Modernizing Authentication — What It Takes to Transform Secure Access
LAS VEGAS — The Black Hat security conference is known for being the place where some of the most interesting security research is first revealed, but that wasn't the original founding vision for the event.
In his keynote address at the Black Hat USA 2017 event here, Jeff Moss, aka The Dark Tangent, reflected on the early days of the event he created 20 years ago. Black Hat was actually the second conference that Moss created. Five years before creating Black Hat, he started DEFCON (which celebrates its 25th anniversary this week).
The problem back in 1997 was that people wanted Moss to write professional sounding letters to their employers about the benefits of coming to DEFCON. So Moss, on the advice of a friend, decided that he would take out a loan and start a professional conference so he wouldn't have to write the letters anymore.
Back in 1997 he noted that there weren't a whole lot of jobs in information security, so the first Black Hat speaker list was largely just Moss' friends and those he knew from the DEFCON community. Moss said that all he really wanted to do was get them in a room and hear what they were working on. It turned out to be a formula for success.
Moss said that when he asked people why they were attending Black Hat, they told him it was because the event acted as a 'crystal ball' showing future trends.
"The belief was that if hackers and researchers were talking about an issue, it was likely going to be a problem in the real world too," Moss said.
Moss said that over the years he has seen unicorn companies formed based on ideas they first heard at Black Hat.
"We're really at the edge of something," Moss said. "I can't tell you what but I know it's the edge."
In the early years of Black Hat it was held at the same venue as DEFCON. Moss noted that he learned quickly that wasn't a good idea as the two conferences appealed to different groups.
"Black Hat is more focused for helping companies understand what's going on and how to do things that will help them," Moss said.
In contrast, DEFCON is a hacker conference where people just try out ideas and talk about interesting security issues, but not with a corporate bent.
Moss noted that offense is a very technical game with very simple metrics, it's "did you break in or not?" When talking about defense, it's much harder and there can be organizational and budget issues to figure out whose job and responsibility it is for a given area.
"Everything is connected so now we have a responsibility where we have to do something about this situation and make things secure by default instead of open by default, Moss said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.