As soon as your heel clicks on the floor of Mandalay Bay the week of Black Hat USA, you realize you’re not in Kansas (or Silicon Valley or Northern Virginia) anymore. Instead, you’ve reached the biggest, annual work/play week for hackers in the world: Amid Las Vegas’ flashing lights and whirling slot machines, you’re attending sessions by day and parties at night with anyone and everyone who has a stake in cybersecurity.
There are the hackers, of course – researchers, white hats and other folks aplenty – and they’re mixing with other pros who are paid to keep them out of products and networks. Then, there are the entrepreneurs, Wall Street analysts, lawyers, venture capitalists and the C-level execs from hospital systems, auto manufacturers, utilities, etc. And that’s when you start to think that you not only left Kansas, but you may not even be at Black Hat anymore, or, at least not the Black Hat you recalled from ten years ago. Everything is so much bigger now – there were a record-breaking 19,000 attendees and 300 speakers and trainers for this month’s show. The sessions alone covered topics reflecting the evolution of cyber threats – away from yesterday’s viruses and worms and focusing on the Internet of Things, car hacking, smart cities and cryptominers.
With the very face of cybersecurity expanding and shifting dramatically over the past decade, it makes sense that Black Hat is changing as well. Throughout its existence, it has served as a mirror of the industry it showcases. This was my eighth year attending Black Hat and I was struck with two key impressions:
Yes, it really is bigger than ever. But does bigger mean better? This prompted much debate in Vegas, with some traditionalist attendees saying that Black Hat has “lost its focus.” But I feel the growth simply represents an inevitable broadening – but not dilution – of focus. It’s no longer primarily a source for “How do I become a cybersecurity professional/how do I advance my career?” sessions. It’s about the entire landscape now, meaning there’s something here for everyone.
The physical and cyber security universes – and privacy concerns within both – are blurring. The tragic October 2017 shooting has, understandably, forced hotels in Las Vegas to re-think and update their security policies and procedures. At Black Hat and DEF CON, both taking place at hotels on the Las Vegas Strip, the shooting’s aftermath lingered in the form of well-intentioned security measures that ultimately raised privacy concerns. There were reports of hotel guards entering the rooms of attendees – without notice – and demanding to conduct searches. Instead of the usual security talk and demo fare, DEF CON’s news cycles began when Google’s Matt Linton tweeted something seemingly misinterpreted by Caesars’ security that threatened to bar him from the property.
So what can cybersecurity marketers, media relations teams, entrepreneurs and other communicators take away from all of this – particularly when it comes to budgeting and planning for future Black Hats, DEF CONs and similar mega-events (like the RSA Conference)? Here are some takeaways:
— As stated, there is something here for everyone. But that doesn’t mean you have to target everything. If you’re a marketer representing a hospital, for example, there’s no need to go to a forum about car hacking. Filter out the sessions that provide little to no value. Decide in advance what a “win” means for your organization (such as promoting your company’s cybersecurity research, or raising funding) and frame your game plan around events/efforts that would best achieve this.
— As a rule, do not set out to pitch reporters your own story ideas at the conferences. With few exceptions, journalists are at Black Hat, DEF CON and BSides Las Vegas to cover speakers and research revealed at the show, and do not have the bandwidth to entertain unrelated pitch ideas on the fly. Sometimes a controversial talk or revelation opens doors to offer reporters feedback from other, well-connected sources at the event. However the focus is still the show, meaning these events are poor venues for staging product news, funding announcements or other initiatives that can wait until later.
Relationship-building is the best spend of time at Black Hat. Instead of playing a numbers game, reach out to a handful of journalists who cover issues closest to your areas of expertise and invite them to trade notes over lunch or coffee between sessions. Instead of pitching a story idea, remark on what you have enjoyed about their coverage and point out what their stories prompt you to consider. These dialogues help bookmark one or two potential story ideas you can pursue with reporters offline, after everyone is home from Las Vegas, rested and refocused and looking for the next news cycle.
— Your strategy does not begin – and end – with a booth. In the past, a marketer wouldn’t even think of attending without purchasing a booth (or in the case of Black Hat, consider more than a simple tabletop display). But, back then, these shows were small enough to set up shop in one and wait for everyone to come to you. That’s no longer the case. So, again, define what a win is, and build your strategy upon this goal. You may ultimately decide that a booth isn’t necessary, that you’re more likely to move the needle by producing a staged event, for instance, or focusing on networking opportunities and one-on-ones.
At W2 Communications, we help our clients “sort through the noise” of events like Black Hat, DEF CON and the RSA Conference, so they get the most ROI out of their marketing investment. We also elevate their SMEs into industry-leading thought leaders, by placing them as speakers at high-profile sessions or securing valuable meetings with key industry analysts and reporters. If this sounds like something you’d like to discuss, then please contact us.
Tom Resau is Senior Vice President of W2 Communications’ Cybersecurity and Privacy Practice.