Five Questions With Carbon Black’s Head of Security Strategy, Rick McElroy

Today, we’re excited to sit down with Rick McElroy, Head of Security Strategy at Carbon Black, one of InkHouse’s security practice clients, to get an insider’s perspective on Black Hat. 

Rick has more than 20 years of information security experience educating and advising organizations on reducing their risk posture and tackling tough security challenges. He has held security positions with the U.S. Department of Defense, and in several industries including retail, insurance, entertainment, cloud computing and higher education.

Rick, take it away:

Q: What are you most looking forward to this year?

[Rick McElroy]: Every year, I look forward to the conversations and connections. Talks are great but conversations are better.

Q: What gets you most excited about Black Hat?

[Rick McElroy]: The people -- we are so busy as a group of professionals that it is about the only time most of us are in the same place at the same time. I consider this a family reunion. A chance to sit and share our lessons learned over the last year and strategize on the year ahead. This chance to reflect, commensurate and reenergize is almost perfectly timed in the middle of the year. I also love meeting people in person I have interacted with digitally for a long time. I also love meeting new professionals coming in.

Q: What are your thoughts on the evolution of the conference and where it’s grown to today?

[Rick McElroy]: I often say I am a little jaded because I get to go to almost all the major conferences. There are things I love about Black Hat. The trainings are always top notch, again the people are the best in the industry and you do get some great talks. For me personally, it is moving more towards a marketing and sales conference and less of a technical one. Over the last 20 years the growth has been amazing to see but does make logistics at a place like Mandalay Bay tough. Plan on long lunch lines. Plan on most of the restaurants being booked for private events so getting food becomes an issue. The size of this event probably warrants a move. Last year, it took me 20 minutes to get out of the parking lot in a taxi. It makes being on time very hard to pull off. 

On the good, evolutionary side, I am so happy to see how many female speakers there have been. Parisa keynoted last year and it was an amazing talk -- let’s have MORE of this. Also, Black Hat seems to be trying to do the right things for the most part. They are listening to the community and making adjustments. I also commend Black Hat for their stance against “booth babes.” We are professionals responsible for large amounts of money, assets, secrets and in some cases, lives. I am glad we are growing up.

Q: What are some trending topics you expect to take center stage this year?

[Rick McElroy]: I expect a lot of buzz around medical devices, IoT and OT. The spigot has been turned on with the sheer number of things plugged in to the internet and we just dumped kerosene on a wildfire. I expect lots of automation talks. Even though Black Hat continues to grow, we are still struggling with resources. SecDevOps is a thing and there is a keynote from Dino Dai Zovi titled, “Every Security Team is a Software Team Now.” This is super interesting. We are already struggling with people - now we need software developers. I’m really looking forward to this discussion. I am a fan of SecDevOps and do believe it holds some promise, now how do we get there...

Q: Any tips you’d like to share with our readers who may be attending Black Hat for the first time?

[Rick McElroy]: Having gone for 15 years now, here are my top tips:

1. Hydrate. Hydrate. Hydrate. It’s Vegas in August.
2. Bring comfortable shoes to stand and walk in. Sitting space is super limited and if you take full advantage of Black Hat you will probably be on your feet 12 or more hours a day. I know the first year I didn’t bring great shoes and my knees and back killed. 
3. Keep food on you at all times. Lines are very long at all times for food so if you have small windows to eat, it’s best to be prepared and bring some with you. Go to a store when you get in and get supplies. See tip #1.
4. Get and stay in the game. Jump in. Meet people. Network. Network. Network. If you don’t know many people in the industry, here is a chance to change all of that. You might be in line with @hacks4pancakes or @malwareunicorn. Almost all of us will take the time to have a conversation. Go build a tribe or find an infosec tribe to be a part of.
5. My final advice is this. We are trying to change our industry. It isn’t the 90s anymore. Every year, I read these stories about people making inappropriate comments, harassing or just being jerks. Don’t be a jerk. Don’t ruin the progress we have made as an industry. The world is looking to us to help solve this problem and we need to start taking that seriously. Brand matters. Let’s make the headlines from Black Hat about security and risk and not about some bad apples spoiling it for the rest of us.

Rick, thank you so much for participating in our series! It’s always a pleasure learning from an industry veteran like yourself.

Be on the lookout for more “Black Hat: Under the Hood” Q&As coming soon, where we speak to more industry reporters and members of the infosec community. If you’re headed to Las Vegas for the event, email us at workwithus@inkhouse.com to meet up.