After more than two years of virtual events, Bateman clients and employees are returning to the road to connect with the subject matter experts, entrepreneurs, journalists and policymakers that drive our daily work. Last week, our resident cybersecurity whiz Sarah Lytle paid a visit to Hack the Capitol 2022, her first in-person industry event since late 2019. I caught up with Sarah to learn more about her experience, the benefits of reconnecting with industry leaders, and how the pandemic may have changed these types of events for the better.
Chris Walsh Sinka: Tell me about Hack the Capitol. Who is the event aimed towards and what is the goal?
Sarah Lytle: Hack the Capitol is held by Industry Control Systems (ICS) Village, which is a non-profit that aims to connect experts from the cybersecurity industry with policymakers from the federal government. This was the fifth time that they’ve held Hack the Capitol in D.C. — it’s a free one-day event that aims to educate congressional staffers, academics and members of the media on current cybersecurity challenges. You’ll see some communications people from tech companies, but this is mainly for the wonks.
CWS: What role does this type of event play for cybersecurity pros?
SL: This is all about informal relationship building and driving public-private partnerships. Hack the Capitol was attended by current White House staffers and folks from the Cybersecurity and Infrastructure Security Agency (CISA). This event was a way to have a discussion with all parties in the same room that isn’t formalized or bureaucratic, which lowers the stakes and makes it easier to get conversations moving.
CWS: How did this event compare to those you attended before the pandemic? Were there any noticeable changes?
SL: The event had a virtual option, and probably a third of attendees were online. Of course, the benefit of being there in person is being able to enjoy a more natural conversation; I don’t think people attending online were as engaged as those who were in the room. On the other hand, the hybrid event allows you to have panel members participate who couldn’t otherwise physically be at the conference. The virtual aspect is really beneficial for content because you’re no longer dependent on who can make that specific date work with travel and other engagements.
CWS: Who did you find to be the most interesting speaker at Hack the Capitol?
SL: The opening speaker was Robert Knake, who works in the White House in a role that was created by this administration: Deputy National Cyber Director for Strategy and Budget. His whole responsibility there is implementing policy, which had been a major gap in previous administrations. The Bush, Obama and Trump White Houses each took hard stances on cybersecurity, but struggled with enforcement. The Office of the National Cyber Director is focused entirely on implementing new policies and setting benchmarks to see progress. Knake previously worked in the Obama White House, so it was interesting to hear how he’s working to directly address the gaps he saw during his previous tenure.
CWS: What’s the biggest thing we should take away from Hack the Capitol 2022?
SL: The evolution of the public-private partnership. PPPs used to be just meetings for meetings’ sake, and then they grew to become more about information sharing between organizations. We’re now entering a new state of collaboration where both sides are actually seeing each other as equals and key to one another’s success. The example of the Joint Cyber Defense Collaborative (JCDC) came up a lot — a group of 21 corporations working together with the White House to move the cybersecurity industry forward and strengthen our collective defenses. We’re hopefully moving beyond just recommendations and getting into enforcement, which is what we need for actual improvements.
CWS: Finally, what can our clients learn from events like Hack the Capitol?
SL: The event featured a panel with journalists from the Washington Post, NBC and the Daily Beast, and the real takeaway here is that because cybersecurity is more news-driven than any other industry, you need to engage with these journalists on a different level if you want to gain traction with the media. True cybersecurity journalists aren’t looking to write about companies — they’re focused entirely on high-level concepts and breaking news. Rather than having their inboxes inundated with product announcements or marketing-heavy pitches, they want to build a small roster of experts they can call on when they need a gut check on something they’re writing. This is where our clients can provide value and boost their profile in the process, by putting out credible data and research into emerging threats and by serving as a good, reliable source. There’s no shortcut here: you need to make it less about your business and more about the bigger story and its implications.