Opinion
FUD Watch | Black Hat and the Hype Machine
Next month the hacking community will descend upon Las Vegas for the Black Hat and Defcon events. But are these events anything more than theater?
By Bill Brenner, Senior Editor
July 09, 2008 —
About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD - overhyped security threats that ultimately have little impact on a CSO's daily routine. The goal: help security decision makers separate the hot air from genuine action items. To point us toward the industry's most egregious FUD, send an e-mail to bbrenner@cxo.com.
Fellow NAISG board member Jack Daniel, a sharp security mind who does blacksmithing for fun and inspired me to write a story on how folks in our industry blow off steam, has gotten my brain spinning once again.
The inspiration this time is an item he wrote in his Uncommon Sense Security blog about the Black Hat and Defcon events that'll have Las Vegas crawling with hackers next month. He notes how he'll be attending and how he will point out the disconnect between "real" security types and much of the real world.
"So if these events are just a bunch of security geeks and hackers getting together, where's the relevance?" he asks. "Isn't it really just preaching to the choir? What's the point in that when the people who need to get the message aren't there or listening? Why go through the torment and degradation that defines modern air travel just to stress-test your liver?"
He ultimately concludes that there's still a very good reason to attend these gatherings, because "as 'the choir' it is our responsibility to spread the word to the rest of the world. If we need to hang out with a few thousand other security and hacker types and sacrifice some brain and liver cells to keep up with the latest news so that we can spread the word, I am willing to make that sacrifice for the good of the world," he writes.
Since Black Hat falls on the same week as my tenth wedding anniversary I won't be going to Vegas this time around. But I did make the trek last year and the year before, and I've often found myself wondering if the hype surrounding what happens on the upper floors of Caesars Palace squares with what security pros need to be focusing on.
Some say events like these are nothing more than an ego fest for vulnerability researchers. Though there's some truth to the ego fest part, I agree with Jack that Black Hat and Defcon are ultimately worth the time and money.
At the same time, things happen there that sometimes get in the way of the big picture.
Black Hat
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Log Management in a Cyber World
- Implementing Best Practices for Web 2.0 Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
