Commentary from the Dow Jones Cybersecurity Newsletter

Like thousands of other cybersecurity professionals this week, I made the annual pilgrimage to Las Vegas for the Black Hat cybersecurity conference. The presentations provide a snapshot of the problems we face in protecting data: unidentified or perhaps even unquantifiable risk, insecure hardware, software vulnerabilities, sophisticated adversaries, and myriad reasons not to trust anything connected to the internet.
Presenters have been beating the same drums since the dawn of the web and the first Black Hat conference way back in 1997. The technologies have changed (the Internet of Things, mobile as we know it now and the cloud were not around back then), but the issues have not. The founders of Black Hat could never have known that their hacker get-together would turn into a multi-million dollar annual event attracting 15,000 attendees, provide dozens of training courses and expand into Europe, the Middle East and Asia.
The conference also highlights some of the industry’s biggest problems: the vendor hall is full of promises to fix security that cannot be fulfilled; diversity in general is poor and women in particular continue to be under-represented, both on-stage and in the audience; and the cost of solutions and a shortage of skilled professionals conspire to hamper improved cybersecurity.
Black Hat briefings also serve to remind me of one more thing: those who understand and practice security are not always the most appropriate people to present its importance and potential impact. This is especially true when considering how cybersecurity is reported to senior executives or the board. A spot of comms training for some of us would not go amiss to ensure the message is not lost in the delivery.

**This article was originally published as part of the Dow Jones Cybersecurity Newsletter, a weekly digest of news with commentary and analysis. Sign up for free at http://eepurl.com/b2BOdT**