Skip to content

The 5 Best Events for CISOs at Black Hat 2022

Endpoint magazine cuts through the thicket of tech jargon to find the most relevant discussions for senior-level leaders at the 25th anniversary conference.


This year marks a quarter century of Black Hat, the information security conference that brings together a merry band of hackers, CISOs, government leaders, and tech gurus.

Black Hat runs August 6-11 in Las Vegas. Founded by security consultant Jeff Moss in 1997—before iPhones, Twitter, or the original Matrix—the event has grown in size and reputation from a one-time meetup to a multiday shock-and-awe symposium held on three continents.

Identify and contain adversaries before they can spread across your network.

Unlike the old adage “What happens in Vegas stays in Vegas,” you can be sure that what happens at Black Hat will get talked about. Like the time in 2010 when the late New Zealand hacker and security researcher Barnaby Jack demonstrated just how easy it was to make an ATM machine spew cash

Or in 2012, when Moldovan computer scientist and professor of cybersecurity Andrei Costin demonstrated security flaws in the FAA’s air traffic control system that allowed him to reveal the location of Air Force One. Or in 2016, when security researchers hacked an internet-connected Jeep Cherokee with Wired reporter Andy Greenberg at the wheel.

All live, at Black Hat.

So what will this year bring? Endpoint scanned the Black Hat calendar for five events you won’t want to miss. Consider them must-sees for chief information security officers (CISOs), their security teams, and any business leader who takes cybersecurity seriously.

1. Close up and candid

What: Black Hat CISO Summit

When: Tuesday, August 9, 8 a.m. to 6 p.m.

Who: Kirsten Bay, CEO of Cysurance; Joanna Burkey, CISO at HP; and an advisory panel of leading CISOs from Cisco and Salesforce, among others.

This all-day, approval-only event features confidential discussions and networking with some of the nation’s top corporate and government security executives. Candid insider talks include “Why Cybersecurity Is a Key Pillar of ESG: What This Means to You as a CISO,” led by Burkey, a cybersecurity vet who has spent time on both sides of the product-practitioner fence.

[Read also: Ransomware Is Battering the Cyber Insurance Industry]

In “Cyber Insurance: The Current State and Ways to Influence the Future,” Bay brings more than 25 years of experience in risk intelligence, information management, and cyber policy. She discusses the state of cyber insurance—a sector she knows well, having helped spearhead the development of comprehensive and affordable coverage for small and midsize businesses.

“The friction that we put people through to acquire cyber insurance products is ridiculous,” she said on a recent Spot On Insurance podcast.

2. Onboard with change

What: The Cyber Safety Review Board: Studying Incidents to Drive Systemic Change

When: Wednesday, August 10, 1:30 p.m. to 2:10 p.m. 

Who: Robert Silvers, undersecretary for strategy, policy, and plans, Department of Homeland Security (DHS); Heather Adkins, vice president of security engineering, Google; Jeff Moss, founder, Black Hat and DEF CON, and former chief security officer and vice president, ICANN.

The much-anticipated Cyber Safety Review Board (CSRB), which recommends cybersecurity best practices to U.S. agencies and private enterprises, recently wrapped up its first deliberations, about the Log4j vulnerability. Black Hat founder Moss will lead Silvers and Adkins—CSRB chair and deputy chair, respectively—in a discussion about the key findings of their inaugural report and the ways they believe CSRB will change the landscape.

[Read also: 6 Cybersecurity Questions I Always Tell Boards to Ask]

Silvers was appointed undersecretary a year ago, and he has the unenviable task of trying to align the sprawling DHS while simultaneously running the new board. He backs controversial legislation requiring organizations to report cyber incidents. “We cannot accurately address a problem,” he testified to Congress, “if we do not understand its scale and scope.”

3. Threat hunting made simpler

What: The Open Threat Hunting Framework: Enabling Organizations to Build, Operationalize, and Scale Threat Hunting

When: Wednesday, August 10, 2:30 p.m. to 3 p.m.

Who: John Dwyer, head of research; Neil Wyler, global lead of active threat assessments; Sameer Koranne, global OT lead: all IBM Security X-Force

Ransomware attacks are set to increase in speed and efficiency—that’s the finding of a June report analyzing enterprise ransomware attacks from IBM’s Security X-Force team. The report found that the average duration of an attack—the time between initial access and ransomware deployment—fell 94.3% between 2019 and 2021.

Dwyer, Wylie, and Koranne will discuss their new framework to help organizations build a threat hunting team and ways to improve threat hunting operations in existing programs. Having evaluated programs at Fortune 100 companies and government agencies, they understand the conundrum enterprise leaders face: They should be doing threat hunting, but they are often unable to articulate just what threat hunting is.

4. A cyber review board of one’s own

What: No One Is Entitled to Their Own Facts, Except in Cybersecurity? Presenting an Investigation Handbook to Develop a Shared Narrative of Major Cyber Incidents

When: Wednesday, August 10, 3:20 p.m. to 4 p.m.

Who: Victoria Ontiveros, researcher, Harvard Kennedy School; Tarah Wheeler, CEO, Red Queen Dynamics.

While the CSRB investigates widespread cyber incidents across organizations, individual organizations are starting to see the wisdom in having review boards of their own. But how to form one?

In June, Ontiveros and Wheeler released a playbook, co-written with threat-modeling expert Adam Shostack, on the ways big and small organizations, including state and local governments, can create better investigatory mechanisms. They’ll take leaders through the process of standing up a cyber incident investigations board, weighing tradeoffs, and assessing the impact of decisions over time. 

5. The predictable cyberattack

What: Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed

When: Thursday, August 11, 9 a.m. to 10 a.m.

Who: Kim Zetter, investigative journalist

Despite the billions that enterprises spend on security, and the government’s amped-up spotlight on threats, leaders are still shocked when cybercriminals pivot to new, if wholly predictable, modes of attack.

Veteran journalist Zetter, who has written about cybersecurity and national security for Wired, The New York Times, and The Washington Post, explores this failure of imagination in her keynote, which looks at the cybersecurity lessons leaders have had to learn, and relearn, and the ways everyone can improve their ability to foresee “unknown unknowns.” 

Zetter is the author of Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, and she has broken stories about NSA and FBI surveillance, Russian sabotage of Ukraine’s power grid, and the use of Ukraine as a cyberattack testing ground. The latest ransomware attacks are disturbing, but they also offer plenty of clues about cybercrime in the future—if we pay attention, that is.

Joseph V. Amodio

Joseph V. Amodio is a veteran journalist, television writer, and the Editor-in-Chief of Focal Point. His work has appeared in The New York Times Magazine, Men's Health, Newsday, Los Angeles Times,, and, and has been syndicated in publications around the world. His docudramas have aired on Netflix, Discovery, A&E, and other outlets. He also produces Tanium’s new Let’s Converge podcast—listen here.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.