Vegas Recap: Black Hat, Four Deuces, and a Hand That Paid for My Flight
Made it to Vegas — and this one had two agendas.
The main event was Black Hat, one of the biggest cybersecurity conferences in the world. The bonus was the casino floor at Mandalay Bay. Both delivered.
---
Black Hat
Black Hat draws the serious crowd — researchers, practitioners, red teamers, vendors, and a healthy dose of people who just want to see what's coming. The talks run from highly technical (novel exploit research, hardware vulnerabilities, protocol weaknesses) to strategic (threat landscape, emerging attack surfaces, defensive frameworks).
I came away with a few things worth thinking about:
The gap between what organizations think they're protected against and what's actually out there is wider than most people in non-security roles realize. The conference makes that gap visible in ways that are hard to unsee.
Tooling is evolving fast. The automation layer being applied to both offensive and defensive security is accelerating, and the teams that win are the ones that figure out how to leverage it without losing the human judgment layer that makes it actually useful.
And talking to people in the hallways and at dinner is still where the best information lives. The talks are valuable. The conversations around them are the real reason to be there.
Good conference. I'll go back.
---
The Tournament
I entered a daily live poker tournament while I was there — my first live tournament ever. Played through two levels, felt like I was getting my footing, and then got unceremoniously felted about 10 minutes after the first break by a woman at the table who played like she invented the game. Full story in the poker post. Short version: respect.
The Floor
Mandalay Bay's casino floor is well-designed — enough variety to float between tables and machines without feeling like you're on a treadmill. I hit the craps table and stuck to the plan: Pass Line, Free Odds, short sessions. Hit some blackjack on a 3:2 table and played basic strategy.
After a few days of talks and sessions, I was ready to just sit down somewhere quiet and unwind.
---
The Moment
Late in the trip I sat down at a quarter Deuces Wild Bonus Poker machine. Not hunting for anything. Just winding down.
And then this happened:
Four Deuces Plus Ace. 2000 credits. Paid $506.25.
In Deuces Wild, all four 2s are wild cards. Four Deuces is the second-highest hand in the game, sitting just below a Natural Royal Flush. Four Deuces Plus Ace is a specific bonus hand — it pays at the very top of the pay table.
Bet 5 quarters ($1.25 per hand). 2000 credits × $0.25 = $500, plus remaining credits = $506.25 in the tray.
That single hand paid for my round-trip flight. I went to Vegas for the conference, stayed for the games, and the machine handed me my flight money back. I'll take that every time.
---
What I Took Away
Two very different kinds of learning happened on this trip. During the day: threat research, new tooling, conversations with people building things I hadn't seen before. At night: craps tables, video poker, the particular patience that casino games require when you're playing them correctly.
The overlap is more than it sounds like. Both reward preparation over improvisation, and both punish the impulse to do something dramatic when doing nothing is the right move.
Black Hat is worth your time if you're anywhere adjacent to security. And if you're at Mandalay Bay anyway — find a Deuces Wild machine. You never know.
— Dr. Scott