Opinion

FUD Watch | Black Hat and the Hype Machine

Next month the hacking community will descend upon Las Vegas for the Black Hat and Defcon events. But are these events anything more than theater?

By Bill Brenner, Senior Editor

July 09, 2008

About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD - overhyped security threats that ultimately have little impact on a CSO's daily routine. The goal: help security decision makers separate the hot air from genuine action items. To point us toward the industry's most egregious FUD, send an e-mail to bbrenner@cxo.com.

Fellow NAISG board member Jack Daniel, a sharp security mind who does blacksmithing for fun and inspired me to write a story on how folks in our industry blow off steam, has gotten my brain spinning once again.

The inspiration this time is an item he wrote in his Uncommon Sense Security blog about the Black Hat and Defcon events that'll have Las Vegas crawling with hackers next month. He notes how he'll be attending and how he will point out the disconnect between "real" security types and much of the real world.

"So if these events are just a bunch of security geeks and hackers getting together, where's the relevance?" he asks. "Isn't it really just preaching to the choir? What's the point in that when the people who need to get the message aren't there or listening? Why go through the torment and degradation that defines modern air travel just to stress-test your liver?"

He ultimately concludes that there's still a very good reason to attend these gatherings, because "as 'the choir' it is our responsibility to spread the word to the rest of the world. If we need to hang out with a few thousand other security and hacker types and sacrifice some brain and liver cells to keep up with the latest news so that we can spread the word, I am willing to make that sacrifice for the good of the world," he writes.

Since Black Hat falls on the same week as my tenth wedding anniversary I won't be going to Vegas this time around. But I did make the trek last year and the year before, and I've often found myself wondering if the hype surrounding what happens on the upper floors of Caesars Palace squares with what security pros need to be focusing on.

Some say events like these are nothing more than an ego fest for vulnerability researchers. Though there's some truth to the ego fest part, I agree with Jack that Black Hat and Defcon are ultimately worth the time and money.

At the same time, things happen there that sometimes get in the way of the big picture.

Black Hat

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors