Why Vegas Needs CISOs

My First Year, First-Hand Experience

Last year was my first year at DEFCON, and it was very different than what I was expecting.  Yes, there were a lot of people, a lot of walking, some rambunctious Goons, and even a bomb scare.  These were more than offset by the number of great presentations, fantastic content, and unique networking opportunities. I certainly learned new things while I was there.

My perspective might be somewhat unique. I was there as a CISO, so while I enjoy tinkering in the topics and learning about hacking a variety of things, my job is more about people and defense.

I’ve asked many other CISOs about whether they were going to DEFCON. I get two main responses: “It’s bucket list item, but not a priority,” or “I don’t see the point, and I’d rather go to RSA.”

While I understand those responses, attending DEFCON should be a high priority for every CISO. I could enumerate a multitude of benefits, but are my top seven:

Understanding Emerging Threats and Techniques
Every year DEFCON has cutting-edge research and demonstrations of the latest exploits by the actual practitioners.  CISOs can witness live hacking demonstrations and see first-hand emerging threats. Being there when it happens is the best way to learn about potential attacks to best know how to implement proactive safeguard measures.

Networking with Experts and Peers
Some of the best minds in cybersecurity, including ethical hackers, researchers, and industry professionals are at DEFCON.  It is an excellent opportunity to network with experts and peers, share knowledge, and discuss strategies to combat common threats. Building a network of contacts in the cybersecurity community can provide valuable support and collaboration opportunities.

Hands-On Learning Opportunities
At DEFCON, there are a variety of workshops and hands-on labs where you can learn new skills and techniques. These will enable CISOs to better understand how attackers exploit vulnerabilities and how to effectively mitigate these risks. Gaining hands-on experience is invaluable in staying current with the latest defensive and offensive techniques.

Gaining Insights into the Hacker Mindset
Understanding how hackers think and operate is critical for developing defense strategies. DEFCON provides a unique window into the hacker community, revealing their motivations, methodologies, and targets. This knowledge will equip you to think like an attacker, identify potential weaknesses in your systems, and strengthen your defenses accordingly.

Learning About New Tools and Technologies
New tools and technologies are showcased that can be used for both offensive and defensive purposes. A CISO can learn about these tools and evaluate their potential application within their own security frameworks. Staying informed about the latest advancements in cybersecurity technology is essential for maintaining a strong security posture.

Improving Incident Response Capabilities
By understanding the latest attack vectors and exploitation techniques, you understand more about your own risk profile which can help with your incident response capabilities. DEFCON sessions often include case studies and debriefs of real-world attacks, providing valuable lessons on what worked and what didn’t in response scenarios. This knowledge helps in refining your incident response plans and improving overall resilience.

Fostering a Culture of Security Awareness
Security can be an isolated job. DEFCON helps you understand and be more conscientious of security and attack awareness. By bringing back insights and lessons learned from the conference, you can educate their teams about current threats and best practices. This can lead to a more security aware workforce and a stronger overall security posture.

Final Thoughts

So, Yes, Vegas can be overwhelming.  Yes, it can be expensive to go.  Yes, it can be a difficult time of year to break away.  But also, Yes, you will learn how to better protect your organization.  Yes, you’ll be a better CISO.

– Jonthan Kimmitt, Alias CISO