Managing Apple devices at Black Hat Europe with Jamf

When 5,000 cybersecurity professionals descend on London for Black Hat Europe, they're focused on the latest threats, vulnerabilities and defensive strategies. But behind the scenes, there's another critical operation running 24/7: a team securing the network, observing data movement within it, and managing the hundreds of Apple devices that power the event itself. As part of an elite group of industry leaders volunteering time and resources, Jamf's Apple expertise ensures security for the devices that every attendee and employee interacts with.

The Stakes: High pressure, zero margin for error

The pressure at Black Hat is immense. A single failure can disrupt registration for thousands, expose sensitive attendee data or derail keynote sessions in front of an audience trained to spot weaknesses. Registration devices handle large volumes of personally identifiable information, making security nonnegotiable.

The Challenge: Distinguishing "Black Hat Positives" from real threats

Black Hat creates a unique security challenge. Throughout the venue, attendees learn to write malware, exploit vulnerabilities and demonstrate zero-day attacks. The NOC must distinguish between legitimate conference activity, known as “Black Hat positives,” and real malicious behavior.

A training class downloading Kali Linux or testing attack tools on isolated networks is expected. Attempts to target external organizations, payment systems or conference infrastructure are not. By clearly separating research from real threats, the team routinely identifies compromised devices and stops infections almost immediately.

The Solution: Operational excellence through integration

Here's what we had to deliver:

• Deploy and secure several hundred Apple devices across multiple spaces in under 48 hours
• Zero downtime for critical operations during peak load with thousands of simultaneous users
• Protect PII on registration devices through Autonomous Single App Mode
• Deploy Cisco Secure Client via Jamf for secure network connectivity
• Integrate seamlessly with Cisco XDR and Palo Alto Networks XSIAM
• Maintain complete visibility and control over every device in real time
• Full GDPR compliance and complete data lifecycle managementPartnership and integration

We worked alongside industry partners in the Black Hat NOC, including Arista Networks, Corelight, Palo Alto Networks and Cisco. Corelight threat intelligence feeds into Palo Alto XSIAM, which ingests logs and correlates data from all systems into a single source of truth.

At Black Hat Europe, XSIAM processed more than five terabytes of security data from over 14 sources in 10 days, enabling real-time detection and response. This only works through tight collaboration, with months of preparation and constant coordination during the event.

Streamlining operations at scale

To support Black Hat operations, we enhanced Jamf Mobile Assist with real-time visibility into device readiness, battery health and app update status. The team could reassign roles, check status and reset devices instantly without accessing the MDM console. Registration leaders could also manage device roles themselves, keeping control with on-site staff.

Visual asset management

We simplified asset management using JAWA (Jamf Automation and Webhook Assistant) to push custom wallpapers that displayed each device’s asset tag and role directly on the home screen. Support teams could identify devices at a glance without removing cases or digging through settings.

Securing registration with Autonomous Single App Mode

To protect attendee PII during registration, we implemented Autonomous Single App Mode for the SwapCard registration app. This locked devices into a secure kiosk state while still allowing our support team to exit with a simple gesture or passcode for troubleshooting.

Optimizing bandwidth with caching servers

We also addressed bandwidth constraints by deploying two Mac minis as caching servers, one on the internal network and one on the public network. This reduced external traffic by 347 GB, sped up app installs and OS updates and kept the network stable throughout the event.“We noticed a discrepancy in our dashboards that made us question its accuracy in the amount of data transferred. We later learned there was a caching server onsite which explained the discrepancy we were seeing. Significantly more data passed on the wireless than was seen on the internet circuit." Landon Harsh from Arista Networks

The Final Act: Instant digital sanitization

When Black Hat Europe ends, every device that processed attendee PII must be fully sanitized before leaving the venue. A single Jamf Pro wipe command erases data across all devices in seconds, returning them to a clean state and ready for shipment. What would normally take hours of manual handling is reduced to a fast, verifiable process at scale.

Key takeaways for IT teams

Remote management at scale: You can remotely manage, configure and troubleshoot hundreds of devices simultaneously without physical access, essential for distributed teams or temporary deployments.

Security without friction: Autonomous Single App Mode, secure client deployment via MDM and real-time monitoring ensure devices stay secure while remaining functional for end users.

Regulatory compliance made simple: Remotely and verifiably wipe hundreds of devices simultaneously with complete audit trails. You get GDPR, CCPA, and HIPAA compliance with full logs of when devices were wiped, by whom, and verification of success.

Integration-first approach: Tight integration with security platforms (XDR, SIEM, network security tools) provides comprehensive visibility across your entire environment, not just endpoints.

Operational efficiency: Visual asset management, automated provisioning and delegated administration reduce manual work and empower teams on the ground to resolve issues faster.Jamf enabled us to deploy, secure and manage hundreds of Apple devices efficiently at Black Hat Europe.

Our experiences there will help further streamline mobile processes at future Black Hat conferences, and for our customers through Jamf Mobile Assist enhancements. These same capabilities scale to enterprises of any size, providing the security, compliance and operational efficiency IT teams need.