Founder: Black Hat reflects a changing industry

In the 13 years since its inception, Black Hat has emerged as one of the premier conferences in the security industry. Each year, Black Hat attracts thousands of security researchers, security practitioners and government types to its annual events in Las Vegas, Tokyo, Amsterdam and Washington. On the eve of the annual conference in Vegas, Black Hat founder Jeff Moss talks about the show and how it has evolved.

This is the biggest Black Hat so far. What's driving interest in the conference? I don't know if it's a rebound. People held off last year because of the economic downturn, and now there's a hunger to bounce back. I don't know if it has to do with that, or if it is more of an awareness issue.U.S. Cyber Command is hiring, the [Department of Homeland Security] is hiring, the federal government is hiring, all the defense contractors are hiring like mad. I don't know if it's a reflection of that.

How has it evolved since you first launched it? As we grew, I never ever wanted to downplay the researcher part. Nothing is going to impact that. Every year, something surprises us about what's new and which directions the researchers are going in. But as we have grown, we have gotten access to lots of space. You just can't have 10 tracks of pure researchers. It's hard to find that many good talks. So now I am trying to focus on business and policy implications as well.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In the 13 years since its inception, Black Hat has emerged as one of the premier conferences in the security industry. Each year, Black Hat attracts thousands of security researchers, security practitioners and government types to its annual events in Las Vegas, Tokyo, Amsterdam and Washington. On the eve of the annual conference in Vegas, Black Hat founder Jeff Moss talks about the show and how it has evolved.

This is the biggest Black Hat so far. What's driving interest in the conference? I don't know if it's a rebound. People held off last year because of the economic downturn, and now there's a hunger to bounce back. I don't know if it has to do with that, or if it is more of an awareness issue.U.S. Cyber Command is hiring, the [Department of Homeland Security] is hiring, the federal government is hiring, all the defense contractors are hiring like mad. I don't know if it's a reflection of that.

How has it evolved since you first launched it? As we grew, I never ever wanted to downplay the researcher part. Nothing is going to impact that. Every year, something surprises us about what's new and which directions the researchers are going in. But as we have grown, we have gotten access to lots of space. You just can't have 10 tracks of pure researchers. It's hard to find that many good talks. So now I am trying to focus on business and policy implications as well.

So, what has surprised you this year? Some of the talks that have gotten interest are surprising. I wouldn't have thought the Robin Sage talk was going to get a lot of interest. That is just an illustration of the dangers of social networking, which pretty much everyone gets.

It goes back to my belief that a lot of people don't believe it until they see it. They can intellectualize it, they can visualize it. But until they can actually see it happen, it's not real. So I was really surprised by the attention that's getting. Not so surprising is the interest in a talk on ATM hacking.

How has the security landscape changed since you launched Black Hat? There was no money in any of this. Back then, it was a hobby. You did this because you loved it. You couldn't get a job in information security unless maybe you worked for a Sun or an IBM, a bank, the military, a hospital or something. Everything was pretty ad hoc. There were no real rules, there was no secure software development life cycle, there were no rules for disclosure or notification, and no collaborative bug-finding.

Then in the fourth of fifth year of Black Hat, the dot-com bubble started growing and everybody was getting a job in security. Once it became a profession, once it became a career, everything changed. We have seen everything grow at a very rapid rate.

Do events such as Black Hat close or widen the communication gap that seems to persist between security practitioners and enterprise decision-makers? My contention is, if decision-makers don't know what is actually technically possible, how can they make an informed decision? If business people who make decisions don't have accurate information, they are bound to make inaccurate decisions. So, No. 1, we have to show them what the art of the possible is and what they can expect in future. We really try to focus on the practical and applied effects.