This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Fast Chat with
Leading up to Black Hat USA, hear from Black Hat Review Board Members, Speakers, Trainers and Partners about their contributions to information security and the upcoming Black Hat event.
This week, we chat with Justine Bone, CEO of cyber-security company MedSec, Black Hat Review Board and CISO Advisory Board Member.
I saw your tweet about reviewing submissions for Black Hat USA as a privilege and learning opportunity. Did you review specific tracks this year?
Yes, I reviewed the Artificial Intelligence/Machine Learning, Policy, and Community tracks.
Can you share a few talks that you are looking forward to this year?
I am very excited about all the selected AI/ML talks. This is a new track and received more submissions than any other track. AI can do so much for cybersecurity on both offensive and defensive topics. We have a lot of platforms - cybersecurity platforms included - with a heavy dependency on AI capabilities, and there's a lot of emerging science in this area. As with any emerging capabilities there are inherent risks, and we are just beginning to to understand and articulate what those risks are. This is also an interesting area because it brings together different types of experts - so one of our first requirements is to come up with a cyber AI/ML lexicon that allows these scientists to communicate effectively.
There have of course been many takes on this, but as a Review Board member, what are some of the things you are looking for when you're evaluating Briefings talk submissions?
Really striking the balance of new and fresh content/ideas, but also staying true to the Blackhat culture. Many of us come from offensive roots, and we need to maintain attention to this while also recognizing that we as an industry have matured, and we need more than new "ways to hack" systems. When evaluating offensive submissions, I look for proposed solutions to the problems identified. This usually indicates a level of maturity and thoughtfulness on the part of the presenters, which is an indication of a good talk, especially if the presenter is not someone already known in industry.
I also saw that the Pwnie Nominations are open! Can you give me a rundown of how the judging happens?
The judges monitor public submission of nominations then gather to review, edit, and select winners via a voting system. We divide and conquer when it comes to the heavy lifting of editing descriptions, but we vote across the board. There are 16 judges, and we are considering adding a couple of additional judges to the team this year. When we opened up nominations during Summercon I announced this, and I am still taking applications! I especially urge prior winners to reach out if they are interested in working with us!
Having attended so many in-person (and probably virtual) security events – What are you most looking forward to about this year's virtual Black Hat event?
I think we are going to see a much more diverse set of attendees and participants, which is exciting! I also know that some speakers that would not have been able to attend in person are now able to deliver presentations remotely - so again, more diversity of content and perspectives.
This year you have also joined the CISO Advisory Board in addition to the Black Hat Review Board, the Pwnie Awards AND of course being CEO and Board Member of MedSec, serving on HP Inc.'s Security Advisory Board, IANS faculty, and Chairing the non-profit Miami Children Corporation – What inspired you to join the CISO Board?
In recent years my work has included board service, and this has really helped me understand new ways I can help CISO's, including board communications, risk profiling, product security strategy, and even cybersecurity marketing. These can be challenging areas for CISO's from very technical or traditional backgrounds, so I see my involvement with the CISO Board as a way I can help address this.
Justine Bone is a CEO, Board Member and former CISO with 20 years of experience across the medtech, defense, and financial industries. Her broad areas of expertise include technology risk management, business and product development, cybersecurity communications and business development for technology providers. Justine currently holds the position of CEO of MedSec, where she develops cybersecurity program strategies and solutions for Healthcare Delivery Organizations and Medical Device Manufacturers. She also serves as a member of HP Inc.'s Security Advisory Board, is a faculty member of IANS, and is Chairperson of the non-profit Miami Children Corporation. Prior to her current roles Justine led as CEO of Immunity Inc (acquired by Cyxtera) and Chief Information Security Officer and Head of Infrastructure and Risk Management with Bloomberg L.P. and Dow Jones. Justine's training was as a researcher and security analyst for New Zealand's Government Communications Security Bureau.