Gartner Blog Network

FAQ: What I thought about Black Hat USA 2017

by Ian McShane  |  August 10, 2017  |  Submit a Comment

“So, what did you think of Black Hat this year?” and “Is Black Hat worth going to?” have been FAQs from colleagues and clients alike this week.  So I thought I’d put a very brief summary together.

IMO Black Hat USA continues to grow into a better version of the RSA Conference.  Less vendor marketing nonsense.  Fewer suited, disconnected executive types.  Actual practitioners and ‘real’ people to talk to, both in terms of attendees and vendors.  I spoke to a ton of people who almost unanimously said that ransomware is still their top worry.  A lot of  those people have started to realise the importance of ‘Operational IT” in their security strategies, and are thinking about how to automate or orchestrate some of the repeatable processes that are getting forgotten or overlooked.

The top 5 things I can still remember two weeks later:

  1. A cool exploit testing tool from Sophos. ( – bottom of the page)
  2. “Threat hunting” through Alexa with Endgame. (Skip past the fluff to 00:53)
  3. Many examples, demos, and sessions using MS Office doc exploits on Windows 7 to gain access. (too easy)
  4. CrowdStrike opened up their malware database for malware researchers/incident responders. (gotta pay, though)
  5. A questionable Ozzy Osbourne impersonator.

For practitioners, engineers, or anyone with a serious interest in information/cyber-security,  the combination of Black Hat and Def Con in the same week and location makes for a very compelling trip where I guarantee you’ll learn something useful.
(Although don’t forget about Gartner security conferences, obviously they’re good too.  There’s one in London next month, FYI )

Category: conferences  

Ian McShane
Research Director
1 years at Gartner
16 years IT Industry

Ian McShane is a Research Director/Analyst in Gartner Research, Security and Risk Management - Digital Workplace Security. Mr. McShane's area of expertise includes endpoint protection platforms (EPP), endpoint detection and response (EDR), and he assists organizations choosing strategic vendors, security products and services, and implementing best practices. Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.