Welcome to RSA … I mean #BlackHat

Yesterday I walked into the room where all the vendor exhibits are and a strange feeling came over me, like I had been transported five months back in time to a place in San Francisco where the people were loud and the eye candy excessive. “Welcome to RSA,” I thought to myself.

I wasn’t the only one to get that feeling. Everyone I ran into yesterday afternoon said much the same thing. If one needed proof that this isn’t your older brother’s Black Hat, this is it. Vendors are a major force at this year’s Black Hat USA in Las Vegas. To be sure, some attendees aren’t happy about it. They long for the time when Black Hat was a counter-culture movement. This more mature, respectable version? I can’t run some of the words dropped in my presence, because this is a kid-friendly publication.

Right about now I should start spouting off about how Black Hat has turned into a waste of time, a fruitless endeavor where the big money has taken over and the integrity-filled speakers are nowhere to be found.

But I’m not going to do that. Because I don’t believe it.

True, Black Hat has become heavily commercialized. But hasn’t the state of hacking in general? This used to be an underground art. Now hacking is a profession respected and embraced by big business. The masters of enterprise know now that they need you to find all the weaknesses in their infrastructure before the bad guys do and they become another data breach headline.

That’s as it should be.

True, they still have a problem listening to and understanding you. But I’ve met a lot of CEOs who are slowly starting to get it. Slow progress beats no progress any day.

Whenever an environment shifts this way, someone is waiting in the wings to make a buck off of it. Enter the security vendors.

That’s not such a bad thing, either. Some of my best friends in this industry work for vendors. They’re dedicated to protecting our sensitive information and to doing the right thing. They’re trying, at least. Those vendors are surrounded by a lot of pretenders who promise THE solution to every security problem in a box of leather and diamonds. The smartest security practitioners among us sniff them out and expose them pretty easily.

Black Hat is the type of event that attracts those smart minds.

That being the case, I’m not bothered by the commercial spectacle Black Hat has become.

It simply means more people have been invited into the conversations on how best to make a positive difference.

It may not be as much fun for us reporters, who remember going to this event every year and chasing the multitudes of drama that always unfolded. But maturity is often a boring thing. Boring, but necessary.

And if it gets too boring, BSidesLV is just down the street, and is a nice change of scenery and mindset.