Top Ten Things I Learned at Black Hat

By Ken Phelan
Posted in Uncategorized
On August 19, 2015

I was out at Black Hat last week and I thought I’d sum up some of the things I learned for those of you who couldn’t make it -

Top 10 things I learned at Black Hat:

  • Hackers don’t look like they do in the movies. Well, some do, but not the majority of them. Hacking is less emo than you think.
  • It’s also more boring than it looks on the movies. It’s really a long process of finding vulnerabilities in an environment and matching them to exploits. It’s more like data analysis than playing some kind of video game.
  • Manage your vulnerabilities. Risk equals vulnerabilities multiplied by assets multiplied by threats (R=VxAxT). You can’t do anything about threats. Not much use trying to explain to your organization that they have too many assets.
  • It’s really just the plain old normal patched vulnerabilities you need to be interested in. 99.9% of successful attacks exploited known and patchable exploits.
  • Everything has vulnerabilities. Hardware, software, applications.
  • Obsessive patching seems like a good idea to me. If the manufacturer has taken the time to write and release a patch, we should get it deployed.
  • 6 days is too long to spend in Las Vegas. 1 or 2 is too short. 3 or 4 is good. Anything past that, the place gets on my nerves.
  • Have a cyber-crisis plan and drill it like you drill your DR plan. The “Bad Day” is inevitable.
  • We need to train more people in basic hacking skills. Even if you’re not penetration testing for a living, it’s hard to defend if you don’t know what an attacker’s perspective is.
  • At the craps table, always back up your bet on the pass line. It’s the best bet on the table. (Thanks to JRM)


Ken Phelan

Ken Phelan

Ken is one of Gotham’s founders and its Chief Technology Officer, responsible for all internal and external technology and consulting operations for the firm. A recognized authority on technology and operations, Ken has been widely quoted in the technical press, and is a frequent presenter at various technology conferences. Ken is the Chairman of the Wall Street Thin Client Advisory Council.