Black Hat Middle East & Africa (MEA) 2024: My First Cybersecurity Conference
I just came back from Saudi Arabia, where I attended my first-ever security conference: Black Hat Middle East & Africa (MEA) 2024. For someone with North African roots, this was a 2 birds 1 rock opportunity, I got a chance to reconnect with the MENA region while meeting security professionals from across the globe.
The conference was held in Malham, north of Riyadh, from November 24–26, 2024. A shuttle bus ran all day to ferry attendees between the two cities (67 km). While Riyadh’s traffic made the return trips long (about 90 mins), traveling with my long-time friend, Eric Fletcher, made the ride much more bearable.
The venue was impressive, with two massive halls: Hall 1 for vendors ($$$) and Hall 2 for the CTF competition ($). Here’s a breakdown of my key takeaways:
Conference Challenges and Lessons Learned
- Pace Yourself: Conferences can be overwhelming. With over 250 hours of content, 45,000 attendees, and 450+ exhibitors, it’s impossible to do it all. My advice? Focus on what interests you the most and avoid cramming your schedule.
- Logistics Can Be Tough: The halls were far apart, and unless you’re prepared to sprint between them, back-to-back sessions aren’t practical. Plan accordingly.
- Crowd Control Hassles: While data and analytics are crucial, the constant crowd control scans were annoying… It’s something to be aware of. Get your pass printed.
- Timing is Everything: Some schedule changes meant I missed talks I was excited about. Arrive early to avoid surprises and secure your spot.
- Arrive Early, Stay Late: If possible, come a couple of days before the event to adjust to jet lag. It makes all the difference, especially if you’re traveling long distances.
- Prioritize Networking Over Talks: On days 1 and 2, I focused on attending sessions. By day 3, I switched gears and focused on meeting people—and it was a game-changer. Exchanging ideas with peers was the most valuable part of the experience. For the next conference, I’ll attend no more than 4–5 keynotes a day and spend more time connecting.
Talk Highlights
- Talks Quality Varied: Some talks were amazing, while others suffered from poor delivery (e.g., bad slides, reading from slides). Made me realize you don’t need to be perfect to present, just have an interesting topic and be authentic.
- Notable Presenters:
- Gary Hayslip: If your leadership struggles to understand the CISO role, his CISO Desk Reference Guide Executive Primer: The Executive’s Guide to Security Programs book can help.
- Yassir Aboussellham: His session on security enablement challenges was inspiring and reignited my ambition to one day become a CISO.
- Daniel Miessler: Unfortunately, I missed his talks due to jet lag and lack of sleep. His participation was one of the main reasons I attended, so I’m eagerly awaiting the keynote’s release on YouTube.
- Caitlin Sarian aka Cybersecuritygirl: Her talk on using social media to raise cybersecurity awareness changed my perspective on the topic. Her Instagram reels have me considering how to replace traditional, boring security awareness training (looking at you, KnowBe4).
- MISC:
- Still the 3 essential security tools for many: EDR, SIEM, and SOAR. (How did I miss Cisco acquiring Splunk?)
- Self-driving cars can be fooled by stickers on Stop signs — a fascinating concept described by Ram Shankar that sparked a lot of discussion around AI and security.
- DNS threat intelligence and logs are invaluable for threat hunting and early detections. Tools like Infoblox Threat Defense stood out, though they’re not a one-size-fits-all solution.
- Wojtek Swiatek, Dassault’s CISO shared a lesson learned to add to your Incident Response Ten Commandments: Be wary of vendors downplaying alerts as “glitches.” Push for answers, you may catch a 0-day attack…
Bonuses
-
Unexpected Bonus: Saudi Arabia is becoming an international sports hub. After the conference, I watched the Al Nassr soccer game at Al Awwal Park Stadium, featuring Cristiano Ronaldo and Sadio Mane. Right across the street, the King Saud University Stadium hosted the Professional Fighters League (PFL) MENA final. Riyadhis enjoy a city that consistently hosts world-class events across tech, sports, and entertainment.
-
The friends of my friends are…: You may have friends that you don’t know! Sharing that I was attending this conference activated parts of my professional network I didn’t realize existed. Through casual introductions, I discovered that friends of (“non-security”) friends are incredibly talented security professionals with impressive backgrounds.
-
Expected Bonus: Saudi hospitality lived up to its reputation. Everywhere I went, people were incredibly friendly and welcoming.
Final Thoughts
I’ll be happy to come again at Black Hat MEA 2025, hopefully as a speaker this time. Despite missing a few sessions, ROI (including the fun) was there.