Takeaways from Black Hat USA 2023 | Foley & Lardner LLP | Louis Lehot

Author(s): Lyman Thai, Louis Lehot, Andre Thiollier

Louis Lehot
3 min readAug 21, 2023

Foley & Lardner LLP ventured into the searing 104-degree heat of Las Vegas this August to co-sponsor a breakfast gathering at the Black Hat USA 2023 conference, attended by founders, CISOs, and investors. Many thanks to our nearly 200 guests, co-hosts First Rays Venture Partners, StageOne Ventures and Mantis Venture Capital, and LAGO at the Bellagio for an incredible event. Although the devices were locked down, the camaraderie and conversations were free-flowing. Here is what we learned:

Still Early Days for Cybersecurity

With attendees flying in from all over the world and all kinds of industries, not only software, but also agriculture, energy, manufacturing, and transportation, we were constantly reminded in our conversations that the most prominent cybersecurity companies are still addressing only a mere portion of the threat landscape. As products become increasingly networked and interconnected, and software is built to manage onboard processes, track physical assets, and manage fleets, CISOs in these industries are keenly aware of current and emerging cyber threats and in search of security solutions tailored for their industries. Founders and investors would do well to take note.

Generative AI — Game Changed?

Consistent with what we saw at the RSA conference in May in San Francisco, many investors continue to take a wait-and-see approach to funding generative AI-based companies in the cybersecurity sector. With the commoditization of generative AI technology, some of the best new ideas that may represent the entire basis of a startup’s product can swiftly become a feature of an established player’s offering, forcing the startup to pivot. So-called “picks and shovels” companies, which work on solutions to enable other companies to integrate and use generative AI in their businesses, while staying above the fray and being indifferent to winners and losers, remain the more attractive investment opportunity for the time being.

Standardization Across Solutions

Echoing a theme we identified earlier this year at the RSA conference, Black Hat event attendees buzzed about standardization and interoperability across cybersecurity tools to eliminate security silos. Underpinning the discussions was the announcement at the Black Hat conference by Splunk of the general availability of the Open Cybersecurity Schema Framework (OCSF), a year-old industry-wide open-source collaborative project to standardize data formats across tools. With hundreds of industry leaders adding their support to the standard in the year since its launch, the OCSF marks an impressive industry- and community-led leap forward in addressing one of the major pain points of CISOs and cybersecurity teams — needing to process and normalize a firehose of security data before it can be used in up to hundreds of disparate tools.



Louis Lehot

Louis Lehot is a partner and business lawyer with Foley & Lardner LLP, based in the firm’s Silicon Valley office. Follow on Twitter @lehotlouis