Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

Black Hat Preview: The Business of Cyber Takes Center Stage

The cybersecurity industry heads to Las Vegas this week for Black Hat in a state of economic contraction, confusion and excitement. Can the promise of AI overcome the hype cycle to truly solve security problems?

Black Hat 2023 product announcements

LAS VEGAS — Once the undisputed hub for the most groundbreaking technical security research, the Black Hat conference no longer boasts the same prestige it once held in the eyes of old-timers. However, despite losing its sheen and morphing slowly into a corporate vendor boondoggle, ‘hacker summer camp’ remains an essential barometer of the state of play in cybersecurity as whispers about layoffs and dwindling VC funding happen alongside chatter about zero-days, APTs and the newest in hacking wizardry.

The conference, which opens here this week, promises a mix of keynotes and technical sessions reflecting the latest offensive and defensive trends, but it is the business of cybersecurity that will take center stage as struggling startups jostle for attention with shiny expo booths and late-night Las Vegas parties.

Across the board, cybersecurity is in a state of shock and confusion. The industry has been ravaged by large-scale layoffs, even at cash-rich companies like Cisco, Microsoft and Google. On LinkedIn, there’s a noticeable spike in profile photos with #OpenForWork badges while the US government continues to lament a cybersecurity skills shortage.

Dwindling VC Funding

On the venture capital funding front, investments have slowed dramatically, especially for mid- to late-stage startups while deal values continue to fall.  According to data from Crunchbase, a website that tracks VC activity, investments in cybersecurity companies dropped to just slightly more than $1.6 billion in the second quarter this year, a 63% drop from the same quarter last year when startups banked $4.3 billion in financing.

“These numbers are just the latest reminder of how dramatically the venture capital environment has changed in just 24 months,” Crunchbase said, pointing out that the investment number marks its lowest point since the last quarter of 2019, when startups raised just under $1.6 billion. 

The Crunchbase data syncs with calculations from Pinpoint Search Group that show a 55% decline in year-over-year funding for cybersecurity startups and research from DataTribe warning that unprofitable startups with poor revenue metrics “will need to find other ways to survive.”

Advertisement. Scroll to continue reading.

Despite the financing doom-and-gloom, there are still VCs making abnormally large early-stage bets on the IAM, software supply chain and cloud security categories. At the same time, Cisco has gone shopping for security startups and investors say the economic climate has forced entrepreneurs to “be more realistic” about valuation expectations.  

These economic realities will be front and center at Black Hat as budget cuts force marketing teams to tiptoe around the optics of overspending while colleagues are being laid off. On the show floor, booths are expected to be smaller and without the expensive bells-and-whistles while the agenda for side-events like the sold-out CISO Summit features sessions on the economics of cybersecurity.

Generative AI Hype

Still, there will be no shortage of vendors at Mandalay Bay claiming to have built the world’s greatest platform to solve security’s biggest problems. Judging from PR pitches in my inbox, security vendors have latched on to the ChatGPT hype, promoting new integrations, tooling and capabilities “driven by AI.”

While it might be difficult to wade through the AI hype, security leaders are bullish on the promise of artificial intelligence to create leapfrog technologies in cybersecurity. 

Jason Chan, a veteran security executive who last managed IT and security at Netflix, is among the believers. “I think right now we’re seeing a lot of really simple efficiencies. ‘Help me write this thing better’, or ‘look at this thing, create some test data’, some really, really amazing simple use cases,” Chan told me in a recent interview.

“If I were to try to imagine, say, a decade from now, I think you’re going to see a lot more really intelligent code generation where you start to see computers as software engineers. The computer will build the code for you,” said Chan, now serving as an advisor to VC outfit Bessemer Venture Partners. 

“I’m really excited to see what’s coming at BlackHat, I think you’re already seeing security companies adding ChatGPT integrations to make things smoother and I’m expecting to see some really interesting automation and classification tech to really speed things along,” Chan added.

Mike Hanley, Chief Security Officer and SVP of Engineering at GitHub, expects AI to be a big theme at Black Hat this year.

“It will be a big theme at Black Hat and I think it’ll be a big theme for years to come. If you look at the progress in terms of real world implementation of AI, I can tell you that Copilot is booming at GitHub in terms of the demand and appetite for it, which is fantastic. But when you imagine the other use cases, I mean, I’m really excited about what that can mean for bug hunters, for other productivity needs, for other security suggestions and capabilities,” Hanley declared.

“The experiences will not stop with chat-based interaction. I think that’s one modality in which people can interact with and benefit from AI,” the GitHub security chief added. 

“Being able to ask questions like ‘How many bugs are in this code?’ or ‘Tell me about the history of this code and how long it’s taken to address defects.’  I mean, there’s a sort of a universe of questions that will probably get answered in the course of the next several years through different AI experiences.”

Related: Mobile Platforms ‘Actively Obstructing’ Zero-Day Malware Hunters

Related: Cybersecurity Investors Pivot to Safeguarding AI Training Models 

Related: What’s Going on With Cybersecurity VC Investments?

Related: New CISA Boss Unveils Anti-Ransomware Collab With Big Tech

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

Black Hat

Hundreds of companies and organizations showcased their products and services this week at the 2023 edition of the Black Hat conference in Las Vegas.

Black Hat

Cris Thomas, also known as Space Rogue, was a founding member of the Lopht Heavy Industries hacker collective.

Black Hat

LAS VEGAS – The security industry makes its annual pilgrimage to the hot Sonoran desert this week for skills training, hacking demos, research presentations...

Black Hat

Sin City, A.K.A Las Vegas, Nevada – is once again playing host this week to the Black Hat and DEFCON security conferences. With throngs...

Black Hat

Bypassing Air Gap Security: Malware Uses Radio Frequencies to Steal Data from Isolated Computers 

Black Hat

The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009 but the talk was pulled at the last...

Black Hat

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results...