Observations and Hot Topics from Black Hat USA 2022 and DEF CON 30

Now that Black Hat USA 2022 and DEF CON 30 are over, it is time to reflect on the security industry nicknamed “Summer Camp”, and the week that was in Las Vegas.

We had a number of Netskopers from across different teams on the ground and in-person attending the conferences. Like with any large conferences, there were likely many folks who weren’t able to make it out to Las Vegas this year for myriad reasons. 

So, with that in mind, we checked-in with a handful of Netskopers who attended Summer Camp 2022 to give us their observations from the show floor and talk about some of the hot topics and trends being discussed at the conferences. Here’s what they had to say:

Observations from the conference floor

Much like with the RSA Conference back in June, many Netskopers remarked just how excited they were to be back in-person, connecting with like-minded security folks and customers on the show floor. Here are some of their observations: 

“The energy level at the conference was the highest I’ve ever seen! The expo floor was bustling with activity and, while I thought it was impossible, it seemed to have more vendors than pre-pandemic. I had the opportunity to meet 1×1 with a number of our customers and CISOs looking for a SASE cloud security solution. Each brought a different perspective to the problem and we had great conversations on how Netskope can help them solve some of their most difficult challenges. –James Christiansen, VP and CSO Cloud Strategy

“I got to meet with some of our partners and we focused on how to better integrate our tools. I also met with some customers who were either starting to think about data protection or were already in-flight and trying to move faster. I think those were some great conversations and it felt really good to be back in-person.” –Damian Chung, Business Information Security Officer

“In general, it felt like Business Hall booths were smaller, and I did not see anything big, as we have in the past, around AI-driven security or Big Data driven decisions. I did like that they allowed purchase of carbon credits for travelers, ESG moving forward.”  –James Robinson, Deputy CISO

“There was sensory overload with booths, lights, colors, signage, and loud presenters after two years of a quiet remote office life, but there was real communication with people where you get more signals on understanding and interest than on video calls. Bottom line it was great to be back in the action of an always changing security industry.” –Tom Clare, Product Marketing Director

Hot topics and trends to keep an eye on

While the conference floor was bustling with conference-goers and vendors, new and old, there were a handful of hot topics that stuck out to Netskopers both on the show floor and in the conversations they were having. Here’s a taste of what they heard:

“With the focus on hybrid work and the associated return to the office environments, it is increasingly important to secure the hidden IoT attack surface with a zero trust approach. IoT, zero trust, public cloud security, and XDR were some of the big themes on the expo floor this year.” – Naveen Palavali, Vice President of Product GTM strategy

“Everyone I talked to was ecstatic about attending Black Hat and interacting in person. At the same time, people were not as overly enthusiastic about going back into the office full-time.  Most people I talked to agree that the new normal will be to sometimes work in the office, but mostly work will be at home. There are obvious exceptions, and perhaps the “what happens in Vegas, stays in Vegas” might be applied here, but location independence and a hybrid workforce has to be a key consideration when protecting data and defending against threats.” – Bob Gilbert, VP, Security Cloud GTM Strategy and Chief Evangelist

“It’s exciting to see how the security training industry is adapting to the ever changing threat landscape, as threat actors are shifting focus to attacking SaaS solutions. Several hacker training companies, for example, are introducing new SaaS-based security training, teaching students how to abuse misconfigurations that are commonly found in SaaS deployments.” –John Khotsyphom, Manager, Information Security – Threat and Vulnerability Management

In addition to Black Hat, DEF CON 30 was also happening concurrently in Las Vegas, and provided some interesting perspective on big topics happening in the world of threat too.

“DEF CON 30 brought an increase in the amount of high-quality speakers and content in the Cloud Village regarding risk areas with the big cloud services providers (AWS, Azure, Google Cloud). We also saw multiple presentations that involved OAuth abuse, showing the increase in awareness of this major risk area.” –Jenko Hwong, Principal Engineer

Did you attend Black Hat USA 2022 or DEF CON 30? Were there any big topics or trends you heard about? Connect with us on LinkedIn to continue the conversation and let us know what hot topics are still on your mind!