The end-of-year notebook closing post. Following the convention I have established each December, a brief reflective post before the calendar year ends.
This is going to be a more substantial closing reflection than recent end-of-year posts. Nine years of sustained writing deserves careful framing; the cumulative trajectory continues to be informative.
Nine years
Nine years of weekly writing. The discipline is firmly established; the cumulative archive is substantial; the trajectory continues to develop.
The specific markers as of year-end:
Approximately 400 posts by my rough count, across all categories. The cumulative archive has substantial reference value; specific individual posts are sometimes interesting in retrospect; the cumulative body forms a coherent record of the past nine years of defensive computing.
Approximately 75 conference attendances across the years. Specific cumulative network development; specific cumulative learning across multiple events.
Approximately 2000 hours of focused reading across the years. Specific cumulative knowledge development.
A correspondence network of perhaps 60 individuals with whom I exchange email regularly. Specific cumulative community engagement.
A calibration archive with approximately 80 specific predictions across the years. Specific cumulative discipline.
Substantial career progression. From DEC technical work in 1996 through the gaming-operator role, through consulting engagements, to the current CISO role. The cumulative trajectory has been varied; the cumulative experience is broader than a single-employer career would have produced.
What 2006 produced
The cumulative 2006 trajectory:
- Major career transition to CISO leadership.
- Multiple substantive incidents — WMF, Yamanner, Mocbot, VML zero-day.
- Substantial Microsoft releases — IE 7, Vista RTM.
- Sysinternals acquired by Microsoft.
- Web-application worm category became operationally meaningful.
- Continued cumulative archive growth — approximately 50 posts at the established cadence.
The cumulative 2006 contribution to the longer trajectory is substantial. Specific events tested cumulative defensive maturity; cumulative bounded impact reflected the maturity; specific structural lessons emerged.
What I expect for 2007
The detailed predictions cover specific expectations. The high-level trajectory:
- Continued cumulative defensive infrastructure improvement (Vista deployment, structural disciplines).
- Continued cumulative threat infrastructure maturation (commercial cybercrime, web-application categories).
- Continued specific events producing immediate impact.
- Continued personal trajectory at Gala Coral.
- The DDoS book project, on the available evidence.
- Continued cumulative archive growth.
The cumulative trajectory continues. Specific 2007 events will inform specific writeups.
A reflection on nine years
When I started in 1998 I described the notebook as a discipline for forcing myself to finish thoughts I would otherwise leave half-formed. Nine years later, that purpose continues to be served; specific cumulative emergent purposes have been added.
The cumulative emergent purposes:
Building community. Specific cumulative correspondence network; specific cumulative conference engagement; specific cumulative community contribution.
Contributing to public discussion. Specific cumulative public engagement on structural patterns; specific cumulative cross-operator learning; specific cumulative impact on broader practitioner thinking.
Providing reference material. Specific cumulative archive supports specific structural understanding; specific cumulative readers reference specific posts.
Supporting professional trajectory. Specific cumulative archive enables specific role transitions; specific cumulative public contribution supports professional development. The cumulative effect on my own career trajectory has been meaningful.
Personal cumulative learning. Specific cumulative reading; specific cumulative writing; specific cumulative reflection. The discipline of articulating positions publicly produces rigour that internal thinking alone does not produce.
The cumulative emergent purposes were not planned at the start; all are valuable; the cumulative effect compounds.
A request to readers
If you have been corresponding with me, thank you. The conversations have been the year's best continuing reward.
If you have not, consider doing so. The technical questions are useful; the operational stories are useful; the disagreements are particularly useful.
The address is on the page. The signal-to-noise ratio of the inbox is good; I read everything that arrives.
What I am doing for Christmas
Nothing dramatic. The infrastructure is humming along quietly. The honeypot caught a moderately interesting capture last week — a careful enumerator with patterns matching the careful-attacker class — that I will write up properly in January.
The family is gathering for Christmas Day. The notebook is closed for the rest of the week. The Linux kernel is compiling a new build in the background; if it is interesting, I will write about it next year.
What 2007 looks like from here
The specific year ahead will be characterised, I expect, by responses to 2006's events. Vista deployment will continue; the Microsoft Trustworthy Computing trajectory will continue to deliver; the worm landscape will continue at sustained tempo; the structural cybercrime infrastructure will continue to mature.
The specific incidents will be unpredictable. The structural shifts will be partially visible by year-end. The cumulative trajectory will, on the available evidence, continue.
The notebook will continue. The reading will continue. The community will continue.
New year, new notebook, on the standard cadence. I will be at the keyboard at midnight on the 31st as usual, for old times' sake. The systems are quiet. The week between now and then is for closing out the year's open threads.
A small final reflection on the discipline
I keep returning, in these annual reflections, to the same core observation: the consistency is the thing. Specific posts vary; specific weeks are easier or harder; specific topics are more or less interesting. The cumulative value comes from sustaining the practice across years.
For practitioners who are considering similar discipline: this is the lesson. Not the specific format, not the specific topics, not the specific cadence. The consistency. Whatever format and topics and cadence work for you, sustained over years.
The specific format of this notebook — weekly, technical, British English, calibrated, internally linked — has worked for me. Other operators will find different formats work for them. The form follows the operator; the discipline is universal.
Truly closing
Nine years on. Eleven years from when I started a Slackware box that became the foundation of all this work. Twelve years out of school. The trajectory continues; the discipline continues; the community continues.
Thank you for reading. See you in 2007.
Happy new year.