Keynote: Black Hat at 25: Where Do We Go from Here?

The keynote speaker discusses the current state of cybersecurity and the need for a shift in mindset and action to deliver better outcomes in the future.

• The InfoSec community has been gathering for 25 years to address insecurities in technology through vulnerability research and adversary insights.
• The constant need to connect everything creates more attack surface for bad actors and leads to bad security outcomes.
• Global market realities and shifting geopolitical dynamics can disrupt carefully orchestrated business plans and national strategies.
• The speaker suggests a needed shift in both mindset and action to successfully deliver better outcomes in a contested information environment.
• The goal is to build a safer, more resilient technological future where systems and infrastructure behave more like escalators: when they break, they turn into stairs.

The speaker mentions that despite 25 years of progress in cybersecurity, we are still trying to figure out how to solve the problem space. He emphasizes the importance of finding one's principles, people, and purpose outside of work to lead a meaningful life online and offline. He also advises against reading negative comments from strangers on the internet and instead seeking constructive feedback from one's network.

For twenty-five years, the InfoSec community and industry have been gathering here in the desert. For twenty-five years, we have chipped away at underlying insecurities in the technologies we use every day with new vulnerability research and adversary insights. For twenty-five years we’ve seen vendors and software firms roll out new products and protections. With the last twenty-five years as prologue and as we look forward to the next twenty-five years, we have to ask ourselves: are we on the right track? We certainly aren’t set up for success, given society’s insatiable and almost pathological need to connect everything. We’re constantly serving up more attack surface to the bad guys and always cleaning up after business decisions that we know will drive bad security outcomes. All the while factors out of our hands – namely global market realities and shifting geopolitical dynamics – wreck nearly overnight carefully orchestrated business plans and national strategies. The last few years of geopolitical chaos and autocratic retrenchment might look like the good ol’ days by the end of the 2020s. This talk will work through today’s risk trends and what they mean for tomorrow’s network defenders, suggesting along the way the needed shifts in both mindset and action to successfully deliver better outcomes while recognizing that we’re going to be forever operating in a contested information environment. To rip off a Mitch Hedberg joke (RIP), maybe over the next twenty-five years we can build a safer, more resilient technological future where systems and infrastructure behave more like escalators: when they break, they turn into stairs.