Black Hat insights: JupiterOne’s whodunnit puts CISOs on the trail of solving a devastating breach

By Byron V. Acohido

LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach.

Related: A call to regulate facial recognition

That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.

They qualified, by means of solving a cipher, to attend a unique event put on by JupiterOne, a Morrisville, NC-based supplier of cyber asset visibility technology. On Tuesday evening, these CISOs will head over to a secret location and immerse themselves in The Data Heist, an audience-participation whodunnit starring Sounil Yu, JupiterOne’s Security Ambassador, who is also a CISO and an author, with a supporting cast of professional actors.

The Data Heist’s opening night, if you will, was in Boston a couple of weeks ago. The cybersecurity pros in attendance had a chance to apply their skills in a festive setting – while role-playing as cyber sleuths responding to a catastrophic network breach. The audience members enthusiastically solved ciphers, uncovered hidden clues and collected telling evidence.

“Everyone in Boston was excited to dig in and solve the mystery,” Yu says. “It was a fun way to test everyone’s skills and illustrate the importance of human intuition and teamwork in resolving a crisis.”

Plot thickens

To qualify to participate in the Black Hat show run taking place on August 8th from 6-8PM, CISOs are asked to solve a cipher. Spoiler alert: if you’re a CISO who already made it onto the guest list for Tuesday’s performance here in Las Vegas, or if you’re considering attending a show later this year Seattle, Washington D.C., San Diego or New York City, feel free to skip ahead. For those interested to attend, try your luck at the cipher as there may be a couple spaces still available.

The plot goes something like this: SynthiCorp, a trailblazer in the cyber defense sector, gets breached and loses sensitive customer records as well as crown-jewels software, putting its CISO, Alexander Reed, on the hot seat.

A mysterious cipher and suspicious activity around the firm’s critical cyber assets steer  Reed and his team of investigators to sundry leads. The trail ultimately takes them to the  prime suspects: Louis Alexander, a junior analyst with ties to an underground hacking forum, and Daisy Lawrence, a well-respected lead architect facing financial woes.

While following the forensics trail, the investigators get reminded about the importance of rigorous internal controls and continuous employee monitoring; they must duly consider the wisest course to improve SynthiCorp’s security posture, restore client trust and prevent recurrences.

Critical gaps

I’ve attended my fair share of open-bar bashes and extravagant dinner parties at Black Hat over the years. By comparison, The Data Heist stands out for its originality and its focus on providing a targeted audience of CISOs with an authentic opportunity to engage and share with their peers.


No direct selling gets done and the participating CISOs get to put their hands on an advanced risk-assessment tool, the Cyber Defense Matrix, to help them solve the mystery. This tool was created by Yu and utilizes JupiterOne’s platform to identify, categorize and assign risk scores; the matrix does this swiftly and comprehensively for all software applications, data stores and users. Thus, The Data Heist is a finessed product demo, as well, one that reinforces a fundamental tenant: network security gaps are ubiquitous and will only continue to multiply.

Improvisational role-playing is a novel way to highlight another truth all CISOs must embrace: it is going to require leading-edge technology and intuitive humans, working in concert, to close critical gaps. Machines are terrific at collecting and inventorying at scale. But determining the criticality of assets requires sniffing out and piecing together subtle clues, which humans tend to do best.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone