Sweltering 100+ degree heat of the desert.
Horrid traffic on the Strip.
Long days stretching from the early morning to well past midnight.
Heart full from seeing old friends and making new ones.
There really isn’t anything else like Hacker Summer Camp!
Three things I observed and took to heart:
- The security community is way friendlier now than when I started 7 years ago.
- Relationships and empathy matter - security can’t happen in a vacuum.
- Business context matters - separating real, material threats from theoretical is more important than ever.
This year was particularly special to me for three reasons - I got to experience The Data Heist up close and personal, I gave a talk at BSides, and I attended DEFCON for the first time!
The Data Heist
JupiterOne kicked off the week with a cybersecurity whodunnit dinner hosted at Superfrico. I am a sucker for murder mystery dinners, and this one takes the cake! Months leading up to the event, guests were encouraged to crack a cipher to get the location details, and once you were in the space, it felt like you were transported somewhere else entirely.
We enjoyed a night of detective work, delicious food, beverages, and entertainment, featuring Sounil Yu, author of The Cyber Defense Matrix, and a supporting cast of actors.
Friendships were forged and memories were made, and if you’re feeling FOMO, don’t worry. This event could be coming to a city near you! We’ll be hosting this event in Seattle, Washington D.C., San Diego, and New York City, so if you’re close to any of these cities, sign up here!
BSides Las Vegas
BSidesLV usually has a lot of technical talks, so imagine my excitement when my talk, “How to communicate with non-security specialists to drive action” got accepted!
So much of the work in security today is persuading people to act - to fix, to change, to update, to communicate. Technical prowess is often the starting point for many careers, but the ability to communicate and persuade people to act is what will fuel career growth and influence change within an organization.
In this talk, I dug into three key things practitioners need in their communication to drive action:
- Value - Provide value to the audience. This will be different when security folks are communicating with finance, HR, engineering, legal, sales, executives, etc. The more specific you are to your audience, the greater success you’ll find in driving action.
- Clarity - While technical words make sense in the world of engineering and security, other departments have their own areas of expertise as well, so we need to use simple, common language to appeal to a wider audience.
- Connection - Human beings build trust and relationships based on emotional connection. Find ways through stories and analogies to connect on the human level and tie back to the action you are trying to drive.
JupiterOne also had two other speakers at the event - Kenneth Kaye and Sounil Yu!
Kenneth’s talk, “Big SIEM energy at micro-SIEM cost,” covered how to manage security events and incidents in your AWS infrastructure using other AWS services when GuardDuty might be too much for your use cases or budget.
Sounil had two different BSides talks:
“Double Entry Accounting for Security” - This talk explored how double entry accounting practices could revolutionize your security program.
“From LLM Obstacles to Open Doors: A Tale of Three CISOs” - This talk explored three concerns and three corresponding opportunities for generative AI and LLMs. Sounil provided specific frameworks and models that allow us to understand the necessary guardrails for each concern.
BSides is currently chopping up the video, so we’ll update this blog with the links to each of these talks when they’re ready!
Black Hat
JupiterOne showed up “new and improved” after announcing the latest capabilities for hybrid infrastructures and AI-driven usability enhancements!
We had an incredible turnout for Sounil Yu’s book signing. We also had friends from our Stellar Partner Program speak at our booth, including e360, Cisco, Intelliguard, and AWS.
On the back of our booth, we had an art installation that turned into a nice data visualization at the end of the show. Not surprisingly, this show had way more incident responders participate than RSAC. The pineapple-on-pizza debate was emphatically YES until the final hours of the show, and narrowly managed to edge out the anti-pineapple-on-pizza with a final tally of 22-19.
Last, but not least, Pickles joined us for some fun too! They made time on the show floor memorable, taking photos with attendees and playing games at neighboring booths.
DEFCON
As a first time attendee to DEFCON, I finally understand when people say it can be overwhelming as a newbie. This event is spread over a number of hotels, and there were so many villages and talk tracks to choose from. But even in the chaos, I found that people were super kind and helpful.
I started with the Lockpick Village to learn the basics of lockpicking and also how lockpicking enthusiasts use the hobby as a means to teach others about defense in depth.
“Locks aren’t meant to stop an intruder. They’re meant to deter and slow down the intruder.”
Later that afternoon, I went over to the Blue Team Village and sat through “Monroeville Live: An IR Tabletop for the Rest of Us.” It was super cool to hear how others thought through how to find devices on a network they weren’t familiar with, how to differentiate between a technical issue versus a security threat, and how to escalate communication through the chain of command during a crisis. I’m pretty sure I’d still be a goner during a zombie apocalypse, but at least there are people smarter than me out there who would do their best to triage the incident!
On Saturday, I made my way to the AppSec Village to listen to AppSec experts from Datadog, eBay, and Paylocity as they shared how they prioritize security alerts at their organizations. This panel got me pumped for the next generation of security because AppSec leaders are recognizing the need to put vulnerabilities in the context of the business in order to drive change. AppSec leaders know that empathy and understanding the world of developers is key to driving remediation. Low severity alerts still have reason to be escalated if they are related to business critical assets.
This was a great note to segue into my last stop for Hacker Summer Camp - the workshop, “Starbase: open source graph security analysis” presented by Guillaume Ross and Adam Pierson! This four-hour workshop walked through the basics of setting up Starbase and analyzing the relationships between assets in a demo set of data, with each question building on the skills of the previous step. Great job gents!
Hacker Summer Camp 2023 - thank you for a great time. The future’s gonna be ok.