Black Hat MEA 2024: notes from my first big conference
I just got back from Saudi Arabia after my first-ever security conference: Black Hat Middle East & Africa, November 24-26 in Malham, north of Riyadh. North African roots and global security peers in one room, 2 birds 1 rock (yes, I know).
I went with Eric Fletcher, an old friend, which made the 67km, 90-min shuttle back from the venue every evening tolerable.
Three things I’ll take into every conference from now on:
Pace yourself or lose
250+ hours of content, 45,000 attendees, 450+ exhibitors. There’s no completing it. By day 3 I gave up on talks and just walked the floor talking to people, and that’s where the actual value was. Next time: 4 or 5 keynotes max per day, the rest is hallway conversations.
Logistics: the two halls are far apart and crowd-control scans between them are slow. Back-to-back sessions across halls aren’t realistic. Print your pass at home.
Talks are a coin flip
Some were sharp; others read slides at me. The takeaway is liberating: you don’t need to be polished to give a talk that lands. You just need to know what you’re actually talking about. Filed under “things that make me want to submit for 2025.”
Speakers worth tracking down on YouTube:
- Gary Hayslip: practical CISO stuff. His CISO Desk Reference Guide Executive Primer is worth it if your leadership doesn’t know what to do with the role.
- Yassir Aboussellham: security enablement done well. Made me actually want the CISO seat.
- Caitlin Sarian (Cybersecuritygirl): using social media to make awareness training not suck. Her Instagram reels reframed how I think about awareness completely.
- Daniel Miessler: missed both his talks due to jet lag. Big regret; waiting for the YouTube upload.
The one line worth the trip
Wojtek Swiatek, CISO at Dassault, in passing:
Be wary of vendors downplaying alerts as “glitches.” Push for answers. You may catch a 0-day attack.
That’s it. That’s the post. Add it to your incident response runbook today.
A few other things briefly worth mentioning: self-driving cars get fooled by stickers on Stop signs (Ram Shankar’s book is now on my list); DNS threat intel and logs remain massively underused for early detection (tools like Infoblox Threat Defense caught my eye); EDR + SIEM + SOAR are still the trinity for most teams; and Saudi hospitality is the real deal. The day after the conference I caught Cristiano Ronaldo and Sadio Mané at Al Awwal Park. The PFL MENA final next door was sold out, so the MMA fan in me will have to wait.
The most unexpected bonus: telling people I was going activated parts of my network I didn’t know existed. Friends-of-friends turned out to be serious security people I’d never have met otherwise. Worth telling everyone you’re going, well in advance.
See you in 2025, hopefully as a speaker.