DomainTools Investigations BSides NoVa Recap

As one part of the broader infosec community, it’s one of our pillars within DomainTools Investigations to contribute meaningfully to collective knowledge as well as common good. We believe that doing so reinforces the fact that cybersecurity is a living ecosystem – an ecosystem of ecosystems, in fact – and thrives or withers accordingly. From Head of Investigations Daniel Schwalbe down through the ranks, we want to see a thriving ecosystem, and there’s no other way to do it than to put our money and time where our mouths are.

You’ve got to have some skin in the game.

One great example of security community activity is BSides NoVa, which happened October 10 & 11. We stepped up as a Gold sponsor alongside other great organizations to bring together a diverse group, from folks looking to enter the industry to those retired from decades in it. In addition, we submitted two talks that were accepted: my colleague Malachi Walker’s talk on cyber threats in F1 racing, and my talk on DNS and domain intelligence in investigative journalism.

BSides is more than just a professional opportunity for me – it’s a deeply personal part of my path into and within infosec. While information security and cybersecurity have always been special interests of mine, the first conference I attended where I really felt the passionate burn to be an integral part of it all was a Security BSides conference, BSides Boston 2016. I sat in Microsoft’s NERD facility (not kidding about the name!) and felt the first undeniable yearning to be doing the cool work that speakers presented, even though I could only half-follow most of it at the time.

From the smallest BSides in a local meeting hall to major events like BSides CHARM, Las Vegas, or NoVa, both the model and the reality represent some of the best our community has to offer. It fills me with pride to be part of an organization that could sponsor this event.

For my part, I was honored to speak to a full room about DomainTools’ history of enabling investigative journalists and security researchers in the community through our Grant access program. We’ve been presenting at the NICAR journalism conference for nearly a decade now, grateful that interest drives not one but two NICAR sessions. In addition to access, we’ve been providing training and investigative support and review to help journalists identify objective truths in data that inform their investigations. 

Earlier this year we provided a technical writeup on one such investigation over on our corporate blog, and the details there formed the backbone of this presentation as we demonstrated the value of both DNS records and Whois/RDAP data in unraveling layers of truths. We were also able to highlight several other places where either our data proved helpful or we collaborated with journalists and investigators directly this year alone, including CitizenLab, Reuters, and the prolific Brian Krebs. 

Slides for my presentation can be found here on Google Drive (contact me if you need them placed for download elsewhere).

In addition to the slides, I’d like to reiterate my answer to one of the Q&A questions at the end. The session participants were awesome and engaged, across all levels of familiarity with DNS and domain data, and asked excellent questions. One of the better questions was “Where do I learn how to do this kind of work?”

As my introduction slide notes, I’ve got no degrees and no certifications. I cannot speak to higher education or training programs. What I can say is that learning from the folks actually doing the work is key. There are very few areas in which I have so much knowledge that I can claim to be a subject matter expert (which troubles me sometimes as far as both impact and career go). But where I excel is identifying work that I want to be doing, finding the people already doing it, and reverse-engineering their processes to build my own. In practice, this looks like not just reading investigations from Brian Krebs, Shelby Grossman, Renee Diresta, CitizenLab, or Infoblox’ Threat Intel team, but actually writing down and analyzing each step of their investigation to learn where and how they pivot from one piece of data to another, as well as areas they focus on as often fruitful investigatory avenues. 

Another great source is journalist Craig Silverman, who devotes his time to teaching other journalists how to dive deep digitally. In addition, pay attention to the various places where Yael Grauer pops up, from Consumer Reports and the Associated Press to DEF CON, especially around privacy or public interest/technology & integrity issues. 

Learn from folks doing the work – and then change, adapt, iterate, and customize it. Make it your own.

And go make a splash.

My thanks to BSides NoVa, its sponsors, and everyone who came to my talk or that I talked with on Saturday. We are the ecosystem. Let’s dig, share, and thrive.