Computerworld - Every year, I dream about going to the Black Hat USA briefings in Las Vegas. I haven't been able to attend yet, but I have a good friend and colleague named Bob who has attended on his own dime and with his own vacation time the past few years.
After every conference, he goes back to work and applies his new knowledge to better securing the environment. Finally, his boss saw the value in sending him, and this year, the company paid for him to attend the event.
Unfortunately, upper management in a lot of companies is still reluctant to send security engineers to one of the world's most useful security conferences. They need to get over that. The feds have wised up, and they now recruit security people at the conference. What does that tell you? It tells me that some of the brightest and best security people hang out at Black Hat.
Getting the Scoop
When it comes to Black Hat, I live vicariously through Bob. He provides me with materials from the conference each year and shares what he learns. As soon as he returned from last month's conference, I pinged him via e-mail and asked him if his name had been on the Wall of Sheep. That's a giant screen in the conference hotel that scrolls the names and partial passwords of attendees foolish enough to access the Internet through the hotel's unsecured wireless system. Of course it wasn't, because he's a security engineer.
This year's event was more newsworthy than most because of the flap that resulted when Michael Lynn gave his talk about the Cisco IOS vulnerability . Bob sent me the presentation materials from Lynn's talk, and I forwarded them to security colleagues and asked what they thought of the whole brouhaha. My take is that Lynn lost his job at Internet Security Systems Inc. because Cisco had a nervous breakdown and ISS didn't back up its guy. What a shame.
One of my colleagues, a Cisco Certified Internetwork Expert who goes way back, wondered why Cisco would get so upset; after all, Microsoft gets battered for vulnerabilities on a daily basis. What he said next was superb: "It sounds to me like Cisco perceives itself as occupying a firmament above and beyond the mortal IT world, since theirs is a dedicated OS and not a flawed, general-purpose OS. I think they need to take a Valium and just mellow out!" I was surprised at the response, given his top-level Cisco certification.
Another
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
