The forecast for Hacker Summer Camp
Vegas heats up as cyber pros gather for industry events
Packs of laptop-carrying cyber experts will be strutting down the Las Vegas Strip this August, likely in temperatures that run into the hundreds.
The desert heat won't keep away the cyber researchers, government professionals and industry elites that will gather for what they call Hacker Summer Camp — premier cybersecurity conferences like DEF CON, Black Hat USA and BSides Las Vegas, all occurring within days of each other. It’s an early August immersion into all things InfoSec, where researchers network and catch up with the latest vulnerabilities; defensive tactics, techniques and procedures; and industry silver bullets.
“I gain a ton of knowledge through being around the attendees at both conferences,” said Julian Zottl, security architect at Raytheon. “Keeping up with the evolving cyber threat landscape can be a challenge, but these conferences really help get a jump on that.”
Zottl will participate in a panel discussion about advanced persistent threats and side-channel attacks at DEF CON’s Blue Team Village.
“Many attendees use Black Hat/Def Con as an opportunity to network and catch up with colleagues they don’t often see,” said Mark Orlando, a conference speaker and chief technology officer of Raytheon Cyber Protection Solutions.
The events offer a host of briefings, training seminars and competitions to help attendees hone their skills.
“Black Hat and DEF CON allow me to share notes on new tools, techniques and emerging trends, and be exposed to elements of cyber that I don’t currently have experience with,” said Patrick Schweickert, a Raytheon security researcher and veteran Black Hat and DEF CON attendee.
Schweickert plans to participate in the WiFi Capture the Flag hacking competition, as well as the Packet Inspector Challenge at the Packet Hacking Village of DEF CON. He is particularly looking forward to talks and presentations related to Industrial Control Systems and Supervisory Control and Data Acquisition systems. ICS and SCADA systems are often used in large chemical processing, power generation, oil and gas processing and telecommunications plants.
Perusing the titles of scheduled briefings is like taking a course in the state of the cyber arts, from names well-known in the industry. On Orlando's schedule, for example: The Controlled Chaos: The Inevitable Marriage of DevOps & Security talk by Kelly Shortridge and Nicole Forsgren, the Infighting Among Russian Security Services In the Cyber Sphere talk by Kimberly Zenz, and Rough and Ready: Frameworks to Measure Persistent Engagement and Deterrence by Jason Healy and Neil Jenkins.
Orlando himself will deliver a talk on Building a SOC A-Team. Assembling Security Operation Center teams is a challenge, since talent and expertise are in such high demand these days, he said. His talk will offer creative ways to find, train and equip enterprise security “A-Teams.”
There has been more of a focus in recent years on defensive security and non-technical topics like policy and human factors, according to Orlando.
“I think we’ll see those kinds of briefings getting more coverage and attendance this year,” he said. “Hopefully, this trend will continue so we can bring in more diverse viewpoints and make Black Hat a more inclusive event in 2019 and beyond.”
Encryption and privacy are the hot topics Schweikert is looking to discuss.
“I expect conversations around cyber espionage and the continued growth of IoT devices and their security concerns to remain front and center,” he said.
The Hacker Summer Camp conferences offer a wealth of opportunity to learn, enhance and develop the skills that cyber professionals need.
Orlando hopes to gain “a new perspective on old problems in security — especially in areas like critical infrastructure and aviation, which are very relevant to the work we’re doing.”