Black Hat USA 2023, the preeminent cybersecurity conference underway in Las Vegas now through Thursday, will offer more than 100 cutting-edge research briefings, 120-plus discussion sessions with corporate leaders, and dozens of open-source tool demos.
Now in its 26th year, the conference draws an uncanny group of diverse participants, including hackers, tech gurus, entrepreneurs, government leaders, and chief information security officers (CISOs), all of whom face the same tough question: Which events are worth my time?
For those of you who can’t attend and run the gauntlet yourself, Focal Point has come up with our list of Black Hat 2023’s must-see presentations covering the five most pressing issues for senior-level business leaders today.
The following events are worth a watch, and should be comprehensible to all, whether you’re tech-savvy or just faking it. (We’ve steered clear of the techno weeds—so no researcher briefings or sessions that might skew overly jargony.)
As for how to watch? Thanks to the pandemic, which brought us the work-from-home revolution, we can now conference-from-home. Last year’s record-breaking Black Hat numbers included more than 21,000 unique attendees, with some 17,000 on site and 15,488 actively logged in to the virtual platform. This year, on-demand online access will be available one week after the live event, from August 16 to September 18.
THE ISSUE—Artificial intelligence (AI)
- WHAT: Keynote: Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow
- WHEN: Wednesday, August 9, 9-10 a.m. PT
- WHO: Maria Markstedter, founder, Azeria Labs
An expert in information security (infosec) training and a rising star in the cybersecurity field, Markstedter will discuss what’s on everybody’s mind these days: the potential benefits and risks of generative AI and AI-fueled chatbots like ChatGPT, and how this technological revolution will reshape cybersecurity.
AI will, no surprise, dominate much of the discussion at Black Hat this year, given the number of presentations devoted to it. Markstedter’s keynote will provide a useful primer, including the history of AI and the considerations that security leaders will soon have to weigh when doing the cost-benefit analysis of deploying AI tools.
THE ISSUE—Cyber insurance
- WHAT: The Integration Cyber Security and Insurance: The Journey of Cysurance
- WHEN: Wednesday, August 9, 1:30-2:10 p.m. PT
- WHO: Kirsten Bay, CEO, Cysurance
At enterprises big and small, it’s becoming increasingly clear (or should be) that a cyberattack is not a matter of if but when. No cyberdefense can provide 100% protection, which is why many organizations choose to transfer their risk to an insurance carrier. But transferring is not enough. As a slew of new court cases are demonstrating, enterprise leaders must familiarize themselves with their policy’s nitty-gritty—and making friends with your insurance broker isn’t a bad idea either.
Bay, whose firm specializes in cyber insurance for small and midsize companies, will cover these essentials as part of Black Hat’s Micro Summit on cyber insurance.
“Security professionals need to have more conversations with their leaders around the value of investing in cybersecurity and the financial impact that could have on the business,” Bay told Focal Point last year in our coverage of ransomware’s impact on the insurance industry. “I think between what’s happening with cyber insurance and the rise of ransomware,” she added, “that’s an easier conversation than it has ever been.”
THE ISSUE—Insider threats
- WHAT: It’s Coming from Inside the House: On the Hunt for Insider Threats With Tanium
- WHEN: Wednesday, August 9, 1:50-3:50 p.m. PT
- WHO: Melissa Bischoping, director, endpoint security research, Tanium; and Matt Psencik, director, endpoint security, Tanium
With workers rattled by headline-grabbing layoffs, class-action lawsuits, and the still-lingering threat of a recession, the risk of insider threats keeps rising. And this form of attack can have a significantly destabilizing effect on an organization, whether workers cause harm with malicious intent or by accident.
Bischoping, a co-host of the new Let’s Converge podcast from Tanium (which owns this magazine), and Psencik will give the 411 on insider threat profiles—including the differences between disgruntled employees, malicious insiders, and unintentional insiders—and other threat indicators that enterprise and security leaders must know how to spot.
- WHAT: Phoenix Soaring: What We Can Learn from Ukraine’s Cyber Defenders about Building a More Resilient Future
- WHEN: Wednesday, August 9, 4:20-5 p.m. PT
- WHO: Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA); and Victor Zhora, deputy chairman, Ukraine State Service of Special Communication and Information Protection (SSSCIP)
This one’s a confidence-builder. Because no matter how overtaxed you or your security teams may be, this guy—tasked with protecting Ukraine’s digital infrastructure—has it worse. In this fireside chat, Zhora will speak about the power of resilience and how to instill that in both your security systems and the teams that oversee those systems. If anything can fuel the process of digital transformation, it’s resilience.
Direct from the front lines of digital warfare, Zhora will recount how, despite a surge in Russian cyberattacks, their success has been thwarted. He recently touted the importance of public-private partnerships on Cyberscoop’s Safe Mode podcast. “Cyber resilience can be achieved only with a joint effort from the business and public sector,” he said, “especially when you talk about critical infrastructure, the biggest part of which is privately owned in Ukraine.”
THE ISSUE—Biden’s national cybersecurity strategy
- WHAT: Keynote: Acting National Cyber Director Kemba Walden Discusses the National Cybersecurity Strategy and Workforce Efforts
- WHEN: Thursday, August 10, 9-10 a.m. PT
- WHO: Kemba Walden, acting national cyber director, Executive Office of the President; and Jason Healey, senior research scholar, Columbia University’s School for International and Public Affairs
For business leaders, this is essential viewing, given the federal government’s recent pivot, shifting cyber responsibility away from naïve consumers and placing it squarely in the laps of software makers and boards of directors. Walden breaks down the federal government’s current approach to cybersecurity, which the White House announced in March.
She’ll also tackle President Biden’s new National Cyber Workforce and Education Strategy, announced last week, which seeks to address the growing cyber talent gap by, among other things, boosting diversity and inclusion in the cyber workforce.