Opinion

FUD Watch | Black Hat and the Hype Machine

Next month the hacking community will descend upon Las Vegas for the Black Hat and Defcon events. But are these events anything more than theater?

By Bill Brenner, Senior Editor

July 09, 2008

About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD - overhyped security threats that ultimately have little impact on a CSO's daily routine. The goal: help security decision makers separate the hot air from genuine action items. To point us toward the industry's most egregious FUD, send an e-mail to bbrenner@cxo.com.

Fellow NAISG board member Jack Daniel, a sharp security mind who does blacksmithing for fun and inspired me to write a story on how folks in our industry blow off steam, has gotten my brain spinning once again.

The inspiration this time is an item he wrote in his Uncommon Sense Security blog about the Black Hat and Defcon events that'll have Las Vegas crawling with hackers next month. He notes how he'll be attending and how he will point out the disconnect between "real" security types and much of the real world.

"So if these events are just a bunch of security geeks and hackers getting together, where's the relevance?" he asks. "Isn't it really just preaching to the choir? What's the point in that when the people who need to get the message aren't there or listening? Why go through the torment and degradation that defines modern air travel just to stress-test your liver?"

He ultimately concludes that there's still a very good reason to attend these gatherings, because "as 'the choir' it is our responsibility to spread the word to the rest of the world. If we need to hang out with a few thousand other security and hacker types and sacrifice some brain and liver cells to keep up with the latest news so that we can spread the word, I am willing to make that sacrifice for the good of the world," he writes.

Since Black Hat falls on the same week as my tenth wedding anniversary I won't be going to Vegas this time around. But I did make the trek last year and the year before, and I've often found myself wondering if the hype surrounding what happens on the upper floors of Caesars Palace squares with what security pros need to be focusing on.

Some say events like these are nothing more than an ego fest for vulnerability researchers. Though there's some truth to the ego fest part, I agree with Jack that Black Hat and Defcon are ultimately worth the time and money.

At the same time, things happen there that sometimes get in the way of the big picture.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Taking the Botnet Threat Seriously

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development