You Are Here: Home » Uncategorized » The Black Hat Challenge: Which ONE Session Will You Attend?

The Black Hat Challenge: Which ONE Session Will You Attend?

Black Hat USA is upon us and attendees (IT security practitioners, company executives, journalists, analysts, vendors, etc.) are gearing up for their voyage to the desert. 

Many folks are beginning to put together their plan of attack for the event and are likely just starting to take a deeper look at the Briefing Session schedule, which is slated to take place on Wednesday, July 28 and Thursday, July 29 at Caesar’s Palace in Las Vegas, and are thinking about which sessions to go to.

This is quite the daunting task, as the Black Hat organizers have certainly out done themselves yet again this year by lining up some amazing speakers and content.  But is Black Hat hurting itself with too much great content?  Here are some quick numbers to digest regarding just the Briefing Sessions portion of the event:

  • 2 Days
  • 2 keynotes (one each day)
  • 10 tracks (not including the "Special Events" track)
  • 10 time slots (five each day)
  • 100 sessions

So fellow attendees, you have 100 sessions to choose from, but can only pick 10 maximum (one for each time slot).  How will you use your time at Black Hat this year?  One wonders if a more streamlined approach, like that of CanSecWest, is better for attendees — where no sessions are competing with one another and attendees aren’t faced with making the difficult decision of having to select between great ones and potentially feel as if they missed out and picked the wrong one. 

Regardless, the Schwartz Security Practice is looking forward to another very exciting experience at Black Hat USA this year and the Practice will be there in full force.  Schwartz Security clients that are presenting sessions this year include: Core Security, Damballa and Qualys, who has three sessions: one, two and three.

Your turn.  If you were told that you can only attend ONE session at Black Hat this year, which would it be and why?  We look forward to reading your shared thoughts in the comments section.  See you in Vegas!

The following two tabs change content below.

Comments (7)

  • Steve Ragan

    I don’t think that BlackHat is hurting itself with the volume. As BlackHat grew, the demands for more content grew with it. They have to consider the attendees as well as the sponsors in this regard.
    With that said, I do think that a streamlined approach would be better. Then again, this is because I constantly have to pick some talks over others.
    If there was only one, then I would have to follow Dennis and go see RSnake’s talk.
    At the same time, if given a choice between seeing only one talk and having lunch with a friend, then I will skip talk altogether.

  • Matt Hines

    Too much content is a nice problem to have… and there’s still DEFCON and B-sides…
    I don’t see any of this as downside, more testament to the growing reach and relevance of what vulnerability research and all its offshoots, pen testing being one, represent to the larger IT security sector.
    The reality is that this is just a sign of maturity throughout.. this is not just a handful of hackers talking hacks anymore… but rather the underpinnings of a large and increasingly influential subsection of the entire enterprise security market.
    The beauty is that you have a lot of the same people who have been speaking every year advancing their work… along with all the new folks.
    There are more areas of specialization than ever before. Do you want to hear Beaker talk about cloud sec evolution or someone less known talk about something less closely associated (yet) with the business aspect of enterprise security.
    As Dennis points out, the show and the space have obviously evolved and become more commercial every year. A look around the vendor pavilion finds more companies like Core and Qualys growing quite nicely as a result as well. A lot of the annual speakers are seeing their business rise…
    In Vegas tradition it’s a rich buffet of content that people can avail themselves of.. the interesting question (as always?) will be how many people come, who they are and whom they flock to see…

  • Kelly Jackson Higgins, Dark Reading

    That’s easy: Barnaby Jack’s ATM preso. It’s been a long time coming.

  • Anup

    on the concurrent track vs single track issue, I think the success of BlackHat mandates the concurrent tracks. The problem with a single track is you’d end up with 1/10th the content and as a result, it would be much, much more competitive, which incidentally means, Tim, many of your clients would not be presenting. So my feeling is Moss & crew made the right decision to grow the conference by adding tracks. Ultimately the community is large enough to cover the talks you miss. In fact that should be our responsibility, right?
    On which talks to see, mine will be the one on NEPTUNE. First, this is my wheelhouse. Second, it sounds like an interesting combination of in-browser analysis coupled with OS sys-call monitoring. One question I have is why they chose Detours. Though Detours is widely available, it suffers from some major weaknesses (Win32 API only) and malware is pretty cognizant of Detours. There are better alternatives, so I’ll be curious and will look forward to downloading their toolkit for my own fun.
    Another topic that is clearly just beginning to gain some momentum is the mobile app security topic. At least from the descriptions, it seems like most of the work here is very preliminary. I expect there will be much more in-depth analysis and exploits presented at next year’s BH.

  • Diana Kelley

    Tim you make an excellent point about the dilemma that a surfeit of content riches at BlackHat (and other large cons like RSA) presents. There’s an element of Schwartz’ (as in Barry – no relation to you guys, right?!) “The Paradox of Choice: Why More Is Less” in all of this. But if a conference is going to draw a significant number of attendees, the organizers, I believe, have to provide a variety of content to appeal to multiple constituencies.
    Having said all that – for us at SecurityCurve this year, we’re most interested in the SCADA talks (Pollet, Arlen, Cummins). Running a close second, curiosity in details of how Ryan’s “Robin Sage” social engineering experiment played out and insights he’s drawn from it.
    What about you Tim? What’s your must-see presentation?

  • Dennis

    Black Hat has definitely turned into a more corporate show in the last couple years. But the really good content is still there if you look for it. The one session I wouldn’t miss this year is Rsnake’s talk on SSL. It’s terrifying.

  • _ryan

    i think this has a lot to do with that that black hat and cansecwest are two different shows, owned by people with different interests, catering to different audiences.
    black hat needs as much content to appeal to a mass audience, including non-tech folks. at cansec, dragos is happy with a single track catering mainly to the technical research crowd.


Leave a Comment