Getting Inspired as a Student

by StMerry

Last November in London, information security professionals and aspiring students alike gathered at Black Hat Europe 2016, the most respected conference in the industry.

Briefings included presenters from all over the world, from the U.S. to Russia and China, on a wide range of topics such as mobile hacking, cryptography, data forensics and incident response, exploit development, malware defense and offense, web appsec, car penetration-testing, and many more.

I was thrilled with the idea of mixing up with what to me represent some of the smartest minds of this century, all for the love of hacking and sharing of knowledge.  I was especially glad to be there after having been offered one of the hundred studentships.  However, I left the conference with a wee bit of a bitter taste after visiting the business hall, which is basically the vendors area.  And there were two reasons for that.

The business hall was relatively small but packed, with vendors of different backgrounds organized next to each other.  In between the talks, it was possible to roam for a while and meet companies present for the day, which seemed like an interesting opportunity to get to know the latest in terms of technology and solutions against so called "cyber-attacks."

I was quickly disappointed however, to see that the vast majority of the people representing these companies had no technical background whatsoever, and mostly learned their sales speech.  Now, most of you who have been to Black Hat won't be too surprised, however what bothered me the most was the fact that these salesmen and women had no real interest in engaging with us.  As a matter of fact, we quickly felt unwelcome as they looked down on us, most likely understanding that we were not ones to strike deals with.  After all, we were simply a group of students with an interest in and questions on how their technology actually works.

Why is it that we felt so ignored?  If a group of passionate security graduates comes forward to engage with your company and learn about your technology, you should be looking to share - to a minimal extent - relevant knowledge about it.  You should be looking to inspire us, make us want to research more around your solution, which could in turn possibly even result in us improving it in the future, however ambitious this may sound.  Instead, you have made the decision to not waste your time with us because you sent someone with one thing in mind: attracting customers and growing sales, forgetting everything and everyone around you.

Another thing that bothered me, again, after roaming between vendors, was the high interest around applying Artificial Intelligence (AI) solutions, such as Machine Learning (ML).

I have nothing against this technology.  In fact, I have researched and applied it, but it certainly felt like those vendors simply were using it more as a buzzword than an actual solution.  I ended up playing a game, which was asking each of those companies the following question: "What makes you stand out from the other hundred companies present today that are selling similar solutions?"  The answer: "We use the Cloud!"  In other words, either nothing, or they did not have enough technical knowledge to back it up.  I do believe we have a lot to learn from applying AI and ML solutions properly and effectively, but this is not and will never be a magic solution against breaches.  There will always be a way around defenses, as there always have been.  And claiming that this suddenly will change because we can recognize patterns more effectively (which in essence is what ML is used for) is way too optimistic in my opinion.  One of these companies was even claiming to be able to run a full penetration test in under four and a half minutes.

Now don't get me wrong.  I met a number of interesting people and companies at Black Hat Europe this year, but I do feel like there was a need to highlight these points, especially around how I felt as a research student, trying to get inspired and engage as much as I possibly could.

Overall however, it was a fantastic conference once again, and I am definitely looking forward to next year.

Return to $2600 Index