By John Dickson
Once again, the impossible has been made possible in the security industry. Congratulations to General Manager Trey Ford, Founder Jeff Moss, and the entire organizing crew for Black Hat 2012 who made this year’s event another hard act to follow. Instead of filling out the bubble chart feedback form, I opted to provide feedback on this year’s event in narrative format, providing several pointers that might make future Black Hat conferences more memorable.
1. Standardize all attendees dress to be a black T-shirt and jeans - To quote Dan Cornell (who has probably quoted someone else), the jeans-black T-shirt combo is the “little black dress” for gents. It works, it’s easy, and it’s modestly stylish. Plus, it would help the deeply out-of-place attendees who wore suits or pleated pants from Jos A. Bank. By way of comparison, wearing kilt to Black Hat is an earned privilege. I would suggest you only get to wear a kilt if you’ve been to five or more Black Hat conferences, have facial hair, and are actually not from Scotland.
2. Give out Volksmarch pins for the 10k of walking within Caesars - The Germans have perfected the walk in the countryside – the Volksmarch, or “people’s march.” Upon completion of a long march, typically participants receive a keepsake medal. Black Hat should do the same, given the grueling kilometers participants have to hike to navigate the bowels of the Caesars Conference Center.
To get the ball rolling, we’d like to propose the following mock up.
3. Install foot massage stations - See #2 above for business justification.
5. Declare a Moratorium on Sun Tzu quotes - During the Black Hat Executive Briefings, Josh Corman (@joshcorman) lamented that speakers at Black Hat would once again over-quote Sun Tzu. Josh’s “No Sun Tzu Quotes Bro” request was quickly followed by Wednesday’s keynote speaker leading with a Sun Tzu quote. Can I recommend, instead, a wholesale shift to quoting Carl Philipp Gottfried von Clausewitz, the 18th century Prussian soldier and military strategist who military guys will recognize is equally over-quoted in the uninformed ranks? He has some great gems that security folks would love to shoehorn into presentations:
- War's climate of danger, exertion, uncertainty, and chance also demands other intellectual qualities.
- The defensive form of war is not a simple shield, but a shield made up of well-directed blows.
- Theory becomes infinitely more difficult as soon as it touches the realm of moral values.
6. Recruit Japanese subway guys – For the more popular sessions and the attendee lunches, fly a few of the white-gloved guys in from Tokyo to encourage maximum use of the Caesars Palace Conference Center Floor.
This solution is great because the maze that is the Caesars Palace Conference floor is just as confusing at the Tokyo subway system.
7. More conference training schedules that look like UNIX log files – No explanation needed.
8. Trade escalators for slides - After each session and before lunch, invariably the hungry masses head downstairs to lunch, packing the escalators and jamming the hallways. Perhaps we can draw inspiration from hosting giant Rackspace, and develop a more efficient way to transport attendees down to the lunch floor via slides:
Suggestions considered but not included:
- Binoculars for the outside viewing pavilions over the Caesars pool.
- Light sabers or ninja swords for all attendees, not just the lucky few.
- Let anyone in for free if they have a real Mohawk.
- Put BSides in the Casino Royale, DefCon at the Bellagio, and install zip lines between the hotels so attendees can more efficiently transit from one security show to the other.