Black Hat 2019: Catch ups, networking and lots of learning

It’s that time of the year when a bunch of hackers reunite under the hot sun in the Nevada desert…

Yes, I am talking about the Hacker Summer Camp 2019. Just as in every other year I made my way to sunny, and hot, Las Vegas on my usual 4.40 flight from Heathrow.

Most people would dread the thought of a 10-hour flight but for me, I knew I could get in 7-8 hours of almost uninterrupted work and still find time to squeeze in a nap.

After years of doing the trip I have learned lots of tips for keeping the effects of jet lag to a minimum:

• Sleep as little as possible

• Don’t drink alcohol

• Have some herbal remedies such as melatonin and valerian.

• Exercise in the morning

These events are always full on so it’s essential to arrive there feeling as fresh as possible, and start things the right way - so I opted for an early night.

The first day came as quite a shock. I usually arrive a day early to get my pass and get organised but not this time so I had to join the queue!

Once I finally got to the front of the queue and I got my pass, I headed down to the keynote.

As always day one was packed with the usual schedule but this year I was more focused on meetings and using the time in Vegas to catch up with so many contacts, which makes so much sense when we are all actually in a room together.

And I actually think I really managed to make the most of it. Black Hat has all the people you want to see in one place, so even if you don’t attend the briefings you can still meet most of the people that are scattered across the USA.

I manage to pack my schedule with meetings with so many colleagues, friends and other great Infosec minds.

Highlights

- I finally managed to meet with two of my mentors and main inspirations Tanya Janca and Allan Alford.

- I missed Troy Hunt at Infosec but managed to catch up with him here

- I finally got to meet the man Scott Helme.

- I also finally met Mike Johnson and David Spark in person and was a guest on their podcast

- I spent time with Marco Cappelli and Sean Martin and did an amazing interview for ITSP (coming out soon)

- It was a pleasure to meet Joe Gray (no pictures for obvious reasons)

- I finally met Gary Hayslip, who I have only previously chatted with via LinkedIn and I have his book waiting for me

- And I finally managed to meet Chris Cochran from Netflix and I also had the pleasure to meet with Aladdin Mubaied and we discussed our approach on appsec on the back of his presentation - Eradicating open source vulnerabilities at scale. I’m looking forward to co-present with him at the appsec programme but with more open-source tools.

To be honest, the highlights didn't stop there. It was a week packed full of great meetings, including Zulfikar Ramzan, CTO from RSA, who was amazingly down to earth and friendly.

During an ITSP interview, we discussed the past and present of Black Hat and also brought in one of the newest Infosec recruits, Guamaral Erkhembayar.

I also had the pleasure to meet up again with Lisa Jiggetts and the other amazing women from the Women's Society of Cyberjutsu (WCJ).

A big shout out to Vandana Verma for being named Secure Coder at the 2019 #cyberjutsuawards she is both an inspiration and a role model.

It's also worth mentioning the Cybersecurity Woman of the Year awards, organised by Intelligence.

It was particularly pleasing to see two of my friends; Tanya Janca and Lisa Ventura among the winners.

And another special mention for the amazing organisation of the wicked games at the Luxor E-sport Arena.

The key messages I took away were:

• Older security folks like me made their path through security from system administrators, developers and network administrators. Each of those roles added a bit of knowledge on how to create things in the right way.

• Hacking is hard and takes a lot of time and dedication. keynote speaker Dino Dai Zovi shared a few stories on how many hours he dedicated to reverse engineering and creating some of the exploits.

• In order to be successful security people, we need to get closer to the development team and remove the barriers.

• Dino also stressed the following call to action

• Talk to five customer teams

• Understand the project struggles

• Understand when they ask for security help

• Understand the successful security conversations and the ones that failed.