Are you getting ready for the upcoming Black Hat USA 2024 event, an
internationally recognized cybersecurity event providing the most
technical and relevant information security research, now in its 27th
year. The
event is quickly approaching, taking place August 3-8, 2024, returning
to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day
program.
Ahead of the show, VMblog received an exclusive interview with Jeffrey Wheatman, SVP, Cyber Risk Evangelist at
Black Kite, a leader in third-party cyber risk intelligence. Make sure to add them to your MUST SEE list.
VMblog:
Before we get into it, can you give us a quick overview of the company? What
should folks know?
Jeffrey Wheatman: Black Kite is transforming third-party risk
management (TPRM) with the industry's most accurate, actionable, comprehensive
cyber third-party risk intelligence platform. Addressing a critical security
gap, it simplifies the quantification and monitoring of cyber risk across
numerous third parties without invasive measures. Offering insights from
technical, financial, and compliance angles, Black Kite eliminates false
positives, ensuring a comprehensive vendor risk management strategy.
Black Kite offers complete visibility across
the digital supply chain, easing manual burdens with its automated, continuous
monitoring platform. Unlike legacy vendors' arbitrary scoring, Black Kite
provides transparent, accurate threat intelligence. Leveraging over 1,000 OSINT
resources, it delivers multidimensional insights aligned with industry
standards like MITRE and FAIR. And it assesses compliance with regulations like
CMMC, GDPR, PCI-DSS, and HIPAA, ensuring precise compliance ratings.
VMblog:
Black Hat is known for its energetic and interactive booths. What unique
experiences or demonstrations do you have planned to engage attendees at your
booth? Will you be giving away any interesting tchotchkes?
Wheatman: Black Kite is all about showing you where to
find the most critical risk factors in your supply chain, and we've found a fun
way to illustrate this concept at our booth this year. We're bringing in a
Wack-a-Mole game - calling it "Wack-a-Risk" - to demonstrate how difficult it
can be to simply respond to risk when you don't have data about where it is
coming from. Plus, we think it will be fun for Black Hat attendees to get out
some of their conference stress.
VMblog:
Is this your first time sponsoring Black Hat? If not, how many times have you
sponsored before? And what keeps you coming back?
Wheatman: This is our second year sponsoring Black Hat.
We returned this year because we find it important to be involved in
conversations with customers and industry leaders at the show about the
problems that need to be solved. We are also actively involved in research and
find it valuable to bring those results to share with the community.
Collaboration and information exchange are important for growth and innovation
in the industry, and we find consistent value with both at Black Hat.
VMblog:
What is your message to Black Hat attendees coming out to the show this year?
If they take back one message about your company, what should it be?
Wheatman: We know managing cyber ecosystem risk can be
stressful. It is constantly evolving and the threats never stop. Companies need
a partner that can illuminate the weak spots so they can act quickly to address
those issues and protect their business. At Black Kite, we've automated the
process of providing real-time and accurate risk intelligence so you can make
informed risk decisions and bring cyber resilience to your supply chain. We
focus on accuracy, speed and transparency. We believe these attributes are key
to delivering the best possible information to make informed decisions fast.
VMblog:
Black Hat attendees are known for being security professionals at the forefront
of the industry. What specific challenges do you anticipate they'll be facing,
and how will your solutions help them overcome those challenges?
Wheatman: There are two major challenges we see
customers and prospects facing.
First, it is clear that securing the cyber
supply chain requires collaboration between companies and their
vendors/suppliers. Historically, there has been no effective way for the
multitude of players to engage together, quickly, to mitigate issues when a new
vulnerability is discovered. Instead, a company faces the cumbersome process of
reaching out to individual vendors to determine first if they are impacted and
how they are responding to the issue. Responses are tracked manually and often
take days, weeks or longer to track down, and meanwhile, companies are left in
the dark without a clear picture of risk.
The second major challenge is the need for
continuous monitoring. Cyber ecosystems are dynamic, and point-in-time
snapshots of supply chain risk have little value in the modern connected IT
environments. Companies are consistently updating software, altering
configurations, and adopting new apps and technologies, all of which can
introduce new vulnerabilities and alter an organization's risk profile.
Companies need real-time insight into company and supply chain risk in order to
understand overall risk, rapidly detect threats and proactively mitigate issues
before they can be exploited.
VMblog:
The market is a crowded space. What is it about your company and technology
that sets you apart from the competition? What are your differentiators?
Wheatman: Traditional TPRM methods rely on
questionnaires, lack standardization and produce qualitative, not quantitative,
data. These outdated approaches yield arbitrary risk scores not grounded in
factual standards. This is why many organizations are unhappy with the results.
Unlike legacy vendors that use arbitrary scoring systems, Black Kite delivers
the highest quality data and threat intelligence. In fact, in a recent market
evaluation from Forrester, it was the only cyber risk ratings provider whose
customers were unanimously satisfied with its rating accuracy.
Also, as digital connections increase,
companies must manage not only their security but also that of interconnected
parties. In today's dynamic threat landscape, Black Kite enables continuous
risk monitoring and mitigation, surpassing the limitations of legacy vendors.
Built from a hacker's perspective, Black Kite fills a fundamental security gap
by making it simple for businesses to non-invasively quantify and monitor cyber
risk across thousands of third parties. It is also the first in the industry to
combine Nth-Party and high-profile cyber risk intelligence, including cascading
and concentration risk (for instance, based on how many third parties those
vendors rely on or specific products/services/geographic regions in the supply
chains), so organizations can anticipate and mitigate security incidents in
their supply chains.
Black Kite also offers the industry's first
cyber-aware AI engine designed for cybersecurity compliance automation - Black
Kite Parser 2.0. With this game-changing, patent-pending technology,
organizations can easily measure the compliance level of any company based on a
host of industry regulations and standards, substantially simplifying
third-party risk efforts. Customers also have the ability to automate
assessments and check compliance levels based on customized compliance
frameworks, by cyber-aware AI mapping to standardized controls. While other
vendors are white-labeling existing AI models, Black Kite Parser was built and
trained in-house by Black Kite's cybersecurity research and development team.
They invested heavily in manual tuning, focusing on data creation and labeling
to ensure high accuracy and performance.
VMblog:
Looking ahead, what excites you most about the future of cybersecurity, and how
do you see your company playing a role in shaping it?
Wheatman: At Black Kite, we are excited about how AI is
being used, and will continue to be used, to simplify understanding data to
make better business decisions.
We already offer the industry's first
cyber-aware AI engine designed for cybersecurity compliance automation - Black
Kite Parser 2.0 - built and trained in-house by Black Kite's cybersecurity
research and development team. The tool transforms third-party risk efforts,
saving companies substantial time and effort through automation by parsing,
analyzing and mapping results to all cybersecurity controls within our platform
within minutes to measure third-party compliance.
While our team is already invested heavily in
manual tuning, focusing on data creation and labeling to ensure high accuracy
and performance, we know the security market is constantly evolving which is
exciting because it sparks innovation. We plan to continue to be leaders in
cyber-aware AI solutions for third-party risk to help our customers gain
smarter insights so they can be prepared to take action with more knowledge to
make better business decisions.
VMblog:
Beyond your specific offerings, what valuable cybersecurity knowledge or
insights can you share with Black Hat attendees visiting your booth?
Wheatman: Black Kite's research team BRITE will be on
hand to discuss their findings from our recently published State of Ransomware report and our Third Party
Breach Report, published earlier this year. The ransomware report in particular
takes a deep dive into the constantly shifting world of cybercrime, the key
players, and what companies need to know to protect themselves.
VMblog:
Is your company involved in any parties during the event? How can attendees get
involved?
Wheatman: We host a whiskey tasting in our suite at the
Delano every year. Anyone interested in attending can reach out to our team to
request an invite!
VMblog:
As a show sponsor, do you have any tips for attendees to better prepare for the
conference?
Wheatman: You're paying a lot to be there, so make the
most of it. These conferences can be overwhelming, and if you go into the
exhibit hall without an agenda you aren't going to get much out of it. Map out
the issues your company is facing, take a look at the exhibitor list and then
make a plan for which booths you want to visit. The same thing goes for the
conference sessions. Review the agenda and create a schedule for yourself
beforehand. Finally, reach out to contacts or vendors you know you want to meet
with and set up times to talk. This is a great opportunity to network and meet
in person. Be proactive in your approach and you'll get a lot out of the event.
##