Recently, several of our team members traveled to the 2019 Black Hat Conference in Las Vegas to support our cybersecurity clients with their public relations and creative activities. This year’s conference drew more than 20,200 security professionals to hear from more than 500 speakers across more than 90 technical trainings and 120 research-based briefings.
As we do after every event, our team reflected on our observations from the conference to help our clients shape their future conference investments and marketing plans, as well as continue to hone our approach to these events as well.
We recently asked Christine Blake, Senior Account Director, and Tom Resau, Senior Vice President of our Cybersecurity and Privacy Practice, for their takes on the conference and what companies should keep in mind for upcoming events in 2020.
What were some of your observations going into Black Hat?
Christine Blake (CB): Going into Black Hat I was particularly excited to network with reporters, clients and industry peers and see what was trending from a general security perspective. I was also excited to record podcasts for “Inside the Media Minds” with some of the industry’s leading reporters to find out how they perceive the conference and understand what trends and topics they’re covering.
The lead up to Black Hat felt relatively uneventful and we didn’t see the long-lead planning that we typically see with RSA from vendors or journalists. Then, about a week prior to the conference, the Capital One breach took over the headlines and the industry was buzzing about AWS, insider threats, cloud and misconfigurations. This definitely took over a lot of the pre-Black Hat conversations and bled into chatter at the show.
Tom Resau (TR): Black Hat’s conference agenda keeps expanding, but the sheer breadth of topics today was really striking this year. The show has always been about in-depth, focused talks about how very specific things are broken or exploited. You saw this tradition continue this year, except briefings on these were not limited to traditional IT equipment – here in the #IoT era there was a talk on the Boeing 787 Dreamliner and a session exploring how attackers could snail-mail small, cheaply assembled wireless computers into a facility as a means to explore and exploit companies’ wireless networks at close range. Completely outside of these types of discussions, there were high-profile sessions on the global economy for smartphone surveillance software, and analysis of nation-states’ conflict norms in cyber – like the state of countries’ attribution and claims of using physical military force to respond to digital activity. These geopolitical, policy and community topics weren’t big themes at past events, but they show how the conference is staying relevant – and growing – by adding more speakers and content in areas of current events and greater interest.
What were some of the most interesting things you saw or heard at Black Hat this year?
CB: So. Many. People. To me, it seemed like the busiest Black Hat yet. The Starbucks line snaked all the way down the hallway, and restaurants and bars were filled with more InfoSec pros then you can imagine. The show floor was packed with vendors and people around every corner.
In quite a few of my conversations, journalists were remarking on the number of reports/research coming out during the week of Black Hat. I heard several times that Black Hat is the venue to talk about big ideas and disruption – but spreading out some of the research and news helps separate from the noise and align with a strong news cadence coming out of the show.
TR: As a communicator in the cybersecurity field for 20 years, I was pleased to hear Black Hat founder Jeff Moss call out the importance of communications in his keynote remarks, saying “The quality of communication now determines a lot of our outcomes.” As cyber risk becomes a bigger, mainstream issue in business circles, policymaking and our culture, communications is absolutely going to become increasingly important. Security researchers are going to be challenged to explain their findings within this community. Security vendors of all sizes have to nuance important messages for media, investors, scarce talent and business partners. Journalists have an extremely tough job keeping pace with news cycles and framing important issues for audiences, at a time when we all can feel numb to the din of breaches, vulnerability warnings and vendor claims. If you make a living in or around cybersecurity, you’re in the communications business, whether you realize it or not. A big take-away from Black Hat was the need to continually reexamine the message you are trying to get out and the mediums you use, whether you are trying to reach the boardroom, conference organizers or influencers chronicling the industry.
Now that we’re through Black Hat, companies are starting to plan for security trade shows in 2020. What do you recommend they bear in mind from a marketing/public relations standpoint?
CB: Definitely plan early! Black Hat seems to sneak up on everyone, but knowing what you want to accomplish and planning for it well ahead of time is key! Black Hat is a very social and social media driven event – so definitely connect with people ahead of time on LinkedIn and Twitter and arrange casual coffee meet-ups to chat and connect with people!
Use multimedia. Black Hat is an amazing opportunity to record videos, podcasts, take pictures, etc., that you can utilize on your website, social media and in blogs for months afterward. The more multimedia content you can use to engage with your prospects/customers/audience, the better!
Think about releasing research and findings a couple weeks after the conference. We typically see a bit of a lull post-Black Hat and releasing unique and insightful research afterward is a good opportunity to continue the momentum of the conference and engage with potential leads you met with onsite.
With proper planning and a solid marketing/public relations strategy, Black Hat can be a huge success.
TR: The most important advice I give clients approaching big conferences like Black Hat or the RSA Conference, for example, is to plan what you specifically want to get out of the conference well in advance, so that you have measurable goals and do not get distracted or overwhelmed. These shows have become so large and noisy that they – paradoxically – feel less and less accessible. You have to accept that you will not have bandwidth to do “everything,” so figure out in advance what is most important to you. What types of attendees are you most interested in meeting for networking purposes? At Black Hat I saw a lot of attendees actively focus on “Lobby Con,” or purposely seeking out peers for casual talks over breakfast or coffee, outside the crush of presentations and expo halls. Following the buzz around events on Twitter and LinkedIn is a great way to keep an eye on who is attending; it helps you prioritize the handful of folks you think would enjoy trading notes on mutual issues. Focus on new relationships you want to kick-start this way, it’s a great approach to actual ROI and learning from these events that are otherwise very tiring and time-consuming.
Because standing out from the noise of major conferences is challenging, consider holding a separate event with peers, partners or others on the sidelines of things. If you are focused on a particular theme you feel isn’t adequately represented at the show, chances are other attendees agree. Pooling funds and resources to stage your own mini series of debates or panels between networking and refreshments can be a fantastic way to build relationships, position a brand and drive a ton of content.
Another great tactic is to use major conferences for buzz and backdrop. If your whole team will be in attendance, utilize that time further to shoot videos or cut podcasts. Plan a blog series showcasing the diverse POVs and expertise areas that your squad took away from the show. These are all great plans and objectives to set far in advance of conferences next year as you change-up how you plan and benefit from them.