Highwire Talks Security with Black Hat Communications Director

Blackhat 2016 event logo


One of the biggest global security events in the world, Black Hat has been providing attendees with the latest in research for over 18 years. Participants can enjoy learning from information security luminaries about various developments and trends in the industry. As you think about how to present new or interesting perspective this year, take a look at our survey findings from last year’s Black Hat, particularly the part about overused buzzwords, as you may want to eliminate some of the most commonly used jargon from your content.

With the event fast approaching on July 30, Highwire took the opportunity to speak with Meredith Corley, director of PR & communications for UBM—the company that puts on Black Hat every year—to gain some insider knowledge that will prove useful for PR professionals and security companies.

Q: What is the number one strategy you can offer companies as they prepare to pitch media at Black Hat?

A: Remember that these members of the media and analyst community are the crème de la crème of the InfoSec reporting world—so do your research! And I don’t just mean on their specific beat, that’s a given. My research advice is the following:

1) Pitch the Goods: With so much dynamic content on stage, running alongside big research report releases and innovative product launches from the show floor (all vying for their attention & time slots), now is not the time to do a generic email blast. Before you work to set up that briefing or meetup, ask yourself: How does this news break the mold, challenge the status quo or take our industry in a new direction? With a product launch, how specifically will your new product or service solve an existing problem or void? Any cool demos to share? Alternatively how will your perspective help dig into an existing industry hot button issue or theme with a fresh (or challenging) perspective? Are you offering up special access to key thought leaders or research? Is there a new finding that will change the course of the current dialogue?

If you can’t answer these with an elevator pitch before pressing ‘send’ on that email, hold off. Media get a ton of email leading up to the show, so make it count.

2) Expand Your International Contacts: Does your company have international roots or hope to take their products and services global? Don’t forget to research the many international members of the media that join us onsite every year. We have massive news agencies, trade journals and analysts join us from as far as Australia,  many parts of Asia, Europe, S. America and everywhere in between. Now is your chance to build those valuable relationships with key international stakeholders for your brand all in one place. Don’t miss out.

Q: How do you select which companies get their own mini press conferences in the Black Hat press room?

A: We work closely with the Black Hat Review Board and journalist community to get a sense of what is really going to be “hot” onsite—big themes, impactful vulnerability disclosures, big name speakers or government officials, and controversial topics discussed by distinguished resources.

Press conferences are highly selective and are typically reserved for Black Hat speakers that will be presenting during the show. Sometimes we will group them by theme (e.g. “mobile vulnerabilities”) while other times it will be a solo session (e.g. keynote presentation or completely unique topic that stands apart from the rest).

If your company or client is speaking at Black Hat this year and you think the topic fits the bill, drop us a note: BlackHatPR@ubm.com.

Q: What do you think the top trends will be at this year’s show based on what you’re seeing across the top sessions and/or media requests?

A: Aside from the headline-making and completely unique vulnerabilities and research (a lá car hacks, new ways to take over ATMs, and medical device weaknesses and defense), I would say that one of the top trends this year is what we collectively call “Platform Security.” We also saw more submissions than ever around vulnerabilities (and defenses) in top operating systems and virtual machines.

Unsurprisingly, Internet of Things (IoT) is also a big theme again this year as everything we know becomes increasingly “smart.”

Also, talks this year really run the gamut—and they should, since we received more submissions this year than any year prior. The Review Board really had their work cut out for them to pick the best of the best. There are quite a few great enterprise system-related briefings, some really smart research across all things mobile, and even a whole track of talks in the “human factors” category, which covers everything from phishing to the actual success rates of malicious actors dropping USBs in parking lots to name a few.

Q: Anything new or different taking place at the show this year that we should know about?

A: Glad you asked—Yes!

New to Black Hat? If you, your team members or your client(s) are newbies to Black Hat, we’ve got you covered. ALL pass types are invited to join us for Black Hat Day Zero —a first-timer’s guide to making the most of Black Hat. Here, new attendees can come a day early (Tuesday, Aug. 2) to learn what to expect on site, how to make the most of their time and even how to keep their devices safe on the show network. (Don’t forget your tinfoil hat…) There will be a welcome reception for some good mingling after the sessions.

Closing the Gap: Despite more attention to the issue, the needle just hasn’t moved all that much on the dramatic underrepresentation of women and minorities in the security industry, even as the talent gap deepens. I would encourage you and your colleagues to check out this fantastic panel, “Removing Roadblocks to Diversity,” on Thursday, Aug. 4, with a pretty stellar lineup. It includes moderator Kelly Jackson Higgins, executive editor of Dark Reading, with Jamesha Fisher, security operations engineer at GitHub; Elena Kvochko, head of global cyber security strategy and implementation at Barclays; Angie Leifson, security operations center (SOC) analyst at Insight Enterprises; and Chenxi Wang, chief strategy officer of Twistlock.

**Tip: this is first-come, first-served—so get there a little early to reserve a seat.

Other neat new and exciting things on site include a hands-on Kali Linux Lab for ALL pass types on Thursday, Aug. 4. And I’d highly recommend checking out the Black Hat Arsenal if you’re looking for real-time demos—this year marks the largest tool lineup yet with 80 to be presented on site.

Meredith Corley is the director, PR and communications, at UBM Americas. Find her on Twitter @MeredithCorley or LinkedIn.

RSA Preview: In 2016, Security Policy is Front & Center

Next week, much of the security industry will again converge in Highwire PR’s hometown of San Francisco for the 2016 RSA Conference. With our security practice constantly adding new clients and welcoming new faces, RSA is an exciting time for all of us.

11159457_10152768333602116_1266236881653969431_nLast year, security entered national consciousness on a new level. This year, it has entered the stratosphere, with debates such as the need for consumer privacy versus national security reaching a fever pitch due to the role encryption has played in high profile cases like the attacks in Paris and San Bernardino. The convergence among the worlds of lawmaking, politics and cybersecurity is reflected in two of the biggest names on this year’s agenda, keynote speakers Attorney General Loretta Lynch and White House Cybersecurity Coordinator Michael Daniel.

With five full days of programming, here’s a sample of key themes, important sessions and other things to anticipate at this year’s conference, courtesy of a few folks in our security practice:

  • Bill Bode, Account Director, San Francisco: The talk I am looking forward to most is the keynote, from United States Attorney General Loretta Lynch. Why? In the wake of Apple’s move to publicly defy the FBI by refusing to allow backdoor entry into a cell phone involved in a major investigation, US cyber policy will be at the forefront of conversation, a topic Lynch will surely address. The Attorney General’s talk should stimulate a thoughtful (and possibly heated) discussion highlighting the differing opinions between what the government and Silicon Valley thinks could be the future of fighting cyber crime- or a dangerous new precedent.
  • Lindsay Bubbico Ciulla, Account Director, New York: I’m looking forward to seeing what comes out of a panel discussion on “Roles of Industry and Government in Cyber-Incident Responses.” Given the election year and the increasing role of security in our everyday lives, I think it’ll be especially interesting to hear from the panel on the role of government and industry during a major security event.
  • 10444656_10152768332977116_647562636317943578_nMegan Grasty, Senior Account Executive, San Francisco: I’m amazed at the continued implications surrounding our connected world. Also at the lack of understanding around the need for security in everything that is connected to the Internetfrom smart toys to planes to cars. I’m looking forward to attending “Our Brave New Connected World: Is it Already Too Late?” to hear experts discuss the security challenges associated with the connected world.

And, of course, we’re excited to see the epic parties and stunts that punctuate the show!

Beyond our Natoma Cabana San Francisco 03party on Tuesday night, we wouldn’t miss vArmour’s Monday night punk rock throw down, ForeScout’s Wednesday night bash featuring one of the world’s Top 5 DJs, Trusona’s VIP launch party at Mourad or Veracode’s annual gathering at Ruby Skye. What are you most excited to see? Share your hot topics and party tips in the comments below. See you there!

AppSec USA: The Place to Be for Web Application Security

It’s no secret that cybersecurity is a top concern for the enterprises, government and consumers. And what do hackers target to steal sensitive information? The application layer. According to Verizon’s 2015 Data Breach Investigations report, 61 percent of attacks happen at the application level. From mobile application flaws—such as Stagefright Android—to Web application vulnerabilities—such as the WhatsApp hack—now more than ever, it’s time to educate yourself on application security.

So where can you meet the best application security experts? AppSec USA.OWASP-AppSecUSA2015-logo

Hosted by Highwire client Open Web Application Security Project (OWASP), AppSec USA is a four-day conference where developers, security experts and technologist meet to discuss cutting edge approaches to securing Web applications. This year’s conference is in San Francisco September 22-25, 2015.

Highwire PR will be at AppSec USA and is thrilled for this year’s keynotes from Facebook CSO Alex Stamos, Microsoft MVP Troy Hunt and Department of Homeland Security’s Chief Cybersecurity Official Dr. Phyllis Schneck. Not to mention Fireside Chats with Uber, Twitter, Netflix and Salesforce.

To get the most out of this year’s AppSec USA, here are the top three must-do’s from OWASP global board member Michael Coates:

1. Hands on Training

There is a massive shortfall in the industry for quality security engineers. If you’re technically inclined, learn application security fundamentals from the best-of-the-best to secure your organization through hands on training opportunities.

As cyber threats become pervasive, everyone from developers to incident responders need to stay up-to-date on the latest threats and best practices and tools needed to keep sensitive systems safe.

The trainings range from application vulnerability evaluation to a malware crash course that includes hands-on malware dissection, software debugging, malware analysis and more.

2. Listen, Learn, Discuss

Learn, listen and discuss about pertinent, cutting edge security topics, such as how to address cloud security for your Web applications, how to handle security at scale, and real-time event detection and response. Experts from security companies like WhiteHat, iSec Partners and Denim Group; technology providers such as Docker and Akami; and enterprise security teams like Netflix, Salesforce and LinkedIn will all cover a variety of security topics and enable discussions that address security experts’ burning questions. Additionally, learn about the state of security, its most pressing issues and what it will take to secure them from keynote speakers Facebook CISO Alex Stamos, Microsoft MVP Troy Hunt, Chief Cybersecurity Official of DHS Dr. Phyllis Schneck and more.

3. Build Your Network, Find the Right Talent

A crucial aspect to any conference, network and connect with the brightest security minds in the world at the most concentrated event for Web application security. Discuss the leading topics with people from all parts of the security process including software developers, information security professionals, incident responders, computer security researchers, and corporate investigators.

Hiring? Job searching? AppSec USA also provides the opportunity to network with a wide range of security professionals and find your next gig or next great hire at the career fair. Some of the hottest companies will be participating including Netflix, Twitter, Airbnb, Palantir, LinkedIn, NetSuite, MobileIron and Tableau.

OWASP’s AppSecUSA is the largest application security conference in the world. You won’t want to miss out!

Register now for AppSecUSA and win 4 sold out Giants baseball tickets. If you’re already registered you can Retweet this to enter to win!

If you’d like to get in touch with Highwire PR at AppSec USA, please email owasp@highwirepr.com.

*Top Three Things to Know originally published by OWASP Global Board Member Michael Coates.


Survey & Infographic from Black Hat 2015 – Hot Security Topics, Overused Buzzwords and more

The second biggest security conference of the year – Black Hat 2015 – may be critiqued as being more and more corporate (comparing it to its professional counterpart RSA), but the research and hacks remain just as impressive as ever. From cyber espionage, to IoT, to car hacking – a landmark moment forever changing the public’s perception of security – this year’s show was anything but dull. Highwire Security was on the ground surveying attendees and here’s what we found:

Top Trends in Security

In line with conversations with reporters, clients and security experts, the survey found that IoT (40 percent) remains the hottest trend in security this year. And the research at the show holds true – hacking rifles, satellites and even a skateboard. Tied for a close second was application security (30 percent) and board-level security awareness (30 percent) – regardless of the intense frequency of hacks and breaches, there is still a major disconnect between the developer and the board.

While IoT dominated conversation this year, we’re expecting to see a few new topics on the list at Black Hat 2016. For example, the intersection of healthcare and security was a hotly discussed item at this year’s show, with the FDA recently making one of their first comments ever on cybersecurity. Long considered to be a laggard when it comes to security, the healthcare industry is finally starting to acknowledge there is work to be done.

In addition to healthcare, we expect to see cyber legislation shoot up the charts next year. For months, the security research community has been very outspoken about the controversial Wassenaar Arrangement, and with a few other security-focused bills on the floor of congress, the trend is only expected to go up.

What are Security Pros Scared of?

People! Twenty eight percent are most concerned about careless employees and user error – insider threats remain a top cause of many high-profile breaches (ahem, Target). Closely followed by 25 percent concerned about cyber espionage (Sony) and 23 percent concerned about mobile malware (Stagefright). Interestingly enough, only 6 percent are concerned about PoS attacks, when in reality 40 percent of data breaches were PoS breaches according to Trustwave’s 2015 Global Security Report.


The recent hack on the Office of Personnel Management has dominated headlines for months, with the number of leaked records increasing in almost every update to the story. So many whispers at Black Hat speculated what would happen next: “Who has this data?” “Somebody’s just sitting on it- are government profiles being built?” “What’s the next targeted agency?” 

The ongoing saga of nation state attacks have struck a nerve with the security community- and everybody has an opinion. Many politicians have recently called for increased collaboration between the private and public sectors to thwart these breaches, with 73 percent of Black Hat attendees claiming they agree that the entities should increase information sharing between one another.

Excuse My French

So what’s the worst of the worst in security? Cut these words from your vocabulary and save yourself a few eye rolls. The top buzzwords security pros are sick of hearing are next generation (64 percent), advanced persistent threats (54 percent), thought leader (52 percent) and game changer (52 percent). Oh and while you’re at it, let’s get rid of disruptive (40 percent), hacktivism (40 percent) and BYOD (36 percent) too.

See our full results below, and we’ll see you at Black Hat 2016!

BlackHat Infographic-Revised2

Written by Christine McKeown, Bill Bode, Nicole Plati and Megan Grasty, members of Highwire PR’s security practice

Highwire PR at Black Hat USA 2015

Leave your smart phones, tablets, drones, rifles and cars at home (yeah, I said rifles). This year’s 18th annual Black Hat USA is boasting some seriously cool sessions from hacking sniper rifles to remotely killing a Jeep on the highway to cloning payment devices. Highwire PR’s security practice will be there front and center alongside corporate information security professionals, government infosec pros – oh and hackers.

To say security is a major concern to all is an understatement usa-v2-inactive– just in the past few months we’ve seen the largest government breach to date when the Office of Personnel Management was hacked leaving more than 20 million vulnerable, a vulnerability called Stagefright that can affect millions with just one text message, and to round that out: data breaches are paving the way for a significant jump in cybersecurity funding. This year’s Black Hat attendees are getting ready to learn, network and attend a solid lineup of must-see presentations.

So what session’s are Highwire’s security pros looking forward to most?

Bill Bode, account director
I’m sort of a space nerd (ask me about my idea for my space-themed dive bar, “Space Bar.”) This, combined with my interest in security makes my most anticipated talk a no brainer: Colby Moore from Synack will be taking Black Hat attendees step by step on how to hack a satellite, with real world attack vulnerabilities in his talk, Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service. I wouldn’t miss it for the world (get it?)

Pete Johnson, account manager
The one I’m most excited about is “Remote Exploitation of an Unaltered Passenger Vehicle” by Charlie Miller & Chris Valasek. Andy Greenberg at Wired published a really crazy piece about Miller & Valasek’s research last week—with arguably the best lede in an article I’ve read all year. Given the rapid shift toward connected cars and the industry’s race to usher in a driverless future, these kinds of exploits raise a lot of questions (if you were a fan of Michael Hastings’ work for Rolling Stone, you’ll probably find yourself fighting some gnawing questions).

Denise Schenasi, senior account executive
I’m interested in the session on, “Back doors and front doors breaking the unbreakable system“. Given the recent U.S. Government hack and the increasingly rampant cyber and insider threats on government institutions and their employees, it’ll be interesting to see what this session adds to the industry debate- and their thoughts on whether the government should – or shouldn’t – have backdoor access to encrypted data.

Isaac Steinmetz, account executive
This presentation on “Android Security State of the Union” should be especially interesting given the recent attention that Stagefright garnered. The presentation will draw on data derived from “hundreds of millions” of devices in order to highlight some of the most pressing Android security issues. The scale of this research alone is impressive. Furthermore, it’s extremely timely, as we’re faced with a vulnerability that could affect close to 1 billion Android devices.

Mariah Robertson, account associate
Pen Testing a City” sounds like it’s going to be a really interesting talk. As our world becomes increasingly connected, and the idea of hacking airplanes and critical infrastructure becomes a bit more real (and terrifying), it will be interesting to hear about what could happen if hackers were to take down an entire city! Is your city prepared for this kind of attack?

Laura Pezzini, account associate
las-vegas-04Bringing a Cannon to a Knife Fight” should be really interesting — considering how deeply governments worldwide are now involved in trying to boost security efforts, it’s fascinating that the Chinese Communist Party literally has a weapon called the “Great Cannon” to suppress any sites they deem against their agenda with a casual DDoS attack.

Alexi Foster, account associate
Whenever we are hit with a major breach, there seems to be a lot of skepticism around human error, activity, and response. The talk on “Automated Human Vulnerability Scanning with AVA” will be interesting to learn if/how we can test human response to security incidents, and what the behavior analysis finds.

Devon Swanson, account associate
The talk on “Exploiting IT Analytics to Create a Human Layer Security Initiative” is one I have my eye on because Dtex examines the “people-centric” aspect of security that leads to insider threats. This workshop actually sounds super interesting by examining user analytics for the human layer of security threats.

Interested in meeting with Highwire PR at Black Hat this year? Email us at Hi@HighwirePR.com

Post-RSA 2015: The Evolving Security Landscape

“Let’s do things differently; let’s think differently; let’s act differently. Because what the security industry has been doing has not worked.” – RSA President Amit Yoran

The overall consensus and call to action at this year’s conference is the security industry needs to change – as threats become increasingly more sophisticated, we’re racing to evolve faster than the hackers and we are continuing to fall behind in the arms race.

Last year saw a 25 percent increase in high-profile, over-hyped data breaches, but who’s held accountable? Conversations at RSA this year centered around the increased need for board-level discussions and how CISOs can adopt a business mindset; the scary potential of vulnerable connected devices; debates about how threat intelligence should be free; the governments increased involvement and the Department of Homeland Security setting up shop in Silicon Valley, and more.

Highwire’s Security Practice was on site this year taking it all in, supporting clients, attending sessions, networking and throwing a killer happy hour. See the team’s highlights here:

Christine McKeown Elswick, vice president
The overarching message in Amit Yoran’s keynote was a significant moment for the industry. He said,”We are losing this contest. The adversaries are out-maneuvering the industry, out-gunning the industry, and winning by every measure.” This was echoed by the New York Times, Nicole Perlroth in a private panel session on Wednesday who said that we can’t build walls high enough to keep out the hackers, and with traditional AV software not working, something must be done to close the gaps that hackers continue to exploit. It will be fascinating to watch as the arms race continues. Startups like Cylance, a next-generation AV company, are making huge strides in this race against threat actors. They recently blocked 99 percent of all threats in live demonstrations across the United States using real malware to test its new technology against old school AV software.

Bill Bode, account director
RSA is changing. For the first time I can remember, some of the most intriguing security startups in the space- Synack, Tanium, vArmour- opted not to have a booth, instead relying on throwing amazing parties, packing in customer/prospect schedules to the brim and networking events featuring prominent journalists to get the most out of their week in San Francisco. If you look at most of the keynotes from this year, you’ll see a laundry list of outdated legacy players talking about old world problems, but one talk did stand out in particular to me, from RSA President Amit Yoran (referenced above). Above all else, his call for vendor accountability is one that could turn the security world on its head. It’ll be a long road ahead to get to a point of true accountability, but it begs the question- once it’s here, will the constant noise die down? Will we get industry-wide agreement on the “best vendors” when we know which solutions just aren’t making the cut?

Mariah Robertson, account associate
RSA is such a great forum to discuss problems, showcase ideas and share solutions. My favorite part of RSA was seeing how different companies are addressing the biggest pain points in security. For example, at the Trustwave booth, security researcher Garrett Picchioni showed us the most commonly used and easily crackable passwords and demonstrated how quickly criminals could hack into a company’s system and steal passwords: it’s just a matter of seconds. We learned that longer passwords are always tougher to crack, and that “Thisismypasswordnoreallyitis” is a much better password than even a short random string of numbers or words such as “Spring2015” or even “A2qR!” Knowing that weak passwords are the leading cause of data breaches, I recommend everyone change theirs on a regular basis!

Isaac Steinmetz, account associate
This year was my third RSA, but ended up being the first time I was able to see a client present (those pesky “Explorer Expo” passes lock you out of a lot of sessions!). I got to see Veracode’s co-founder Chris Wysopal address a crowded four-sided box in the middle of the expo floor. Before he started speaking I worried that the session wouldn’t attract much attention since it was barely separated from the sea of booths in the hall, but surely enough the box was packed standing room only and Chris’ presentation moved forward with a full audience. It’s always great to see a client’s expertise and respect from his peers so clearly validated at events like this!

Alexi Foster, account associateIMG_2907
The highlight of RSA for me this year was the closing keynote, an interview with Alec Baldwin and Hugh Thompson, RSA’s program chair. They spoke about the cultural implications of a hack, mentioning the Sony hack in particular. It was interesting to hear Baldwin discuss how the Sony hack hurt the entertainment business through more than just preventing box office sales. Now, Hollywood producers might feel afraid to create controversial movies because they fear that those on the opposing side could use “evil forces” on them out of spite. And this idea stretches beyond the entertainment industry- anyone who knows how to hack has the ability to hinder another’s individual expression and creativity through a few lines of malicious code. It’s a scary thought.

Interested in learning more about Highwire PR’s security practice? Email Hi@HighwirePR.com to learn more! See you at RSA 2016.

Beyond Snowden: A New Era of Security Disruption at RSA 2014


Say what you want about Edward Snowden, but the fact of the matter is that his recent leak of NSA secrets has brought cybersecurity to the forefront of national conversation. This year, conversations regarding privacy were constant at RSA, to no surprise. In 10 years, when we’re commuting to RSA 2024 via hoverboard, we’ll look back and remember RSA 2014 as the year cybersecurity and privacy discussions left the hacker forums and leaped to the front pages of the Wall Street Journal and New York Times.

Despite the controversial buzz surrounding Snowden, whose mystery is only exceeded by his power, the polarizing whistleblower and current Russian resident still played second fiddle to the central themes at RSA 2014: continuous disruption and the recent flock of investors targeting cybersecurity start-ups.

From the industry’s first bot killer to an evolved look at geopolitical nation-state cyber attacks, the innovation and research to emerge from the industry this year signaled a changing of the guard that was hard to ignore at RSA 2014. Several members of the Highwire PR security practice were on site this year to rep our growing security practice and learn more. See their highlights below:


Nicole Plati, Senior Account Executive
At RSA 2014, we were reminded just how dynamic and rapidly accelerating the cybersecurity sector is. You could feel it in the air: this was the biggest RSA ever. One of the messages heard over and over again at RSA was clear: if the industry fails to develop disruptive new technologies and defense mechanisms, out-of-date solutions will become obsolete as soon as they are put into place due to hackers that simply work harder, better, faster (stronger?). At this year’s show, Highwire client Trustwave reminded us that we are officially in an arms race between cyber criminals and IT professionals, and without the latest and greatest technology, IT professionals will constantly be playing catch up.

Megan Grasty, Account Executive
Cybersecurity is by definition a constant war between the good and evil. This year, my favorite keynote was from HP’s SVP and General Manager, Enterprise Security Products, Art Gilliland, who taught us if we want to succeed, we need to “think like a bad guy.” Tying in a Star Wars theme (unfortunately, no lightsabers were broken out), Art reminded us that the bad guys usually had the cooler weapons, but it’s up to all of us to use the force and build our own cool weapons that focus not only on breach prevention, but on the full cycle of an attack.

Natalie Mendes, Account Associate
When I tell friends I represent enterprise security companies, most people’s eyes tend to glaze over. However, if we’ve learned anything from the cyber events of this year, it is that cyber security may just have the largest impact on consumers of any other sector. From Snowden’s NSA revelations, to Apple OS vulnerabilities, and yes, even the Mt. Gox exchange hack, cybersecurity has never been closer to the everyman. It was with this perspective that I attended RSA, realizing that the greatest vulnerabilities and threats in the cyber world are being rooted out and stopped by the companies in attendance at the conference. In fact, at RSA this year, security companies uncovered threats exposing the confidential information of consumers such as the iOS key logging flaw discovered by FireEye and Bitcoin-stealing botnet exposed by Trustwave. If there is one industry that should excite and interest every person it is security, and RSA is a conference that brought that fact to life.