August 2, 2007

Today it rained in Vegas. It’s a little cloudy (or crowdy) here at Black Hat, too. It started with the keynote speech by Richard Clarke, the former Clinton-Bush counter-terrorism appointee. Three years ago he appeared at this conference and told us that the government was going to take care of all our security problems. He had written a report, you see. Now that he’s in the privatre sector, it’s another story. Watch out for the intrusive government abusing power in the name of security.

I went to a couple of sessions on VOiP, because we see this as a growth area for many of our bank clients. There was lots of information about weaknesses in various IP based phone systems and how to exploit them. There are lots of vulnerabilities in VOiP systems and they need to be considered if your clients add this service to their networks. VOiP can be as vulnerable as e-mail.

The problem with many of the seminars is that, after acquiring the key speakers position and spending thousands on getting information and a presentation together, the presenting companies managed to find a speaker that COULDN”T SPEAK INTELLIGABLE ENGLISH! Well, to be honest, he spoke English with a really thick brogue, that rendered the content unintelligible. To paraphrase, “If it’s Scottish, it’s crap”. How can a company allow all this work to be mangled like this is beyond me. At least the slides were informative.

While we’re on the subject, all the presentations contained two features:

1. Huge, low res. projections of screen shots, along with…

2. The phrase “I know this is hard to read”.

For chrissakes, use a readable font, or don’t show 40 lines of illegible text. The point of visuals is to hit the high points, not to anesthetize the audience.

There are just about 4,000 attendees this year. Cesar’s Palace did its typically good job of providing the space, food and drink for the attendees. Serving lunch for 3,500 has to be seen to be believed, like some surreal science fiction movie. The crowd represented a 20% increase over last year and stressed the facility to the max. Negotiating the halls during breaks and between sessions felt like third class on the Titanic an hour after the iceberg. I wonder just how much bigger this can get and still stay true to its origins and this facility. Serving coffee and food during this onslaught is like trying to sandbag against Katrina, but Cesar’s staff prevailed.

The crowd necessitated a change in menus and, in the interest of fair reporting, I should tell you that lunches and the welcome dinner were a cut below those carefree years when xxx held sway. Example: No carving stations at the dinner, no choice of entrees at lunch. Good, just not as personal as it was. The penalty of growth.

In the afternoon, I attended the “Meet the VCs” session. The four member panel displayed the new, “kinder and gentler” VC format. According to the panelists, VCs are now looking for longer term exits (4-6 years), strong, flexible management teams and a fairly well developed product or service. There was a refreshing lack of arrogance, no doubt washed away by the Y2K Internet crash. The panel seemed to be more concerned with making a fair deal with founding management, filling in the management gaps and working with the founders to develop and market the core technology successfully. If it’s true, that’s good news for entrepreneurs, investors and customers alike.