01 August 2019

Getting Ready for Black Hat and DEF CON by Building Trust: Join Us!

Monica Armand

It’s just about time for the security world to head to Las Vegas next week for Black Hat, BSides Las Vegas, and DEF CON 27 to share stories, network with peers, and talk about new ideas presented by the best security talent in the world. While these conferences may differ in the makeup of attendees and also in the likelihood of needing a burner phone, all three conferences recognize the need to work collaboratively in order to improve the security of the digital world.

The recent barrage of security headlines, including the record-breaking penalties, fines, and breaches will likely dominate the conversations, panels, and themes we see addressed during Black Hat and DEF CON in Vegas next week. One example is a big headline we’ve all seen in the news just this past week. A hacker breached the personal information of 100 million Capital One credit-card customers and applicants in the U.S. and six million in Canada, making it one of the most damaging consumer data breaches in the U.S. With headlines like these filling the news cycle, it makes it difficult for ethical hackers and organization to build trust in their brand.

Synack has the unique opportunity to sit between two worlds of ethical hackers and enterprise and government organizations. The common goal is making the world a safer place and the common language they share is – TRUST.

At Synack we take pride in our elite Synack Red Team (SRT), hand picked for both their strong technical skills and trustworthiness. Synack SRT researchers must pass through a rigorous five stage vetting process, the most stringent combination of screening, interviews, skills testing, and vetting in the industry. Our vetting is more rigorous than even most employee screenings conducted by corporations. Synack’s vetting process eliminates the majority of applicants with less than 12% making it to the final onboarding stage and being confirmed as Synack Red Team members. Our unique approach also provides additional safety assurances such as a customer portal that provides visibility and transparency throughout the engagement and lifecycle of a vulnerability, control of the pace and cadence of research traffic with the ability to pause the engagement instantly for any reason, and a customizable researcher talent pool with the ability for resource customization on a per assessment basis through tailored grouping features and a specialized researcher requirements intake process.

Recent court documents on the Capital One breach indicate that a poorly configured firewall led to the breach. Over 100 million people have been unnecessarily violated once again for something proper security hygiene with continuous security testing could have discovered earlier. The earlier that security testing takes place in the SDLC, the shorter the lifetime of a vulnerability will be, which is why it’s important to adopt a continuous security approach and integrate into your DevOps. By integrating security as part of your development lifestyle and combining human intelligence with artificial intelligence you get the most realistic and practical assessment of your security landscape 24/7/365.

Trust is a central tenet of Synack’s brand and a leading consideration for us not only as we developed our vetting process for the Synack Red Team, but also as we built the Synack Platform with technology controls for the mutual protection of both our customers and our researchers. Trust needs to be considered on all fronts when it comes to cybersecurity. Ryan Rutan, Director of Synack Red Team Community, and Punky Witt, Director of Product Marketing, talked about why ethical hackers and enterprise companies need to prioritize trust and why it should be a key pillar to building their brands on our Trust Series podcast. I encourage you to listen to this new episode of our podcast to learn more about:

  • What trust looks like and why it’s important for ethical hackers and companies to build trust in their brands
  • How Synack builds trust in a two-sided marketplace
  • How hackers can use existing brands as a model when building their individual brands as trusted ethical hackers

This podcast is a great listen as you pack and prepare for Black Hat, BSides, and DEF CON next week!

We’d love to talk more with you about ‘Trust’ in person next week if you’re headed to Vegas. We have an action-packed lineup of events throughout the week, spanning all conferences, and we hope to see you there!:

  • Visit the Synack Suite at the Delano for real honest conversations:
    • CISO Panel Session Wednesday, August 7th at 12:30 PM: Learn the F500’s secret to nailing Crowdsourced Security. Get the real scoop on what was easy and what was hard deploying AI augmented crowdsourcing at scale. No vendor intervention – just real talk among peers.
    • Women’s Brunch Wednesday at 10:00 AM: Join your fellow courageous women security leaders at Black Hat for a champagne brunch in the Delano Suite as we celebrate and encourage each other in boldness and innovative thinking in our workplaces. Media Sponsor: CyberWire
    • Veteran’s Happy Hour Wednesday at 5:30 PM: Take a moment out of your schedule to celebrate our Veterans, Government, and Security Professionals! Rita Gass, CIO for California Secretary of State, will give opening remarks at the event.
  • Stop by Starbucks at Mandalay Bay to get a free drink “Secured by Synack” on Wednesday or Thursday 7am – noon.  Or come relax with a furry friend from HOPE Animal-Assisted Crisis Response and a donut at the Synack Comfort Station at Booth 2130 on the show floor.

At any time, come by for a product demo and conversation to learn how to improve the ROI on your security investment!

More from Synack during Black Hat and DEF CON:

  • Join Synack as we save the world in our signature adrenaline-fueled activity. This year, Synack is taking over Apocalypse Las Vegas, where Special Operations veterans will arm us and lead us through an epic mission. Don’t miss your chance to save the world from Zombies.
  • If you’re 8-16, join us at r00tz Asylum at DEF CON to level up your hacking skills with security experts from Synack and Point3. All levels welcome for our fun, hands-on challenges!
  • Join the conversation between US Government Leaders and the private sector at DEFCON’s Voting Village for a thoughtful discussion on how we can work together to protect our democracy. Panelists include CISA Regional Director Alex Joves; California Secretary of State CIO Rita Gass; Nevada Secretary of State Deputy Secretary Wayne Thorley; Colorado Secretary of State CIO Trevor Timmons; Microsoft Research Senior Cryptographer Josh Benaloh; Cloudflare Head of Policy Alissa Starzak; and Synack Co-Founder & CEO Jay Kaplan. The panel will be moderated by Washington Post reporter and election security expert Joseph Marks.
  • Are you an SRT member in town for DEF CON? Beat the heat and enter the SRT Mobile Chill Zone! This mobile van will be stocked with cool water, icy drinks and snacks. Tweet to @SynackRedTeam with #MobileChillZone ride requests. We’ll roam around all four DEF CON venues to transport you in comfort.
  • Are you a System’s Integrator wondering how crowdsourced security can make your job easier? Learn from Domino’s and Santander CISOs as they talk about current industry challenges, benefits of fully integrating their services with Synack’s offerings, and how their partnership with Synack has helped them solve major security challenges and live out their brand promise to their customers.

RSVP for any or all of the events here. See you in Vegas!