I’m heading to Vegas this week for my annual pilgrimage to “summer camp for hackers.” With Black Hat, DEF CON, BSides and other cyber‑world events all happening this week, the security community converges on Las Vegas. Yes, Black Hat isn’t as raw and edgy as the early days (it’s not easy and it gets hotter every year), and DEF CON isn’t what it was 20 years ago — but if you know where to look, the edge is still there. I’m flying in focused on Black Hat this year — and might sneak into DEF CON or BSides, but let’s not count on it.
Now, you might be asking: What is this article doing on PlatformEngineering.com, and why should you care? Good question. Simply put: You can’t have a successful platform without security as a core principle. The research showcased at Black Hat provides exactly the insights we need to bake into platforms that enable developers, DevOps, SREs — and everyone else — to build safer applications and infrastructure. Any platform engineer who ignores the findings and innovations at Black Hat does so at their own risk.
Six Black Hat 2025 Highlights Every Platform Engineer Should Know
From keynotes to briefings to summits and startup showcases, here’s a curated list of six sessions and events at Black Hat USA 2025 that are must‑see for platform engineering pros:
1. Main Stage Keynotes: “Three Decades in Cybersecurity: Lessons Learned and What Comes Next”
This opening keynote traces security’s evolution — perfect context for PEs building long‑lived platforms. Understanding the arc of threat, trust and resilience helps prioritize platform security design from the ground up.
2. Supply Chain Micro Summit (Aug 6, Business Hall Theater C)
Addresses modern threats in interconnected environments and talks micro‑segmentation strategies. Any platform that ingests third‑party code or dependencies needs this context — these sessions lay the groundwork for safe software supply chain practice.
3. Industrial Control Systems (ICS) Micro Summit (Aug 7, Business Hall Theater C)
Focuses on securing OT lanes and legacy PLC/SCADA systems. For platform infrastructure bridging edge, industrial and cloud environments, the lessons in zero‑trust and segmentation are directly actionable.
4. Qualys Session: “Exposing the Hidden Threats: Reinventing Software Composition Analysis for Supply Chain Security”
Dive deep into next‑gen SCA that maps full dependency trees and uncovers transitive risk. Any CI/CD pipeline or platform that manages dependencies should take notes here.
5. Qualys Session: “Protect What Powers Your AI: Risk‑First Container Security at Cloud Speed”
As platforms incorporate AI workloads, container orchestration and runtime risk become critical. This session outlines container and Kubernetes security strategies aligned with dynamic platform scale and developer velocity.
6. Briefings across AI, ML & Data Science, Cloud Security, and Cryptography
From the Arsenal labs to technical briefings, topics include AI‑powered SOCs, post‑quantum encryption planning, cloud misconfiguration exploits and kernel vulnerabilities in Linux and embedded devices. All highlight attack surfaces that platform engineers must harden proactively.
Why These Matter for Platform Engineering
- Secure Build & Deploy Pipelines: Lessons from software supply‑chain talks and SCA sessions reinforce automated, end‑to‑end dependency checks in CI/CD to reduce transitive vulnerabilities.
- Infrastructure Resilience: Zero‑trust and micro‑segmentation learnings from supply chain and ICS summits help design networks that limit lateral movement and reduce blast radius.
- Runtime Platform Hardening: Sessions on container risk, Kubernetes weaknesses and novel AI threats ensure platform teams prepare runtime defenses — before breaches occur.
- Future‑Proof Security Roadmaps: Insights into post‑quantum crypto, identity abuses, AI weaponization and evolving kernel threats inform long‑term platform design and roadmap planning.
- Strategic Risk Insights: Qualys talks on CTEM (Continuous Threat Exposure Management) and Identity Security give frameworks for aligning platform telemetry and remediation workflows with business context.
In short: Platform engineering isn’t just infrastructure and pipelines — it’s secure infrastructure and pipelines. Understanding the adversarial trends and research at Black Hat arms platform teams to pre‑bake resilience, not patch later.
Wrapping Up
If you can’t make it out to Vegas this week and choose to stay back in the air conditioning, don’t worry — we’ve got you. We’ll be on the ground at Black Hat, recording video, writing articles and sharing insights so you stay informed and equipped.
Stay tuned, and let’s build platforms that are secure by design — not by accident.