Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

Think Tank Topics

Featured Presentation


Executive Summit

Executive Summit Confidentiality Agreement to be signed onsite Executive Summit Confidentiality Agreement FAQ

Executive Summit Schedule

See the full days events here.

Registration Hours:

Click here to view our registration hours.

Think Tank Topics

AntiVirus is dead. What now?

The new wisdom is “everyone gets breached eventually,” so what’s the right balance of response, detection, and prevention? Share your lessons learned and best practices deploying alternative and complementary technologies.

Key Questions:

  • How quickly can you react once an endpoint goes sideways? And do all your AV responses need to be the same?
  • Why firewalls are irrelevant: Do you protect your endpoints differently when they roam outside your firewall?
  • How practical is automation and integrating systems together?
  • Should you be endpoint-focused or data-focused?

Bring Your Own Disappointment - Realities of Personal Devices in the Enterprise

Case studies of BYOD disappointments will frame a discussion of actionable strategies and tactics balancing the freedom of a personal device and the requirements of organizational policy.

Key Thoughts and Questions:

  • What is your current strategy, and how is it working?
  • What technologies are you using, what surprises have you encountered?
  • Murky legal guidance- where do you draw the boundaries between personal and corporate data?

Businesses in Hyper Growth: Curveballs and Surprises in International Expansion

  • Considerations when opening (or acquiring) international offices
  • Unintended consequences of international travel
  • Technical, Cultural, Legal, IP and other surprise issues in new regions

Leading Questions:

  • How do you know where people are traveling to?
  • How do you measure risk for foreign travel?
  • How do you manage threats and vulnerabilities at your remote locations vs. at HQ?
  • How many laptops do your employees lose each month? How do you know? Do you know what was on them?

Deconstructing the Kill Chain- Building an Intelligence driven Security Team

Some companies get a knock on the door by a three-letter-agency to deliver the bad news 'You are owned.' Some of us have heard about it, others have experienced it. This discussion is about making lemonade, not wasting a compromise, and building a world class security team driven by actionable intelligence.

Key Questions:

  • When that government agency knocks on your door, what do you do?
  • For pre-owned organizations, everything is a victory- which ones matter?
  • You've heard about the cyber kill chain- but what is it, and how do I make it generate intel?
  • What does maturity in the intelligence and APT threat space look like?

Managing Insider Threats: When 'trust, but verify' is not enough

We must trust users. As the workforce and culture shifts, protecting our users from accidental compromise is considerably different than detecting and interrupting malice. This discussion is designed to discuss what we've seen, what we know is happening, and the considerations in detecting and responding to these issues.

Key Questions:

  • How do I protect my sensitive data from those you are authorized to have access?
  • Will DLP help – so many false positives?
  • Legal consideration (US and abroad)?
  • How do I identify and track the data to protect?

Putting Toothpaste Back In The Tube: How to Add Meaningful Security Controls to an Open Culture without Killing It (or Getting Killed)

Everyone wants to work in a startup culture. It's the land where access to source code, production systems, user data is as simple as access to the weekly chair massages and the 4pm Nerf Gun Fight. However, it's all fun and games until something bad happens, or if you're lucky, your customers start demanding more before it does.

Key Questions and Thoughts:

  • Open culture involves trust, and what does it say to your colleagues when the actions you're taking to restrict access or monitor activity appear to be the polar opposite of trust?
  • When does it make sense to look the other way and when do you decide you need to put your foot down when something risky is happening?
  • How do you convince people to be more suspicious of the outside environment, assume the worst, verify everything, and that there really are people that wish to do them or the company harm?

Quantifying IT Risk - Can you hear me now?

We are not giving the business what it wants, a true indication of risk. How will you meet their needs and mature alongside the business? Discussion will cover successes and failures around these topics:

Key Questions:

  • How do you map IS & IT Risk into business processes?
  • How do you measure the Risks that IS & IT are imposing on your company?
  • How are you conveying IS & IT Risk to your business in terms THEY understand?

Securing the Supply Chain

Securing our networks and patching our systems does nothing to ensure the integrity supplier provided hardware. We worry about espionage from China, and still build data centers on hardware sourced from there. Building trust into embedded systems, controllers and firmware confirming that they not been tampered with along the supply chain is a complicated problem.

Key Questions:

  • What are the greatest challenges and concerns facing your organization, around supply-chain security?
  • What key factors do you or would you include in your organization's supply-chain risk strategy?
  • Do you have concerns on using open-source software, and if so - why, and what are you doing about them?
  • What standards/regulations/technologies/information-sharing are needed to help address supply-chain risk?

Security Program Capability Maturity Model

Every security department is at a different stage of maturity, depending on where you are on a development path will indicate how capable you are to execute a robust security program.

Key Questions:

  • What is your assessment of leadership strengths and gaps?
  • Do you have the right organizational structure and skilled staff?
  • How well do you leverage existing security technology?
  • How do you go about choosing what threats to mitigate and controls to adopt?

Signal to Noise - Measurement is only the START of maturity

Increasing instrumentation is fundamental in detecting compromise at the application, host, and network level. However, in reality it is only the beginning. This discussion will be an exploration of what works (and what doesn’t) with network traffic anomaly analysis, passively detecting vulnerabilities being discovered at the application level, and useful approaches for correlating weak and strong attack signals.

Leading Thoughts or Questions:

  • Detecting compromise earlier in the attack cycle?
  • Improving instrumentation at endpoints, networks, and applications?
  • Surprise sources of noise and lessons learned?

Software Security - Lessons learned from the front lines

Integrating security into the software development process to achieve the right assurance level is hard. The degree of difficulty increases as you factor in active attacks by bad guys and aggressive customer questions slowing down the sales process.

Key Questions:

  • What is the right organizational structure and process?
  • How do you know you've invested the right amount?
  • How do you demonstrate the effectiveness of your security activities during development to customers?
  • Which 3rd party tools and services add value and which ones are snake oil?
  • How do you achieve consistency in your process and results across your software portfolio?

World Economic Forum: Driving Cyber Resilience

You’ve probably heard of the famous Davos. In 2013, a group of ICT industry executives and policymakers gathered to explore cyber resiliency, seeking to define crucial capabilities, including sharing of information and protection of critical infrastructure.

The World Economic Forum is joining us to get a Black Hat perspective of current and future cyber security considerations, to aid in creating recommendations for companies and governments. Output from this working group will be included in the 2014 Annual Meeting in Davos.

Key Thoughts and Questions:

  • What are the key infosec technologies and approaches that are playing today, and how will this change in the next five years?
  • Regarding offensive and defensive cyber capabilities- what counsel and consideration will guide ‘the right balance’ for organizations and governments?
  • How can information sharing positively impact information security programs in both enterprises and governments?
    • What are key ways to strengthen this impact?
    • How does this vary by vertical?
    • The Forum is particularly concerned with critical infrastructure- any special considerations here?
  • What would be key drivers for the C-Suite to cultivate:
    • Resilience initiatives?
    • External information sharing?

Featured Presentation

Oracle: On Java Security

Over the last 20 years, Java has found its place on billions of devices, desktops and servers, and is expanding rapidly into new application areas including embedded and edge devices. As a result of its success, Java is an attractive exploitation target, making java security a significant concern. In this session, Milton will shed light on Oracle’s Java security program, their progress and plans for Java security.


Milton Smith leads the strategic security program for Java platform products as Sr. Principal Security PM at Oracle. Milton is responsible for defining the security vision for Java and managing working relationships with security organizations, researchers, and the industry at large. Prior to Oracle, Milton led security for Yahoo’s User Data Analytics (UDA) property.

Executive Summit Sponsors

Premium sponsor

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit

Philippe Courtot, Chairman and CEO
Currently CEO of Qualys, Philippe has a distinguished career turning innovative companies into industry leaders, including Signio, Verity and cc:mail. In 2012, he launched the Trustworthy Internet Movement, a nonprofit, vendor-neutral organization committed to addressing Internet security. He holds a Masters degree in Physics from the University of Paris.

Amer Deeba, Chief Marketing Officer
Amer oversees branding, marketing, communications and product marketing at Qualys. Prior to Qualys, he was the GM for Verisign’s Payment Services Division. Prior to VeriSign, Amer held a variety of management roles at companies including Adobe, Verity and Amdahl. Amer earned master's and bachelor's degrees in computer science.

Wolfgang Kandek, Chief Technical Officer
Wolfgang is responsible for product direction and operational aspects of the QualysGuard platform and infrastructure. Wolfgang has over 20 years experience developing and managing information systems. He earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany, and is a frequent speaker at security events.

Andrew Wild, Chief Security Officer
Andrew oversees security, risk management and compliance for Qualys. His over 20 years experience includes leading network engineering and security teams at EMC, BT and Sprint. Andrew has a master's degree in electrical engineering from George Washington University and a bachelor's degree in electrical engineering from the US Military Academy.

John Wilson, Executive Vice President of World Wide Field Operations
John manages Qualys’ global field operations. Prior to Qualys, John held leadership roles at companies including Verizon, Ubizen and Johnson & Johnson. He served as an officer in the U.S. Army, and holds a bachelor’s degree from the US Military Academy at West Point and an MBA from Fordham University.

Foundation Sponsor

Vigilant by Deloitte is the cyber incident risk management solutions group of Deloitte & Touche LLP’s Security and Privacy Services, offering consulting services, managed services, and information services to help organizations protect their critical data and infrastructure from emerging cyber threats. In combination with Deloitte's larger portfolio of security services, we help companies with their information risk management initiatives, working to advance and evolve security solutions, improve enterprise security and value, and develop risk aware programs and processes. • Identity Access Management • Cyber Threat & Vulnerability Management • Governance, Risk & Compliance • Information & Technology Risk Management • Resiliency • Privacy & Data Protection • Enterprise Application Integrity

Ed Powers, the National Leader of Deloitte’s Security & Privacy practice, specializes in cyber security and IT risk management, and works with many leading financial institutions and other global organizations. Previously, he taught Technology Management and Information Security in the Marshall School of Business at the University of Southern California.

Joe Magee is a Director at Vigilant by Deloitte, where he oversees development of strategic services. He was a co-founder and CTO of Vigilant, where he led the development of security monitoring methodology, pioneered fraud monitoring solutions, and provided the vision behind the company’s managed services and threat intelligence offerings.


As Head of Intelligence, Lance James oversees Vigilant by Deloitte’s threat intelligence services. Previously CTO at Secure Science Corporation and senior threat analyst at Damballa, James is well-known in the intelligence community as an author, an expert witness in fraud and identity theft cases, and a contributor to security-related regulations.

Event Sponsors

BlackBerry Security, Research in Motion (RIM), is a world class organization providing end to end security focus including: driving the BlackBerry security message globally, security accreditations, development of security products, advanced threat research, building mitigations into BlackBerry products, and by rapidly responding to security incidents. More information:

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at or follow us @TripwireInc on Twitter.

Websense, Inc. (NASDAQ: WBSN) is a global leader in protecting organizations from the latest cyber attacks and data theft. Websense TRITON comprehensive security solutions unify web security, email security, mobile security and data loss prevention (DLP) at the lowest total cost of ownership. Tens of thousands of enterprises rely on Websense TRITON security intelligence to stop advanced persistent threats, targeted attacks and evolving malware. Websense prevents data breaches, intellectual property theft and enforces security compliance and best practices. A global network of channel partners distributes scalable, unified appliance- and cloud-based Websense TRITON solutions.

Websense TRITON stops more threats, visit to see proof. To access the latest Websense security insights and connect through social media, please visit For more information, visit and