Inside the Hacker’s Den: Three Takeaways from Black Hat 2019

Thousands of people every year gather in the desert to be able to attend one of the most captivating events in the world. Some of the biggest names come out to be able to showcase their talent to attendees and meet and network with their fellow peers in the industry. We’re not talking about Coachella, we’re talking about the annual Black Hat conference.

Black Hat is the world’s leading information cybersecurity event, giving attendees the very latest in research, development and trends. Since its inception in 1997, cybersecurity professionals from all over the world have gathered in Las Vegas in the peak of the summer to attend four days of technical training followed by two days of the main conference.

Over the years, I have been fortunate enough to be able to attend several different cybersecurity conferences and this year I was able to attend Black Hat for the first time. While there have been many highlights in my time with WhiteHat Security, I have to say that this might be my favorite so far. It was an eye-opening experience to be able to see the concerns and learn from some of the industry’s leading cybersecurity professionals.

There were dozens of different thought-provoking sessions every day on a variety of topics in the cybersecurity space. Here were my three of my top takeaways from my time at Black Hat this year:

 The industry is still growing at a rapid pace

 The cybersecurity industry is on track to exceed the originally predicted trillion dollar mark by 2021. Attendees at
Black Hat this year got to witness some of this growth first hand because there were over 280 exhibitors throughout the business hall. Every year it seems as if the number of tracks are growing, more sessions are added and more and more companies are emerging in the space.

For most of my career, I have been in the application cybersecurity space for a long time and it was surprising to see how our particular section of the industry has grown exponentially as well in the past few years.

In addition, over the years, cybersecurity has broken up into different cybersecurity fields. While the term cybersecurity still applies to the entire industry, there is more of a breakdown now than there ever was before. Under the cybersecurity umbrella, there is application security, network security, cloud security, IoT security and more.

 APIs are still a big concern

 Companies across all industries are using APIs to drive digital transformation, but many companies are still failing to incorporate the proper security protocol for them. The biggest challenge for APIs is there are no clear standards in the space so customers struggle to maintain clear, concise, complete documentation, which hinders the ability to test the applications.

Many of the key discussions at this year’s Black Hat conference revolved around securing APIs. A lot of the attendees that I had the opportunity to speak to were discussing application program interfaces (APIs) and if there was an ability to handle static application security testing (SAST) with them. Everyone was asking about API scanning versus manual testing. Since there is so much back and forth with how to secure APIs, I see this as a hot topic for the next couple years to come.

Businesses are still making cybersecurity mistakes

While at Black Hat, WhiteHat’s own Vulnerability Verification Team Lead Lauren McCaslin was able to stop and
ask Black Hat attendees what they thought the biggest mistakes businesses make when it comes to cybersecurity and how individuals avoid burnout.

To view Lauren’s video from Black Hat 2019 and learn about some of the issues plaguing the cybersecurity industry and how people in the industry avoid burnout, click here. 



Overall, my experience at Black Hat exposed me to hundreds of vendors within the cybersecurity space and allowed me to listen to discussions on the most important things happening in our field. I look forward to seeing how much the industry expands within the year and seeing what happens until next year’s Black Hat.