The annual InfoSec pilgrimage began on Aug. 3, 2018, as security practitioners made their way to Las Vegas in anticipation for BSides Las Vegas, Black Hat USA, Defcon, and a slew of other notable security conferences. Affectionately known as “Security Summer Camp,” this is a time when security folks of all backgrounds converge to present and discuss the latest and greatest in cybersecurity and, of course, hang out and catch up with fellow members of the community.
From conference talks and business hall exhibitions to security trainings and personal conversations, the big takeaway from the past week was undeniable. Our industry is at an inflection point, and everyone is focused on a common theme: unification. Excited by the rally call to break down silos and embrace cross-functional team structures (SecOps, DevSecOps, or whatever the kids are calling it these days), organizations far and wide are looking to unify their environments, people, and experiences to cut down on risk and amplify their security postures.
This isn’t a new focus by any stretch of the imagination. The dream of unification in the cybersecurity space has been years in the making but consistently hindered by complex landscapes, technical limitations, and a maturing industry still trying to adapt as quickly as tech changes. The definition of unification and how organizations tackle this may vary—calls for making security measures more user-friendly, the democratization of security technology, and crowd-sourcing security responsibilities across many teams are just a few examples of unification in action.
As the industry converges, so do the problems we face and the solutions we generate. And ultimately, these challenges will continue to bring the community closer and closer together. Let’s take a look at how this played out across the past week in Vegas.
In the Black Hat USA 2018 Conference Hall
Parisa Tabriz, the “security princess” of Google, opened Black Hat briefings with an outstanding keynote, “Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes.” Tabriz reminded the audience that as purveyors of technology, we have a responsibility to the world and its future to make cybersecurity truly accessible to the masses.
She covered how she helped tackle this challenge at Google as part of Project Zero in unique ways (a poetry slam) and provided tactical tips on fighting the status quo and raising the bar on security to enact meaningful change across the technology landscape. In essence, tackling the root cause, hitting milestones and celebrating, and building your coalition were the three big beats.
My favorite part of this keynote was when she celebrated defenders by asking them to stand and requested the audience give them a round of applause. This recognition is so necessary in an industry where it’s becoming increasingly more challenging as a blue-teamer.
At the Rapid7 Black Hat USA 2018 Booth
It’s no secret we’re focused on SecOps, the convergence of security, IT, and development. We’ve even built a security platform to support this movement with unified data collection at the center and user behavior analytics, visibility, and automation and orchestration tying it all together.
Whether you stopped by the Rapid7 booth for an individual demo or watched one of the many presentations given by our team of solution experts, you got a preview of what SecOps means to us and how the Insight platform and our products can meet your needs.
Like we do every year, we also gave out free passes to our annual party on the first day and even had a wicked cool flip-disc video display. Oh, and did we mention we handed out free T-shirts?
Other Fun Happenings
Metasploit Tees to Benefit EFF
We’re huge proponents of digital privacy here at Rapid7, as demonstrated by our ongoing advocacy and contribution to public policy. To continue demonstrating our support, we sold 15-year anniversary tees for Metasploit to benefit the Electronic Frontier Foundation (EFF). We were shocked by how fast the T-shirts sold out—turns out, InfoSec folks love privacy and the slick new design.
Car Hacking Village
The events at Defcon revved up with the Rapid7-sponsored Car Hacking Village, which put attendees to the test as they attempted to hack everything from self-driving cars to motorcycles, four-wheelers, and yes, even mobility scooters. This interactive village even featured a Capture the Flag challenge in which particularly motivated players could opt in to a mock abduction and work to escape from the back of an SUV and hack into it (hopefully a skill you never have to use IRL!).
The Annual Rapid7 Customer Lunch
We want to thank all of the customers who turned out to our customer lunch, which was our biggest yet! Not only was there food galore, but attendees also got a chance to hear from a great panel around SecOps and talk about risk management, incident detection, and more.
Christina Luconi’s Queercon Keynote
Queercon started 10 years ago as an inclusive LGBT hacker party and has since grown into an event in itself. This year, our very own Christina Luconi had the honor of keynoting the event on the topic of diversity and inclusion at Rapid7 and how we’re working to unify and build a truly inclusive workplace.
In her interactive discussion, Luconi covered successes, challenges, and learnings as she continues to dedicate her time and effort to making the workplace an environment where everyone feels they have equal opportunity to thrive and excel.
The Annual Rapid7 Party
If you didn’t get a chance to attend the annual Rapid7 party, you missed out on a good one! Held at Omnia, the party kicked off with an early happy hour in a cozy lounge (if you consider 9 p.m. to be “early”), then the doors opened not long after. The multi-level club sported outdoor views of the Las Vegas Strip, indoor balconies decorated with lights, and dance floors for days. The biggest attraction? A dancing chandelier.
At midnight, this work of art came alive and put on a show attendees are likely to remember as they danced the night away. Even when I left around 2 a.m., the party was still going strong. If there's anything we learned from Black Hat in general and our party in particular, it's that InfoSec definitely knows how to break it down!