I’m still recovering from my third year at Black Hat and DefCon. The physical and emotional exhaustion, social overload, and post-event sniffles are all signs of a great conference.
This year, I added an extra day for the first-ever Black Hat AI Summit. I was drawn to the topic, the networking opportunities, and my usual habit of overloading on conference activities. The day was packed with panels and presentations, with meals included. Although breakfast was invitation-only (a little rejection to start the day), I made some interesting contacts over lunch. However, the overall content was dry and uninspiring for anyone familiar with AI and security. Several presentations felt more like sales pitches from companies like Palo Alto and Darktrace. A few sessions caught my interest, but by the afternoon, I was losing steam.
It’s tough to focus on AI all day without repeating the same themes. Talks are often either too high-level or too technical, and finding a balance is difficult.
Notable sessions included:
- Dr. Kathleen Fisher from DARPA, who discussed AI in national security and outlined government initiatives like CUDA, Trustworthy AI, and the AI Cyber Challenge (more links below). Many attendees said it was the most substantial session before lunch.
- Ted Bailey, CEO of Dataminr, demonstrated ReGenAI, a tool that uses public signals to predict national events, updating in real-time like a living news article.
- The technical breakouts, though another sales pitch from Darktrace, included some interesting insights from SOC operators. I also attended a session by Matthew Knight from OpenAI, where he shared a free Incident Response Slackbot.
That night, I attended a Splunk party, mingling with a business guy breaking into cyber, government lab folks, and a SIEM startup from Israel, before closing out with a fancy dinner with coworkers. After all, Black Hat is more about the connections than the sessions.
Black Hat – Days 2-3
Day one of Black Hat kicked off with registration and a packed keynote in a massive auditorium. Unfortunately, the logistics weren’t great, and many left early. I was on a business pass that limited my access to the vendor area and keynotes, so I missed several sessions.
The vendor floor was its usual buzz of activity—conversations, presentations, games, and swag. I spent time at the Microsoft booth, helping with demos and chatting with attendees. It was also a great chance to meet peers and leaders from Microsoft in person, which is rare in today’s remote world.
The rest of the day and the next flew by, with my time split between booth duty and vendor floor. I broke my “no-swag” rule a few times. My goal was to get a sense of what competing companies were doing, what the hot topics were, and how the job market looked. Conversations ranged from product comparisons to career satisfaction. I talked to about 50 vendors, avoiding those I already knew well but drawn back to others like Akamai, CISA, and CrowdStrike.
What I learned this year wasn’t much different from last year: AI is hot, most people enjoy their jobs, there’s a mix of remote and in-person work, and finding good talent is a challenge. Companies fell into the usual categories: training services, DevOps-API, automation, web protection, device protection, antivirus, XDR, SIEM, recruiters, government organizations, industry groups, managed service providers, threat intelligence, incident response, and enterprise services. There are big companies in direct competition, integrators that combine services, and startups filling gaps left by the larger players.
A few things stood out. I work with automation and SOAR, and there are several products doing cool things in this space—some even better or easier to use than the bigger players. But larger companies often rely on ecosystem and native integration rather than having the flashiest service. Generative AI add-ons were everywhere, with most companies making API calls to OpenAI or Azure Open AI. Differentiating AI services will soon be tough, as they become a basic offering, much like air conditioning in cars.
Wednesday night involved more vendor parties and another group dinner. The next morning, I started in the DefCon registration line, waiting for an hour for my badge and another hour for merch before giving up. Reports later said some people waited 5-6 hours. It’s always a gamble with DefCon. Spending the 2nd day of Black Hat again the vendor floor. The last evening ended with an exclusive Microsoft Research party on top of Mandalay Bay, mingling with cyber celebrities—fancy!
DefCon
By Friday, my first full day at DefCon, I was running on empty—tired, dehydrated, and sore. The sessions and villages were packed, and I spent most of the day exploring the layout, attending sessions on the fly, and waiting in lines. I missed out on popular villages like Red Team and Social Engineering due to their popularity. All plans went out the window.
Notable activities included the DARPA AIxCC showcase, a semi-immersive cyber-disaster scenario with theme-park-level detail. I attended a fun talk about hacking clothes washers for $2 refunds, watched people play Operation with an expensive surgery robot, and even found counterfeit cash being dropped randomly. At one point, I got so distracted I misplaced a full Starbuck drink.
I took breaks around 5 PM on both Friday and Saturday to rest at the hotel, staying nearby at Circus Circus for just $60 per night. Friday night, I had early access to a party honoring one of the VetCon founders. I met Jeff Moss, the founder of Black Hat and DefCon, before the doors opened which made my week! I also met a college student and had him pose for a photo with Jeff, hoping he’d appreciate it later.
Saturday night was a repeat of Friday’s parties, though with larger crowds. I accidentally cut in line for the Darknet Diaries party. By the time I realized my mistake, I just went with it. I snagged a Jack Rhysider costume and some swag but left early to make room for others. I closed out DefCon at the VetCon party, finally heading to bed for a few hours of rest before catching an Uber to the airport.
Black Hat vs. DefCon:
Black Hat’s vendor floor is about enterprise service sales, while DefCon vendors focus more on consumer items like shirts, puzzles, and hacker toys. Similarly, Black Hat parties are swanky affairs, while DefCon’s are more low-key with cash bars. Black Hat is more professional where it is common to exchange contact information. DefCon is more social were you make acquaintances and share first names though people seem more guarded. Black Hat seems split between vendors and sessions. DefCon is split between sessions (sometimes repeats form BH) and villages where you can participate in hands-on exercises and see demos.
People I Met:
- Jeff Moss, of course—such a cool moment.
- Several Microsoft leaders and peers, many of whom I admire.
- A tattoo artist from Puerto Rico who offered to fix my old Vegas tattoo for free.
- A cybersecurity leader from Blizzard Entertainment.
- I ran into an old coworker that was working the booth for a big competitor.
- Several government types, students, customers, and researchers.
- I nearly met the president of SANS, Ed Skoudis, for the 2nd time (3rd time is the charm).
- I still have Jen Easterly from CSIA and Nichole Perlroth on my cyber celebrity bucket list.
- The CEO of a young AI governance startup.
Tips for Future Attendees:
- Volunteer at DefCon. I’m considering it for next year to enhance my experience.
- Bring cash—some DefCon vendors are still cash-only, though many accept cards now.
- Pace yourself. Black Hat and DefCon back-to-back can be brutal. I walked over 30 miles, not counting hours of standing.
- Talk to everyone in your proximity. Waiting in line, sitting next to each other, a familiar face, a cool shirt, and waiting for a ride (or offer to share a ride).
- Make Connections. – Have your LinkedIn QR codes and business cards handy. Follow or friend speakers that you like as well.
General Takeaways:
- Generative AI and automation will soon be standard in most security tools, helping SOC teams with summarizing, querying, and integrating data. Most backed by OpenAI today, maybe Gemini or other models in the future.
- The differentiator for AI tools will be price, capacity, responsiveness, model-source, and integration with major platforms like Azure, AWS, or GCP. Privacy and functionality will be standard.
- I saw SOAR providers offering AI-generated workflows, which was exciting.
- There’s always room for integrators—companies that make it easier for organizations to juggle multiple tools.
- User experience and responsiveness are crucial, yet often overlooked in enterprise security.
- Several vendors were selling solutions that overlap with services provided by the big security providers, though their customers may be unaware of the overlap due to the complexity of these products. Many seemed unaware that they were selling something duplicate or possibly obsolete.
- Marketing matters. Some vendors excel at it, while others lag behind. Crowd Strick for example always does a great job with large displays and uniquely interesting swag. They gave out exclusive APT themed figurines.
- The most unoriginal and common giveaway was Lego sets. So many Legos!
- What I did not see is mind blowing applications of AI (OK, the deep fake booth was cool). I wanted to see video to security logs, AI driven response, AI accessibility enhancements, human avatars, and smart robots. Maybe next year.
- The DARPA AI Challenge is driving AI security solution to find and fix software vulnerabilities, and those solutions will be an open-source release next year. Some smart people are going to cash in on those models/code.
- Conference participation seems like more of an obligation for large vendors rather than a true sales tool. Companies feel the need to keep up with the competition, even if the direct ROI isn’t obvious. It just seemed like the big players were less interested in selling and more about standing out.
In the end, my time at Black Hat and DefCon was both rewarding and exhausting, filled with new connections, cutting-edge insights, and a deeper understanding of where the cybersecurity and AI landscapes are heading. While the content may not have been groundbreaking for those already immersed in the field, the real value came from networking, engaging with peers, and seeing firsthand how emerging technologies are shaping the industry. As always, these conferences serve as a reminder that staying ahead in cybersecurity isn’t just about attending sessions—it’s about forging relationships and gaining fresh perspectives to bring back to our day-to-day challenges.
Federal Resource References Bonus:
CUDA: CUDA focuses on advancing computing performance and is primarily associated with high-performance computing initiatives led by agencies like DARPA. More information at DARPA CUDA Program.
AIQ Test: The Artificial Intelligence Quantified (AIQ) program, led by DARPA, aims to develop mathematical foundations for evaluating AI systems’ capabilities. More details are available at DARPA AIQ Program (DARPA).
Automated Indicator Sharing (AIS): AIS is a DHS program that enables real-time exchange of cyber threat indicators between the U.S. government and private sector organizations to improve defense against cyber threats. Visit AIS Program.
Cyber Agents for Security Testing and Learning Environments (CASTLE): CASTLE is designed to create realistic cyber environments for testing and training security tools, promoting the development of effective cybersecurity measures. More information can be found on the DARPA website.
DARPA AI Cyber Challenge: This challenge encourages teams to develop AI-driven solutions for defending critical systems from cyberattacks. Details are available at DARPA AI Cyber Challenge.
DARPAConnect: DARPAConnect aims to broaden DARPA’s reach by fostering collaboration between DARPA and innovators from academic institutions, small businesses, and other entities. Learn more at DARPAConnect.
Enhanced SBOM for Optimized Software Sustainment (E-BOSS): E-BOSS aims to enhance the software bill of materials (SBOM) for better software management and sustainment across systems. Check out details at DARPA’s SBOM initiative.
Guaranteed AI Robustness Against Deception (GARD): GARD focuses on building defenses for AI systems to protect against deception and adversarial attacks. For more information, visit DARPA GARD.
High-Assurance Cyber Military Systems (HACMS): HACMS is a DARPA program aimed at developing technology for building secure and verifiable military systems to prevent cyber attacks. Visit DARPA HACMS.
ODIN: ODIN is a cybersecurity initiative that explores innovative methods for defending networked systems and securing data through advanced technology development.
Pipeline Reasoning of Verifiers Enabling Robust Systems (PROVERS): PROVERS is designed to enhance the robustness of verification systems used in critical infrastructure and security applications.
Safe Documents (SafeDocs): SafeDocs aims to eliminate vulnerabilities in document formats that cyber adversaries exploit. Learn more at DHS SafeDocs.
Semantic Forensics (SemaFor): SemaFor focuses on detecting and understanding manipulated media, such as deepfakes, through semantic analysis. Visit DARPA SemaFor.
Translating All C to Rust (TRACTOR): TRACTOR is a program dedicated to converting legacy C code into Rust to enhance the security and reliability of critical systems. Details can be found on DARPA’s research site.
Trustworthy AI Fact Sheet: This initiative involves guidelines and frameworks for ensuring the trustworthiness and reliability of AI systems. For more information, refer to the AI Trustworthiness Initiative.
US AI Safety Institute: The US AI Safety Institute is focused on promoting the safe development and deployment of AI technologies. More information can be found at AI.gov.