Black Hat and Silicon Valley 2012: Part One

Written by

I’m writing this on the plane back from Las Vegas. People can hang up their Black Hat t-shirts until next summer (although I suspect many of the delegates wear them year-round. It always amazes me how they are worn with pride like rock t-shirts, with immense kudos being given to those with the oldest t-shirts. I always find myself looking for Bruce Springsteen’s tour dates on them!). Anyway, I digress.

Another year, another Black Hat. I was there, I survived, I got the t-shirt (well, I didn’t actually, for all those reasons mentioned above!) I think it was my fourth Black Hat. Last year I sent Drew in my place, and actually quite missed it. Despite not quite understanding even the session titles of around 25% of the programme, and despite feeling like a sore thumb for three days, I actually really enjoy Black Hat. It’s in its fifteenth year, and while it now has all the commercial elements that most industry events do, and reached a record-breaking 6,500 delegates this year, it still has a bit of a raw – and an extremely passionate – feel about it.

You see, people who go to Black Hat really care about information security. They like their jobs, they love breaking things (and by things I mean passwords, code, systems – mostly for the greater good!) and they’re passionate about making progress and making a difference.

I always come away from Black Hat with a renewed sense of enthusiasm for the industry and normally a lighter purse and a bit of sun burn too!

In the days prior to Black Hat, I spent two days travelling around Silicon Valley meeting with vendors and industry contacts. I’ve written – or am in the process – of writing dedicated pieces for most of these meetings, but here’s a summary of who I’ve met and what I’ve learnt this week.

Lunch with Alberto Yepez

Managing director at Trident Capital, Yepez has invested over $200 million of venture capital into information security firms – he considers himself (and I say ‘considers’ because I’m not sure if it’s fact) the largest infosec VC in the US. I was introduced to Yepez through a mutual contact (thank-you Nigel Stanley) and I’m so glad we were.
Over lunch in the garden of a lovely Italian restaurant in Palo Alto, Yepez and I discussed what makes him invest, how he behaves as an investor (very hands on by the way), what’s going on in the mobile market, and what’s hot right now.
He’s so passionate and has so much knowledge that he’s eager to disperse that I became concerned that with all the talking, he wouldn’t get around to his lunch.
It was fascinating to get the perspective of an investor, rather than the vendor, and my time with him was priceless.

Alien Vault

By coincidence, I had set up a meeting with Alien Vault – one of the companies that Yepez invested in – for later that day. Armed with all the insight Yepez had given me, I asked Russ Spitler, VP product management, what it was like to have Yepez as an investor. He confirmed that he is indeed very hands on, and considers this a great advantage. “It’s hard not to respect the knowledge and expertise that he brings to the table” he said.
Alien Vault, a fairly small company (at the moment anyway) was founded in Spain but now has a HQ and CEO in the US. We talked about their product and what problem they solve, but we also had an open and honest discussion about what it’s like to work at a ‘small fish’ company in the Valley and how it’s possible to attract talent and retain staff with so many other long-established, very large tech companies around. Spitler told me that a lot of people “are eager to work at a cool start-up”, and his colleague, who I won’t name said “If you want job security, you may choose one of the big companies. If you want to use your brain, you pick a start-up.”


I think this was my third visit to the Symantec offices in Mountain View, but possibly my most interesting. I turned up at the wrong building, and then had a long walk across what can only be described as their ‘campus’ to find the correct building. The office has quite a formal feel to it (unlike many of the others out there) and it’s very yellow!
Their lovely PR manager, Elizabeth, was telling me about the lack of real estate in Mountain View and how the existing companies (Facebook, Google, etc.) based there are outgrowing their space with no more on the market. Luckily for Symantec, VeriSign – which they acquired in August 2010 – had offices right across the road, so an easy expansion of space for them.
They did the typical Symantec thing and produced a slide show (*sighs*), but we had a discussion about the biggest social networking threats and I learnt a few new phrases. The next day I would join the Symantec research team (well some of them) and the PR team at a media dinner at the Cosmopolitan hotel in Vegas. Without a Dictaphone or notebook in site, guards came down and I had some great conversations about the current threat landscape. Oh, and dogs, holidays and American history. The food and wine was excellent, and it was good to get that relaxed face-time with key members of the research time.

Interview with FireEye Founder & CEO

I’ve worked with FireEye on various events and webinars so I had a pretty good idea of what they were all about - and liked what I knew. However, meeting Ashar Aziz, gave me an even better perspective. He’s charming, smart – so smart – and interesting. I’ve writen up this interview in full, so I’m not going to go into much detail here. I really enjoyed my hour with Aziz and came out of the interview with a lot of respect for him.

To be continued….

What’s hot on Infosecurity Magazine?