Infosec Europe 2008 ran 22-24 April at Olympia in London. I gave a session on the DDoS trajectory, drawing on the Evolution of DDoS book and on specific cumulative observation through the past several years. The cumulative experience was substantively rewarding.
This is a longer post because the conference engagement is structurally meaningful and specific lessons deserve treatment.
The session
The session covered the structural trajectory of DDoS as I have been writing about it: the commercial-cybercrime extortion category, the DDoS-for-hire commercial markets, the politically-motivated category, the defensive-coordination requirements at infrastructure scale.
The format was a 45-minute presentation followed by 30 minutes of question-and-answer. The specific audience was approximately 200 practitioners — a mix of CISOs, security architects, and operational staff from UK and European organisations.
The presentation went substantively well. The cumulative material from years of writing on the topic supported a coherent structural narrative; specific operational examples (with appropriate confidentiality) supported the structural argument; specific defensive recommendations gave the audience actionable content.
The questions
Specific questions from the audience were substantively informative.
Several questions about specific defensive infrastructure. Operators wanted specific guidance on what to invest in, what cumulative effect to expect, what cumulative trajectory to plan for. The discussion produced specific operational guidance beyond what the presentation alone provided.
Specific questions about politically-motivated DDoS. The Estonia events have produced sustained interest in the political-cyber category; specific operators with potential exposure asked about specific defensive postures. The cumulative conversation was substantive.
Specific questions about the cumulative book content. Specific readers had specific feedback about chapters; specific subsequent conversations about the trajectory will inform potential follow-up writing.
Specific questions about insider-fraud parallels. The Société Générale fraud produced specific cumulative interest in cross-category structural lessons. Specific operators are thinking about how DDoS-defence disciplines apply to insider-threat categories.
The cumulative quality of the questions was substantial. The audience was substantively engaged; specific subsequent correspondence will continue.
The conversations
The cumulative practitioner network development was the most rewarding aspect of the conference.
Specific peer-CISO conversations. Specific operators at major UK organisations had substantive operational conversations during the breaks. Specific cumulative challenges (DDoS readiness, insider-threat controls, cumulative regulatory compliance) were discussed.
Specific introduction to operators I had not previously met. The book has produced substantive cumulative reach; specific operators introduced themselves based on having read it. The cumulative network expansion is operationally meaningful.
Specific ongoing conversations across multiple sessions. Specific cumulative discussions continued across the three days; specific operators sought specific follow-up.
The cumulative conference value was substantively higher than typical conference attendance. The cumulative effect on the practitioner network and on subsequent operational work will be substantial.
What I am taking from the cumulative experience
Three observations.
Conference engagement and book-length writing reinforce each other. Specific cumulative book content supported substantive presentation content; specific cumulative presentation feedback will inform potential follow-up writing. The cumulative discipline of multiple-format engagement is structurally productive.
The cumulative practitioner network is more operationally meaningful than I had recognised. Specific operators across the cumulative network share specific information, specific defensive techniques, specific operational lessons. The cumulative cross-operator coordination is bounded by relationships rather than by any formal infrastructure.
Specific operational engagement matters at peer-CISO level. Specific CISOs at peer organisations face specific cumulative challenges that benefit from cross-operator conversation. The cumulative isolation that CISOs sometimes experience is bounded by sustained engagement.
For practitioners considering whether to invest in conference attendance: the cumulative value compounds. Specific cumulative network across years produces operational outcomes that single-conference attendance cannot.
What I am doing next
Three things following the conference.
Specific subsequent correspondence with specific attendees. Specific cumulative conversations will continue; specific operational coordination will inform subsequent work.
Specific follow-up writing. Specific themes from the conference questions deserve substantive treatment in subsequent notebook posts. The cumulative archive will grow.
Specific assessment of follow-up book or extended writing. The cumulative reception of the DDoS book and the cumulative conference engagement support specific subsequent writing decisions.
A reflection on the cumulative trajectory
Speaking at Infosec Europe is a cumulative milestone. Specific cumulative engagement across years — the first BCS event in 2003, specific subsequent conferences, specific cumulative book project — produced the conditions for substantive Infosec engagement in 2008.
The cumulative trajectory is, on the available evidence, positive. Specific subsequent engagement will continue; specific cumulative network will continue expanding; specific cumulative effect on the broader practitioner community will continue to be visible.
For my own continued discipline: the cumulative work continues. Specific subsequent writing will reflect cumulative conference observations; the cumulative archive grows.
More in time.