AWS SecuritySecurity Research & Strategy

Black Hat USA 2018: A SecOps Recap

Last week, I had the pleasure of joining thousands of security researchers, vendors, marketers, press, and bloggers converging on the desert and Mandalay Bay for my first-ever Black Hat USA conference. Attendees discussed the newest research, latest technologies, scariest threats, and biggest trends in this crazy world of cybersecurity. If you weren’t lucky enough to be part of the fun, here’s a quick recap of Black Hat USA 2018 (aka Security Summer Camp).

Parisa Tabriz’ Keynote Speech

The event kicked off with a great keynote from Parisa Tabriz, Director of Engineering at Google. Tabriz is not only responsible for making Chrome secure, but also for managing the Project Zero security research team. (You can see her full talk on YouTube.)

The self-proclaimed Security Princess addressed the security industry as a whole when she pointed out that “We must stop playing Whack-A-Mole and be more strategic. Sometimes the threats and solutions are relatively clear, but sometimes, often, we can’t tell the exact form of potential threats to come,” and therefore, “We have to do more to solve the [underlying] problems.”

This being my first time at Black Hat and relatively new to the security space, I immediately related everything Tabriz was saying to what we do at Threat Stack. At Threat Stack, we pride ourselves on offering a platform and services that help companies move away from an ad hoc, piecemeal (Whack-a-Mole) way of dealing with security toward a proactive, strategic approach. Using our Cloud SecOps Maturity Framework, we are able to work with our customers to help them develop goals, milestones, and success metrics not only to help the security team, but to benefit other business stakeholders as well.

Don’t Forget the Briefings!

In addition to the keynote session, the event offered hundreds of other presentations. Here are a few of the highlights that impressed me:

  • Threat Modeling in 2018: Attacks, Impacts and Other Updates: Adam Shostack discussed the evolving threat landscape we live in today. As Adam pointed out, while threats themselves have evolved (e.g., smart devices have introduced new threats that are difficult to analyze without input from multiple perspectives), threat modeling itself hasn’t changed too much and needs to catch up. (Watch this AWS breach investigation.)
  • Legal Landmines: How Law and Policy are Rapidly Shaping Information Security: Leonard Bailey, of the U.S. Department of Justice led a panel discussion on technology and its intersection with law. One very pertinent example centered on the GDPR and its 72 hour breach notification requirement, which increases the need for highly effective incident response procedures. (Learn more about GDPR regulations.)
  • In “ZEROing Trust: Do Zero Trust Approaches Deliver Real Security? David Weston, who currently leads the Windows Device Security and Offensive Security Research teams at Microsoft, discussed the most difficult part of delivering on the ZTN promise: device trust. In his presentation, Weston detailed a variety of technologies that Microsoft is delivering to improve the story around device trust and that will ultimately enable ZTN architectures.

Threat Stack at Black Hat

With all the tremendous briefings, networking, community building, and fun, this first timer would consider the event a tremendous success. Threat Stack was in full force with a dream team of marketers, salespeople, engineers, security, product, and executives on hand.

We took over the Oceanside Exhibit Hall near the Arsenal Theater with our “Securer Things” booth theme and demonstrated a few “Strange Things” that could be happening in your cloud. With a mix of booth demos, speaking sessions, parties, and some pretty rad swag, we had a great time hanging out and meeting lots of amazing people.

Final Words . . .

To go back and reflect on some of the lessons learned from the keynote presentation, collaboration between teams is incredibly important for any successful security project. At Threat Stack we’re fortunate that we have amazing teams in Marketing, Sales, Engineering, Security, Customer Success, and more — that collaborate on leading technologies and services.

Whether it’s running a marketing event like Black Hat, designing and developing new software products, or helping to integrate security processes into your organization, we understand the importance of working together to make sure Threat Stack and Threat Stack customers don’t get caught playing a game of Whack-a-Mole but have the resources they need to plan and execute mature security strategies that reduce risk, enable compliance, and support innovation at cloud speed.

See you at Black Hat next year! And in the meantime, if you want to get an insight into the maturity of your organization’s cloud infrastructure security practices, take our free Cloud SecOps Maturity Assessment.