From Friends Friday to Black Hat Europe: What Security Teams Should Focus on Next

Black Hat Europe consistently delivers a rare combination of deep technical insight, honest vendor conversations, and real-world perspective from practitioners across the industry. Ahead of this year’s event, PlexTrac hosted a Friends Friday conversation with Nick Jackson, Director of Cybersecurity Services at Bitdefender, to preview what he was watching for and where he thought the industry conversation was heading.

 

A few weeks later, those predictions largely held true.

From the show floor to the session rooms, Black Hat Europe reinforced a clear message: security teams are not lacking tools, data, or alerts. What they are lacking is focus, automation, and clarity on what matters most.

From Preview to Reality: What Black Hat Europe Confirmed

In the Friends Friday episode, Nick emphasized Black Hat’s value as a place to separate meaningful innovation from buzzwords, particularly around AI. He also pointed to the growing tension between what vendors promise—fully autonomous security, AI-driven everything—and what teams can realistically operationalize.

Once on the ground in London, those themes came into sharper focus. Dan DeCloss, PlexTrac’s founder, attended the conference and came away with a consistent takeaway echoed across conversations with practitioners, vendors, and service providers: teams are overwhelmed, and the next phase of security maturity is less about adding new capabilities and more about making better decisions with what they already have.

Prioritized Remediation: The Gap Everyone Feels

One of the strongest themes at Black Hat Europe was the need for better prioritization. Organizations are generating enormous volumes of findings across offensive testing, continuous exposure management, vulnerability scanning, detection engineering, and threat intelligence. The challenge is no longer identifying issues—it’s knowing which ones to fix first and why.

Across conversations, security leaders were asking the same questions:

• Which findings actually increase risk if left unresolved?
• Which fixes will measurably improve my security posture?
• How do I justify remediation work to stakeholders who want to see impact, not activity?

This need for prioritized remediation came up repeatedly, especially among teams trying to connect offensive security results with defensive improvements. Without clear prioritization, remediation efforts stall, tickets pile up, and teams lose momentum. Black Hat made it clear that solving this problem is foundational, not optional.

Automation as a Force Multiplier, Not a Replacement

Another major takeaway was the growing demand for automation, but with a more grounded perspective than in past years. Rather than framing automation as a way to eliminate humans, the conversation has shifted toward using it to eliminate friction.

Security teams are increasingly looking for automation that reduces manual handoffs between tools and teams, speeds up reporting and remediation workflows, and maintains consistency without sacrificing critical context. The goal isn’t to remove analysts from the process, but to free them up to focus on higher-value decisions that require human judgment, experience, and collaboration.

This aligns closely with what Nick discussed pre-event: automation should support the SOC, not attempt to replace it entirely. At Black Hat Europe, that idea felt less controversial and more accepted. The goal is not autonomy for its own sake, but efficiency where it matters most.

AI: Where It Adds Value and Where It Doesn’t

AI was everywhere at Black Hat Europe, but the conversation around it has matured. Instead of blanket claims, many discussions centered on a more practical question: where does AI actually make the biggest difference?

Rather than trying to apply AI to every security problem, teams are increasingly focused on using it to:

• Help triage and prioritize findings
• Surface patterns humans might miss across large datasets
• Improve decision-making speed without removing human oversight
• Support continuous validation and feedback loops

This marks a shift away from hype toward utility. The consensus wasn’t that AI is a silver bullet, but that it can be extremely powerful when applied to the right problems, especially those involving scale, correlation, and prioritization.

Focusing on What Actually Improves Security Posture

Perhaps the most important theme to emerge—both in the Friends Friday conversation and at Black Hat Europe itself—was the idea of focus. With so many tools, alerts, frameworks, and metrics available, security leaders are increasingly asking a simple but critical question: what should I focus on that will actually make the biggest difference?

The answers were not about buying more products or adding more noise to already crowded security stacks. Instead, the discussion centered on closing the loop between testing and remediation so that findings actually lead to action. There was a strong emphasis on reducing time-to-fix for high-impact issues, rather than spreading effort evenly across low-risk findings. Many conversations also highlighted the importance of aligning offensive, defensive, and risk teams around shared outcomes instead of operating in silos. Finally, teams expressed a growing need to measure progress in terms of real risk reduction, rather than the volume of activity or number of alerts processed.

Black Hat Europe reinforced a clear takeaway that the most effective security programs are not the ones doing the most, but the ones doing the right things consistently.

Bringing It All Together

Looking back, the Friends Friday conversation with Nick Jackson set the stage well. Black Hat Europe delivered exactly what many teams were hoping for: validation that their challenges are shared, clarity around where the industry is headed, and a growing emphasis on practical impact over theoretical capability.

As the security landscape continues to evolve, the takeaway from Black Hat Europe is clear. The future isn’t about chasing every new trend. It’s about prioritization, automation with purpose, and applying AI where it meaningfully improves outcomes. For organizations willing to focus on those fundamentals, the path forward is becoming clearer.

Follow PlexTrac on LinkedIn for more Friends Friday conversations and continued insights from industry leaders shaping the future of cybersecurity.

Follow PlexTrac on LinkedIn for more engaging episodes of PlexTrac Friends Friday, featuring leaders across all aspects of the cybersecurity industry. 

PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.