Blog & News

Black Hat 2022: What a Difference a Year Makes

Black Hat exposure management

I was in Las Vegas last week for the annual “Hacker Summer Camp” in Las Vegas: Black Hat and DEF CON. It was awesome to be there in person to see peers I had not seen for far too long, and to chat with people face-to-face about cybersecurity. I also really appreciate the shift in focus for cybersecurity in general, and how the conversation evolved since last year.

Energy and Excitement

I was pleasantly surprised at the turnout. It was not quite as full as years past, but it felt almost pre-pandemic. Given the ongoing state of the Covid pandemic and the number of people who are already reporting that they got Covid while attending Black Hat or DEF CON, it is debatable whether it was wise for everyone to be there, but it felt somewhat “normal”—whatever that is.

I noticed that some of the bigger players with the larger booth spaces looked like they were more invested in the event than last year. Companies like CrowdStrike, Microsoft, SentinelOne, and others seemed like they had more staff there, and stronger messaging to present themselves effectively.

It was great to see so much energy and excitement from attendees and vendors. There were a lot of new startups and first-time founders doing very interesting and innovative things, and the traffic on the show floor and at our booth was impressive. CISA even had a large booth there spreading their message and mission.

Events and Activities

Epiphany invited partners, customers, and prospects to get together for some fun and casual conversation each night of Black Hat. We channeled our inner Tiger Woods at Top Golf on Tuesday night, got together to throw axes on Wednesday night, and shut down the event partying with Deadmau5 on Thursday night.

After a long day of sessions and presentations, and walking the show floor, it is nice to unwind. These events allow us to show our gratitude to our customers and partners and offer us an opportunity to have more in-depth conversations and strengthen our relationships—although trying to “chat” at the Deadmau5 event was admittedly challenging.

Shifting the Conversation

One of the best parts of Black Hat was seeing how the conversation has evolved. Last year at Black Hat I had to do a lot more explaining the concept of what we do—to really teach people about attack path management, and what it is, and why it matters. This year there was a big focus on attack surface management and attack paths, and more emphasis on adversarial perspectives—all of which validates the way Epiphany approaches security.

Rather than educating people about what an attack path is, this year the questions revolved more around why we use attack paths, or why we focus on the connections, and relationships, and visualizations that we do. I got to spend a lot less time talking about what we are doing building attack paths, and a lot more time talking about the value of why we build attack paths.

The overall approach to cybersecurity continues to evolve, and now more people just get it. When we explain that we are an exposure management platform and that we use attack paths to help customers understand what exposures they need to prioritize, the light bulb goes on, and they immediately understand how that can streamline and improve their cybersecurity.

Black Hat 2021 was our inaugural event as a company, and the Covid pandemic had a much larger impact on in-person attendance. It was amazing to see what a difference a year makes and how much interest there is in what we do. The momentum is impressive, and I can’t wait to see what Black Hat 2023 will look like.