This past week was easily one of the most compact and dense information security experiences to be had within the continental U.S. Inside of a short five days, a large chunk of the world’s active security practitioners (from researchers to hackers to sales people and federal agents) descended upon Sin City to attend the one of three (if not all three!) information security conferences including: Black Hat Briefings, DEFCON and BSides LV.
Ironically, I have been attending the Black Hat Briefings since 1998, as well as DEFCON since 1997. 
This year, Black Hat celebrated its 15th anniversary and DEFCON had its 20 year celebration of chaos and technical mayhem. While many elements of hacker ethos remain within these various events, the experience has matured nearly as much as its attendees have.
Matured may be too strong a word – perhaps aged is more accurate as many of the attendees have significantly more while hair (I am a victim of this) than they did in the late 90’s!
Purely from an outsiders perspective, the events carried the flavor of a more commercially viable event. With that in mind, I found the number of vendor sponsorships interesting.
BlackHat: An event that was historically considered too risqué for mainstream security companies was subsidized by Accuvant LABS, Palo Alto, Lookingglass Cyber Solutions and RSA…and the list goes on and on.
DEFCON: If Black Hat was considered a risqué event, DEFCON was the redheaded stepchild turned burlesque dancer who you simply didn’t discuss in polite company. Having survived 15 of them, I fully understand the prejudice… 
However, the sponsorship images really speak for themselves: Facebook, Zynga, IOActive, McAfee, Netwitness. Many security players have subtly (and quite tastefully) found their way into an otherwise vendor-agnostic scene.
Regardless, the sense of playful hacking and independent research still remains within the culture – but there are some generational distinctions that need to be made.
Check out some of the talks given at DEFCON 5 and note the speakers. For those who weren’t living the hacker lifestyle circa mid-90s, it’s worth following two hacker handles (pseudonyms) listed as speakers:
Dark Tangent & Mudge
At the time, these gentlemen were well known hackers within the subculture. We now know Dark Tangent as Jeff Moss – the founder of Black Hat, a member of the Homeland Security Advisory Council and the CSO of ICANN.
Mudge was a founder of the L0pht, a Boston based hacker think tank that was acquired by @Stake, and later by Symantec. Presently, he is better known as Peiter Zatko, an esteemed DARPA program manager running various cyber-security initiatives.
Both Black Hat and DEFCON morphed from hackers discussing the latest methods of compromising various systems and the TCP/IP Drinking Game to General Keith Alexander Commander of USCYBERCOM as a keynote speaker and NSA Whistleblower William Binney participation on a panel with James Bamford and members of the ACLU in the same venue later the same day. With even further irony, the NSA was sharing vendor booth space approximately 8 ft away from the TOOOL lock-picking booth.
It would appear that as an industry, due to funding and “maturity” of the participants – the information security profession has moved out of its untamed teenage years and into some form of marginally professional adulthood. We have seen the various security technologies and services become rapidly commoditized, and Cyber Threat Intelligence is paving the way for both attack and defense within future 5th Domain (Cyber) operations. What remains to be seen is whether the balance of fun, games and technical mastery can remain undiluted as the influx of industry and cultural newbies expands each year.
As the Chinese proverb (ahem…curse) says, “May you live in interesting times.” We certainly do. Where we once had a hacker culture of subversion, we now have mainstream nationstate-grade cloak and dagger operations. It would appear that we’ve entered an industrial “wilderness of mirrors,” I for one am happy to participate.
As this year’s events came to a close and I was exiting the Glitter Gulch, I passed one last fine Las Vegas institution. 
Considering that one of the longest running DEFCON slogans is “Happy Hacking,” I felt the zombie theme a fitting end to the 15th Black Hat and 20th DEFCON anniversaries.
The post The Graying of Black Hat, DEFCON and InfoSec Industry appeared first on Techsource.