Black Hat's Network Operations Center: A Hub for Rivals to Unite Against Cyber Threats
Deep within the Mandalay Bay hotel in Las Vegas, a quiet meeting room transforms into a bustling hub of activity during Black Hat security conference. This is where the network operations center (NOC) comes alive, a team of volunteers frantically working to identify and mitigate potential cyber threats that could compromise the entire event.
At the helm of this operation is Neil "Grifter" Wyler, Vice President of Defensive Services at Coalfire, who has been leading the NOC for nearly two decades. His day job may be in defensive services, but Grifter's passion lies in keeping Black Hat attendees and staff safe from cyber threats.
Volunteers work in shifts, often for five or six hours at a time, with breaks to attend training sessions, briefings, or simply rest in the on-site napping area. The NOC is built on top of the hotel's own network operations center, which is separate due to the demands of a conference like Black Hat and the security-conscious nature of attendees.
"It allows us to do mitigation if we see an attack, if there's something that's going on that could be detrimental to the stability of the network or the security of the attendees," Grifter explains. "We can't open up a ticket and wait 90 minutes for somebody from the hotel to come by and ask us what's wrong. We have to handle it immediately."
The NOC team has dealt with their fair share of malicious activity during Black Hat, from students attempting to hack into each other's systems during training sessions to attendees using exploits to test the limits of security tools.
"If you're on your network and you're looking for a malicious actor, you're looking for a needle in a haystack," Grifter says. "We're looking for a needle in a needle stack." The team's task is made even more challenging by the sheer number of devices connected to the network, making it a daunting task to identify potential threats.
Despite the challenges, the NOC team remains vigilant, working closely with vendors and rival hotel chains to stay one step ahead of cyber threats. This year, Palo Alto and Cisco representatives were spotted working together to resolve network issues, a testament to the collaborative spirit of the Black Hat community.
Vendors donate their hardware and expertise to support the NOC, with strict selection criteria ensuring that only the best tools make it into the operation. The team also develops its own code, including a new network visualization screen designed to make it easier to spot problematic network traffic.
"We put a lot of work into it, it's a lot of work," Grifter says. "But it is fulfilling enough that we keep doing it, and so much so that all of these folks take time off just to be a part of it."
For the 100+ staff members who volunteer their time to support the NOC, it's not just about fixing technical issues – it's also about learning from each other and staying up-to-date with the latest security threats.
"We have been made offers by vendors 'Hey, we'll cut you a check. How much will it cost?' We say: 'Why don't you take that money, invest it in your product, make it better, and maybe we'll choose it next time,'" Grifter recalls. "It's not just about throwing money at the problem; it's about creating a better security solution."
The Black Hat NOC is more than just a technical operation – it's a symbol of collaboration and community among security professionals. By working together, they can stay one step ahead of cyber threats and keep attendees safe during the conference.