It’s a bit frustrating sometimes, working for a company like Akamai. When you hear stories about DDoS and other attacks on large institutions, we’re often involved in the mix somewhere, simply because we deliver so much of the Internet’s traffic. But we long ago decided we don’t want to be sensationalist or ambulance chasers, we don’t want to reveal too much about specific customers and we don’t want to reveal too much of the secret sauce that allows us to protect our customers. The result has been that it’s easier to let other people tell the stories rather then get involved in the conversation, even if we often know the person who was interviewed for an article knew very little about what’s actually going on. Plus it’s been a little annoying to have to recuse myself from the discussion on the podcast when I can’t talk without revealing what I know about the story in question.
That being said, it’s been nice to be able to be a bit more active in some of the current stories that are happening on the Internet, especially for my teammate, Mike Smith. Last week I was able to post about the recent SSL vulnerability tool (Take a Byte out of CRIME) and how it affects our company (not much, soon not at all). But more importantly, Mike was able to write a post about the recent spate of DDoS attacks that have been in the news (Information, not Hope, is the Key to Surviving DDoS Attacks) and has been interviewed for a number of articles by news outlets (Bank attackers more sophisticated than typical hactivists, expert says and US Banks Hit by More than a Week of Cyberattacks). There’s probably a few more to come out, but that’s a start.
It’s nice to have information that can be freely shared and is public about news stories. Having to keep quiet about things like this is frustrating, especially since as part of my role at Akamai I’d like to do is sharing as much information about what’s happening on the Internet as is possible. The fine line to walk is between being a source of valid information and being a media whore who just wants attention. Though, as a blogger, it’s probably too late for me.
I got to attend my first SOURCE event last week, thanks to a lucky confluence of events which freed up my time. Mainly, I didn’t have to go to the PCI Council’s Community Meeting and was able to take advantage of SOURCE Seattle instead. I know many of the people involved in SOURCE and I’d been wanting to go for a long time. This was the 10th SOURCE event, and I walked away very happy I’d finally been able to attend.
The Seattle conference is very different than any other event I’ve been a part of; with under 100 people in attendance, it’s small and personal. I had the opportunity to talk to almost every person there, which is something you rarely get to say at any event these days. During lunch on both days the team running the event led interesting discussions and helped encourage people to talk to other security professionals they’d never met before.
My favorite talk was by Tony Rucci, giving a detailed account of what it was like to be part of the White House staff on 9/11/2001. It was interesting to hear the first hand account of someone who’d been on the ground at the time. I liked getting to go to talks by friends like Adam Shostack and Zach Lanier, even if Zach did lose me about 15 minutes into his talk (I’m not an Android debugger by trade, so shoot me). Robert M. Lee’s talk on the maturity of security was good to hear, but I feel he may be a bit optimistic. The Base Rate Fallacy talk by Florer & Lowder made my brain hurt; my wife is currently taking a statistics class, maybe I should ask her for help.
I haven’t been to the larger SOURCE Boston, but if you’re in the Seattle area, look at coming to the con when it happens next year. Hopefully it stays small and intimate for a few more years. And hopefully it can stay in the Maritime Museum for a few more years as well.