BlackHat and Defcon 2023

[Dave Aitel via Dailydave <dailydave () lists aitelfoundation org>]

The Vegas security conferences used to feel like diving into a river. While
yes, you networked and made deals and talked about exploits, you also felt
for currents and tried to get a prediction of what the future held. A lot
of this was what the talks were about. But you went to booths to see what
was selling, or what people thought was selling, at least.

But it doesn't matter anymore what the talks are about. The talks are about
everything. There's a million of them and they cover every possible topic
under the sun. And the big corpo booths are all the same. People want to
sell you XDR, and what that means for them is a per-seat or per-IP charge.
When there's no differentiation in billing, there's no differentiation in
product.

That doesn't mean there aren't a million smaller start-ups with tiny
cubicles in the booth-space, like pebbles on a beach. Hunting through them
is like searching for shells - for every Thinkst Canary there's a hundred
newly AI-enabled compliance engines.

DefCon and Blackhat in some ways used to be more international as well -
but a lot of the more interesting speakers can't get visas anymore or
aren't allowed to talk publicly by their home countries.

If you've been in this business for a while, you have a dreadful fear of
being in your own bubble. To not swim forward is to suffocate. This is what
drove you to sit in the front row of as many talks as possible at these two
huge conferences, hung over, dehydrated, confused by foreign terminology in
a difficult accent.

But now you can't dive in to make forward progress. Vegas is even more of a
forbidding dystopia, overloaded with crowds so heavy it can no longer feed
them or even provide a contiguous space for the ameba-like host to gather.
Talks echo and muddle in cavernous rooms with the general acoustics of a
high school gymnasium. You are left with snapshots and fragmented memories
instead of a whole picture.

For me, one such moment was a Senate Staffer, full of enthusiasm, crowing
about how smart the other people working on policy and walking the halls of
Congress were - experts and geniuses at healthcare, for example! But if our
cyber security policy matches our success at a health system we are doomed.

I brought my kids this year and it helps to be able to see through the
chaos with new eyes. What's "cool" I asked? in the most boomery way
possible. Because I know Jailbreaking an AI to say bad things is not it,
even though it had all the political spotlights in the world focused on
examining the "issue".

The more crowded the field gets, the less immersion you have. Instead of
diving in you are holding your palm against the surface of the water,
hoping to sense the primordial tube worms at the sea vents feeding on raw
data leagues below you. "Take me to the beginning, again" you say to them,
through whatever connection you can muster.

-dave

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org