas tomorrow, the InkHouse Security Practice presents “Black Hat: Under the Hood,” a special content series designed to bring you the inside scoop on what’s on the minds of members of the infosec community, from respected journalists covering the security beat (and the event) to talented threat researchers who’ll be attending and showcasing their latest work.
Our series continues with a chat with conference veteran and industry expert Paul Roberts of The Security Ledger:
[Paul Roberts]: I think there will be plenty of conversation about issues like embedded device security (after the Armis VxWorks disclosure) and issues like cloud and insider risk (following the Capital One breach). From a bigger picture, the continued migration of IT to the cloud will keep topics like DevOps and DevSecOps at the forefront of this year’s conference, which may be a continuation of recent years (deservedly so).
Keynote speaker, Dino Dai Zovi, is talking about how to rethink the purpose of security teams in light of DevOps. I think we’ll be hearing variations of that conversation from a lot of vendors.
[Paul Roberts]: Black Hat is mostly about meeting and talking to vendors for me. The Security Ledger is both a publication (and a podcast) and a business, so I’m looking to meet with security companies who are new or who I have worked with in the past. I also hope to attend some sessions as well as some of the Hewlett Foundation talks on Thursday and Friday.
At DEFCON I will be speaking on a Right to Repair panel in the Ethics Village on Saturday at 10:00 AM PT. The panel will address the ongoing fight to win a “right to repair” at the state level and the important implications of that for the information security community. This is a bit of a labor of love for me; I started the group securepairs.org to rally the InfoSec community to support right to repair.
[Paul Roberts]: It’s hard because InfoSec is a noisy space. Whatever your company does, rest assured there are a lot of other companies that do it as well (or they say they do). Reporters are drinking from a firehose of information and don’t have time to sort through qualitative differences in product offerings. That’s what analysts are for. Want to get in a story? Have something newsworthy and give a reporter an exclusive/scoop on the information. (NOTE: Product news is NOT newsworthy.)
Failing that, I would recommend helping a reporter do his or her job. Point them to an interesting or newsworthy talk or revelation they might have missed. Anticipate what they might be confused about and have an expert who can help them understand an arcane cybersecurity topic. Always be ready with an expert quote to add context to their story. If you’re not there when the news breaks, be able to help them frame their second (or third?) day take in a way that’s interesting, thought provoking and different.
[Paul Roberts]: This is my 16th Black Hat. (I think!?) I love connecting with my friends and colleagues in the information security world and (of course) meeting new and amazingly smart people. I usually get out for an early AM run with Dennis Fisher, Evan Wiesel, Ted Julian and other insane InfoSec runner types. That’s always fun, though Vegas is the least jog-able city in the U.S.
Other than that, I love being a part of the scene at Black Hat, DEFCON, B-Sides, etc.
Good luck to everyone traveling to the show this week! To sync up with the InkHouse security practice at the show or to learn more about our practice expertise, connect with us directly at firstname.lastname@example.org.
Nick Brown is an account manager at InkHouse specializing in the agency's enterprise tech and security practice. Over the course of his career, Nick has successfully developed and executed public relations strategies for a variety of clients from S&P 500 corporations to early-stage startups. While working with clients across sectors, he has developed an expertise in privacy, semiconductors, artificial intelligence, healthcare, additive manufacturing and higher education.