Subscribe
Share
Share
Embed
HPE News. Tech Insights. World-Class Innovations. We take you straight to the source — interviewing tech's foremost thought leaders and change-makers that are propelling businesses and industries forward.
Michael Bird (00:10):
Hello, hello, and welcome back to Technology Now, a weekly show from Hewlett Packard Enterprise, where we take what's happening in the world and explore how it's changing the way organizations are using technology. We're your hosts, Michael Bird.
Aubrey Lovell (00:23):
And Aubrey Lovell. And in this episode, we're taking a dive into the occasionally murky waters of what some people call hacker conferences, but are more accurately themed security conferences to find out what goes on when people from all sides of the cybersecurity field meet. We'll be finding out what goes on at these events and whether they are as clandestine as they sound or not. We'll be asking what the hot topics are among the wider community when it comes to cybersecurity, and we'll be getting a sense of where they feel the challenges and opportunities are in the next few years.
Michael Bird (00:56):
Oh, this is going to be a good one. So as always, if you're the kind of person who needs to know why what's going on in the world matters to your organization, then this podcast is for you. Oh, and if you haven't yet, do make sure you subscribe on your podcast app of choice so you don't miss out. Right. Let's go.
(01:14):
So Aubrey, as I'm sure you know, cybersecurity is a big topic for organizations right now, double underlined in big red marker, preparing for and fighting ransomware and other attacks is a never-ending game of cat and mouse in which the experts try and stay ahead of one another whilst also trying to stop the rest of us becoming victims. But whilst it's definitely an adversarial field, there are times when the cybersecurity world unites and comes together.
Aubrey Lovell (01:42):
And one such event is the Black Hat Briefings. In their own words, "The Black Hat briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the InfoSec world, from the corporate and government sectors to academic and even underground researchers. More than a decade at the intersection of network security and hacker ingenuity is what makes Black Hat the one of a kind conference it is, one where the establishment and the underground are equally at home."
Michael Bird (02:14):
It sounds absolutely fascinating, and as an outsider, pretty unlikely. Nevertheless, back in August, Las Vegas hosted the 26th American Black Hat Conference and today's guest was there. Jaye Tillson is a Field Chief Technology Officer at Axis Security, who have recently been acquired as part of HPE Aruba Networking. So Jaye, welcome to the show. And first question, what goes on at a hacker conference and is that even a fair name?
Jaye Tillson (02:42):
That's a very good question. I mean, several years ago I would've said it was more of a hacker conference than it is today. It's much more, I guess similar to most of the other conferences now. There is a conference that's usually a little bit of overlap down the road that I think would be seen more as a hacker conference today. And the fact that they do overlap means that you have to be sensible and careful. But it's definitely more of a vendor conference now than it used to be and a very interesting one at that.
Michael Bird (03:10):
When you say sensible and careful, what do you mean by that?
Jaye Tillson (03:12):
Well, there's always advice either to take a burner phone, or if you are taking your phone, don't connect to wifi around the area. And certainly if you're taking a laptop and stuff, be careful as well. In most cases, I don't even take my phone, I don't take my laptop. And if I do, I turn off Bluetooth, I turn off wifi, and I just kind of only connect where I can be careful and what I know I'm connecting to. Just have your kind of wits about you a little bit more.
Aubrey Lovell (03:41):
So Jaye, we think of hackers and cybersecurity practitioners as being quite adversarial, even when those hackers are actually working to stress test systems on an organization's behalf. What's the feeling when you meet up in person?
Jaye Tillson (03:55):
Let's just be honest, I mean, if we took what a hacker was say 10, 15 years ago and what we used to see in films and stuff like that, we would often have kind of an opinion or at least see them in a certain light. There are tools out there now that make it pretty simple for anybody off the street to do some dangerous stuff. I mean, so you don't need to necessarily be trained in that area. But I've never met anyone really that was trying to hack for a gain or a negative gain. Yes, clearly there are people out there like that, but when you go to these kind of conferences, you tend to speak to those individuals now that are working for vendors and they're trying to do good, they're protecting.
(04:37):
I guess we do talk a lot about the best form of defense is offense and therefore that can be seen as what some people do. But the conference is just generally a really friendly place. I've never felt under threat or felt awkward and it's never bothered me.
Michael Bird (04:56):
So in terms of this year's Black Hat, what were the topics everyone was talking about?
Jaye Tillson (05:01):
You've got AI and zero trust. All of the vendors are either selling one of those two things, or even more so now trying to sell both at the same time. We talk quite often about is AI going to be a negative thing? And it's like, well, any form of technology could be used for wrong. But yes, AI, zero trust. Obviously, there's a lot of regulations coming around. Zero trust, it's not necessarily a new term. I mean, it's been around since 2010, John Kindervag at Forrester, but because of the world we live in today, zero trust is a really big deal and truthfully so, it should be. And AI is obviously on everyone's kind of lips. And there's regulation about AI coming. There's been some other large kind of vendors of pools in their AI development and things like that.
Michael Bird (05:48):
Oh, really?
Jaye Tillson (05:49):
But it's definitely an interesting topic that I often get asked about. And again, I've said this before, but I don't see zero trust as a single product. I see it as a strategy and a change of culture and a mindset change. Products are there and are able to help you, but you can't just walk into one of these conferences, go to one vendor and buy zero trust off the shelf. It doesn't work like that.
Aubrey Lovell (06:11):
What's the biggest takeaway for you?
Jaye Tillson (06:14):
Depending on why you go to these kind of conferences, depends on what you're going to get out of it. I mean, if you are a person trying to enter into cyber, for instance, and you go around and you just talk to the vendors and you hand out your CV and you look at the tech, great, you'll get that away from it. If you're doing a project and you have a specific project in mind and you need to speak to specific vendors, then great, you can target a couple of vendors, ask questions, go away, think about it, then go back the next day and kind of do follow-ups.
(06:44):
For me, a lot of it is the networking side of things with other people. Obviously being on the vendor side now, I tend to get treated a little bit differently. When you go over to other vendors, they're not necessarily as open as you would be if you were going to be purchasing. But it's nice to meet up with people. And there's a few people that I only ever see at conferences and it's picking people's brains, having conversations, sharing things that we've learned over the past three or six months or since we last saw each other. Talking about things like AI and zero trust, seeing how people are getting on on their journey.
(07:18):
There's a lot of talk about SSE and SASE, but a lot of people still don't really know what it is. Some people are starting the journey, but don't really know where they're going. So being able to sit down, I don't know, over a coffee, over lunch, over dinner, and meet people on the halls when you walk in the floor and have conversations. It's all about, to me, the biggest takeaway is the cyber community is very, very friendly. And when you make friends, it's all about fighting together against the bad guys. We're all fighting the same battle, and therefore we'll be stronger together.
Michael Bird (07:51):
Yeah. Gosh, that's quite interesting, isn't it? If you could give a leader in IT or tech one piece of advice or even a warning for the next year, what would that be?
Jaye Tillson (08:00):
There's a lot of talk about ransomware being on the decline.
Michael Bird (08:03):
Oh, really?
Jaye Tillson (08:03):
Yeah. I mean, supposedly, but it's not true. Based on everybody I speak to in the industry, based on people that I know that do incident response or deal with ransomware on a daily basis, it's not going away. So there's a warning it's not going away. And be careful and do what you can to protect yourself against ransomware. And that's going to be technology, training, all areas. And I am concerned that people seem to think that we're over the hump of the ransomware and we can kind of ease off a little bit. And I personally don't believe that's true.
(08:35):
I think there has been a lot of high-profile cases that have drawn the attention of the FBI or governments around the world, and therefore I think what's happening is those large ransomware organizations, we'll call them, are shifting their focus away from something that will put the eyes on them. So instead of targeting those huge organizations, I think their shifting their focus and attacking the people that are weaker. And that's no different than how everything happens. Once the large organizations invest a lot of money and kind of shore up their security kind of castles and moats and however you're going to secure your environment, then it's really the people that haven't necessarily invested yet or have the money to invest that become the targets.
Michael Bird (09:21):
Fantastic. Thank you so much, Jaye. We'll come back to you in a moment with questions from the audience, so don't go anywhere.
Aubrey Lovell (09:30):
All right. As usual, it's up to you, our audience. We open the floor for you to give your recommendations on books, which have changed the way you look at the world, life, and business in the last 12 months. They can be technology-based, have changed the way you work, or they could have just made you look at the world in a totally different way.
Michael Bird (09:46):
If you want to share your recommendations, there's a link in the podcast description. Just record a voice note on your phone and send it over.
Alex Bennet (09:53):
My name is Alex. I'm a full stack audio specialist, and a book that I've read that has changed my perception of the world around me recently is The Origin of Capitalism by Ellen Meiksins Wood. And one of the reasons why I think it's been so interesting is that we don't think about why things are the way they are and it's very easy to live in the society that we do and assume that everything has just arisen organically and it's the way things should be in that. Of course, there was feudalism and then there was primitive accumulation, and then there was capitalism, and it was the natural way of things to progress. But that might not be true. And reading a book that challenges that assumption has been really valuable, because I think any good book or any good piece of media challenges the way that you perceive and interact with the world around you.
Michael Bird (10:46):
Right. Thank you for that. And it's time to bring back our guest, Jaye Tillson, for questions from the audience. You've been sending in your questions on cybersecurity, and we've picked out a couple, I'll be honest, we've gone down the intrigue route with the ones that we've picked out. I hope that's alright, Jaye. So first up, John from Las Vegas, which must be a coincidence, asked, "What's the strangest thing that you've seen at one of these conferences?"
Jaye Tillson (11:06):
The strangest thing. This year, there were people walking around dressed as clowns, which seemed a bit odd. I mean, obviously if you're a large vendor or a mid-size vendor and you're trying to attract people to your stand, your booth, you do some quite outrageous things. So I've seen people flying drones. I've seen racing cars driving around. You see a lot of attention-seeking stuff, which is cool. These conferences are cool for that.
(11:36):
The strangest thing was somebody on stilts, walking around on stilts. And it's not uncommon, I think, in the US to see people spinning banners in the street and pointing, to say restaurants and stuff like that. This particular person was walking around on stilts, very, very high stilts, spinning this banner pointing at a particular stand, and that was a bit strange.
Michael Bird (11:57):
And Gail from Toronto wants to know what the government agency presence is like at these conferences. Is there a lot of connection or collaboration between the private sector and governments?
Jaye Tillson (12:07):
You don't necessarily see that many kind of law enforcement that are obvious, but you definitely see some types that appear like men in black. I don't know if I'm allowed to say that. But yes, in Vegas in general, obviously because of the overlap with the other conference, I think that draws a bit more of that type of tension. They are very close. I mean, the positive thing of having these conferences in Vegas are there's loads of hotel rooms, there's lots of restaurants. It's a very good place to attract lots of people. But when you've got conferences that attract 200,000 people as a whole, then there is going to be people wandering around that are in black suits, et cetera. So there's definitely a presence, but it doesn't stand out.
Michael Bird (12:54):
Thanks, Jaye. Fascinating. And again, we'll drop a couple of links in the podcast description for more on these topics.
(13:02):
Right, we're getting towards the end of the show, which means it is time for This Week in History.
Aubrey Lovell (13:07):
This Week in History.
Michael Bird (13:10):
A look at monumental events in the world of business and technology which has changed our lives.
Aubrey Lovell (13:16):
And the clue from last week was turn that frown upside down or left to right. So did you get it? It was of course, the invention of the emoticon, precursor to the modern emoji for the younger listeners. On September 19, 1982, Professor Scott Fahlman posted to a Carnegie Mellon digital notice board suggesting, "I propose the following character sequence for joke markers," followed by the famous smiley face. Read it sideways. Did you get it? Of course you did. Wink face.
Michael Bird (13:49):
Next week, the clue is in 1973, we hit the Louvre after breakfast and the Met after lunch. Know what it is? It's a little bit cryptic, but I think I know what it is.
(14:01):
All right, well, that brings us to the end of Technology Now for this week. Keep those suggestions for life-changing books coming in using the link in the podcast description. We're going to be taking a short mid-season break, but don't worry, we'll be back very soon.
Aubrey Lovell (14:14):
And in the meantime, thank you to our guest, Jaye Tillson, Field Chief Technology Officer at Axis Security part of HPE Aruba Networking. And to our listeners, thank you all so much for joining us. Technology Now is hosted by Michael Bird and myself, Aubrey Lovell. Today's episode was written and produced by Sam Datta-Paulin, Michael Bird, and Aubrey Lovell. Sound design and editing was by Alex Bennett, with production support from Harry Morton, Zoe Anderson, Alicia Kempson, Alison Paisley, Alyssa Mitri, Camilla Patel, Alex Podmore, and Chloe Sewell. Technology Now is a Lower Street production for Hewlett Packard Enterprise. We'll see you next week. Cheers.