Skip to main content

Looking back at Black Hat USA 2022

wordpress-sync/blog-hero-bhusa-2022

21 septembre 2022

0 minutes de lecture

For the past few days, I’ve been getting a lot of messages asking about my experience at this year’s Black Hat USA. So in this post, I’ll be recapping the conference to give you an inside look at what was presented and provide some helpful perspective.

Black Hat is one of the largest — and most talked about — cybersecurity conferences. Its inception dates back to 1997. Now Black Hat conferences are held all over the world — including the United States, Asia, Europe, the Middle East, and Africa — providing briefings and training around different aspects of cybersecurity. This is one of the bucket list conferences for researchers around the world, university students and professionals included.

Attending Black Hat USA in person, after three years of social distancing, was a totally serene experience. It was the 25th anniversary of Black Hat USA and a hybrid of training and traditional conference events. Black Hat offered training on the initial four days, August 6–9, followed by the conference on August 10–11.

wordpress-sync/blog-bhusa-2022-5

I reached Vegas on August 5th, and attended the training on the 6th. This year, I got to attend Hacking and Securing Cloud Infrastructure, which was four days of extensive training covering cloud basics, cloud architecture, security measures in the cloud, attacks in the cloud environments (Azure, AWS, and GCP), and Kubernetes security.

wordpress-sync/blog-bhusa-2022-2

The training experience was incredible and I learned a lot. Black Hat was full of training in different tracks covering everything from AppSec and crypto, defense, IoT, and malware to name a few.

The last day of the training, or Day 0 of the conference, was the CISO Summit, which was attended by cybersecurity  leaders from across the industry and had an incredible line of speakers.

wordpress-sync/blog-bhusa-2022-4

The CISO Summit kicked off with the welcome and introductions by Jeff Moss (Founder, Black Hat + DEFCON) and Steve Wylie (General Manager, Black Hat). There were other interesting talks, such as €‹ €‹Cyber War 2022 by Kenneth Geers, When Your Kinetic War Gets into My Cybernetic Defenses by Frank Artes, Building (Zero) Trust Starts with HardFirmware by Yuriy Bulygin, Why Cybersecurity is a Key Pillar of ESG: What this means to you as a CISO by Joanna Burkey, and People Shortage - Skills Gap by Dave Kennedy to name a few.

The event closed with the advisory panel lock note by:

  • Wendy Nather

  • Saša Zdjelar

  • Justine Bone

  • Trey Ford 

wordpress-sync/blog-bhusa-2022-16

The panel outlined amazing discussion points around cyber insurance, healthcare security, and common mistakes and misses in the industry today.

Black Hat Briefings started on August 10th, with an amazing opening note from Jeff Moss, who shared the history of Black Hat and what’s its accomplished during 25 years in the cybersecurity space.

wordpress-sync/blog-bhusa-2022-11

Jess Moss’s introduction was followed by Chris Crebs, who — as part of CISA — needs no introduction. He discussed the government's perspective and how checklist-based compliance functions better than improved outcomes.

wordpress-sync/blog-bhusa-2022-6

This year, I had an opportunity to speak live on Day 1. My presentation, Reshaping the Requirements for a Cybersecurity Career, discussed cybersecurity as a career, the current job landscape, how we can reshape cybersecurity career requirements, and actionable pointers to move ahead in the cybersecurity domain. The discussion had something for everyone, from hiring managers and senior leadership to students looking to break into the cybersecurity domain.

Cybersecurity has always been an area with more opportunities and jobs than people to fill them. We discussed how organizations can encourage more people to join cybersecurity teams by providing the technical training they need to succeed in the space.

wordpress-sync/blog-bhusa-2022-15

I also was asked to be on the Hacker Valley Studio podcast by the two amazing hosts, Chris Cochran and Ronald Eddings, where we discussed my journey into cybersecurity and current role at Snyk.

wordpress-sync/blog-bhusa-2022-7

Day 2 was even more fun, starting with the Diversity Breakfast organized by my very good friend, Shira Shamban. The table was filled with a fruitful discussion around cloud security, and I got to meet some very inquisitive people from the same space.

wordpress-sync/blog-bhusa-2022-17

Snyk had a huge booth at Black Hat USA, where I met my incredible team. Discussions with them are the cherry on top of the cake. I met Kyle, Ashish, and Shilpi, and spent the whole day at the booth talking with everyone from possible customers to students to CISOs. Everyone wanted to know more about Snyk and our mascot Patch.

wordpress-sync/blog-bhusa-2022-18

I started it light and started with my own talk, Diverse Founders Building Cybersecurity Businesses. Startups are constantly evolving, and it's time to reevaluate what constitutes a diverse founder. In the meetup, we dived into the process, business ideas, and strategy involved in the startups run by women — as well as the importance of inclusive, equitable, and diverse workplace cultures.

wordpress-sync/blog-bhusa-2022-19
View from the discussion

The last event at Black Hat was the review board members' lock note panel, with key takeaways and information around submission reviews.

wordpress-sync/blog-bhusa-2022-9

I wrapped up my time in Vegas by meeting some really amazing people that I’d always wanted to meet — including Wendy Nather, Mikko Hypponen, Tanya Janca, Katie Missouries, Lynn Dohm to name a few.

wordpress-sync/blog-bhusa-2022-13
Katie Missouries
wordpress-sync/blog-bhusa-2022-8
Mikko Hypponen
wordpress-sync/blog-bhusa-2022-10
Wendy Nather
wordpress-sync/blog-bhusa-2022-1
Lynn Dohm

Last but not least, I met our Indian Hackers Tribe at Black Hat and the ritual of being part of this picture is always close to my heart.

wordpress-sync/blog-bhusa-2022-3

Overall, BHUSA 2022 was amazing and I can’t wait for 2023. Hope to see you there!

wordpress-sync/blog-hero-bhusa-2022

Vous voulez l’essayer par vous-même ?

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.