Skip to content

How Black Hat 2022 Dropped 6 IRM Hints


Any show preceded with a timely disclaimer like Henry Hernandez’s 8 Tips to Stay Safe During Black Hat 2022 is unlikely to disappoint. After reading the article, I was (as always) tempted to shut off my phone for the entirety of the event, but fear and being around innovative cutting-edge security solutions don’t mix well. The point of Black Hat is to defeat that fear in the first place so “power off” was not an option. Neither was VPN for that matter, but I digress. 

Like every other vendor solving niche use cases for their customers, my curiosity was on the Insider Risk Management (IRM) space. In the noise and chaos that usually comes with these shows, I was looking for those subtle hints that tell us enough about where the market is going, what customers are dealing with and the approaches they are taking towards a solution path. Much like we saw at the recent Gartner Security & Risk Summit 2022, IRM (or the problems it solves) began to emerge in various sessions, discussions and the tradeshow floor. Here are the 6 that stood out to me. 

  1. Managing risk starts yesterday – In the opening keynote, Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (and a 2021 Insider Risk Summit Keynote speaker), painted a somewhat bleak picture of the future, but reminded security practitioners of their role in calming those unstable waters. He urged leaders to think of security as a boardroom issue, one that must be planned alongside other stakeholders beyond the next 2 quarters. He also touched on the need for security guidance based on “compassion” and the need for transparent communication. IRM anyone? 
  2. Risk reduction vs risk eradication – Let’s get the obvious out of the way – risk eradication does not exist. Kyle Tobener’s Harm Reduction: A Framework for Effective & Compassionate Security Guidance hit a lot of notes for me. It was in many ways the playbook for “IRM done right.” By correlating the effects of a “don’t do that” mantra across healthcare and law enforcement practices, Kyle demonstrated that it was about shaping behaviors rather than trying to control them. Applying harm reduction to cybersecurity risks may seem like a far stretch, but organizations are investing in security awareness and education (SEA) with these very outcomes in mind. 
  3. History (context) matters – Security practitioners are still struggling from the lack of clear context regarding major cyber incidents. Unless this trend changes, organizations will continue building a strategy and future with very little context to build from. You’ve heard me rant about how “context matters” in how IRM differs from data loss prevention (DLP) for example. Whether you call it history or context, there is something to learn that must be applied toward future strategies. 
  4. Apple security – We all love our Macs, right? There is an element of security perception that comes with a Mac that doesn’t come with a PC. One session provided a different view of exposing a process-injection attack that allowed it to bypass all security layers! DLP & MACs haven’t exactly had the happiest of marriages and that trend isn’t about to change anytime soon. IRM solution providers must provide data security platforms that seamlessly cover Mac, Windows and Linux. 
  5. Tradeshow floor – Yes, Code42 was there along with other IRM solution providers. If you’re like me, the tradeshow floors are great indicators of how companies are messaging, positioning, demoing and even speaking to security challenges. Remote/Hybrid work, Compliance, Departing Employees, IP, Collaboration, Security Awareness and almost every other IRM element was in some way represented. Non-traditional IRM solution providers sense the market pain and were just as much a part of the action. 
  6. DLP re-emerges as… DLP – Try as it might, DLP is playing some serious catch-up to get with the program in my opinion. A session led by Digital Guardian (now part of HelpSystems) acknowledged how DLP has been ineffective at classification, blocked productivity and lacked Mac Support. You will recall that Code42 was onto this 3 years ago and what emerged is today called Insider Risk Management. 

Black Hat never ceases to surprise me. I hope the spirit of the show, along with its frank and non-corporate tone stay intact for a long time. After all, if you don’t have a show that allows you to speak your mind and vent what you need, how does innovation happen? Code42 will continue to listen and incorporate those learnings into IRM. See you at Black Hat 2023! 

You might also like: