FIRST, the Forum of Incident Responders and Security Teams, is a global organization that helps incident responders and other cybersecurity folk get together and help each other out.
I represent FIRST as the DNS Abuse Ambassador, and they recently sent me to Kuala Lumpur for the ICANN75 AGM. It was indeed a time of a lot of firsts (hah) for me—first time in Kuala Lumpur, first ICANN meeting (the 75th meeting and AGM at that!), and the first time I was properly representing FIRST in person.
Here’s my account of the events:
At least from my point of view.
Of course, I have to give a big shout out to Carlos Alvarez, a member of the FIRST DNS Abuse SIG and Director of Trust and Public Safety Engagement.
I have to say—Carlos really saved me!
We spent 40 minutes going through the entire schedule, and he explained the many, many acronyms and overall structure of ICANN elements. Carlos also introduced me to many incredible people and provided very valuable feedback.
During this trip, I presented on The Challenge of Defining DNS Abuse. The main goal was to remind people that there's a lot of different perspectives out there—and no single definition.
My presentation went very well, if I do say so myself. Tech Day—a catch-all for anything technical that didn't fit into the other elements of ICANN—was a wonderful place to be. The level of enthusiasm and engagement from the audience was fantastic. We couldn’t even get to all of the questions in the time allotted for Q&A!
The accompanying speakers in my time slot, Jeff Bedser from CleanDNS and Adiel Akplogan from ICANN, were also incredible and welcoming of the newbie.
Amongst the many interesting talks, DNS Abuse was a hot topic. DNS Abuse came up repeatedly from day 1—the ICANN president and CEO highlighted it during the opening meeting. The meaning of the term “DNS Abuse” is very fuzzy to some, and very specific to others. My presentation (The Challenge of Defining DNS Abuse) was appropriate in many ways!
ICANN attendees were a great group of people. The audience was diverse, from the DNS Abuse Institute, registries, registrars, CERTs, commercial companies, to government organizations. Wonderful discussions took place with some brilliant minds!
By the end, I had a pile of business cards—and had passed out every single one that I had brought! The old school style of networking was unexpected, but welcomed.
My favorite part, though, was finally getting to put faces to names of the people I regularly interact with online. Meeting these familiar people in person strengthened our relationships in ways that are hard for me to define! It was also very nice to know that people were putting a face to FIRST.
By the time I left, I had a long list of things to follow up on.
The DNS Abuse Institute has a great study that merits further thought (recreating their experiments and looking at their source data could probably be a whole topic in itself). I also spoke to someone about ICANN setting up a group that reaches out to the cybersecurity community—something there’s not really space for at the moment.
DNS Abuse is a potential way to bridge that gap in the meantime—it’s so top of mind.
Finally, the insights I gained into the inner workings of ICANN was hugely valuable. From the outside, ICANN can seem like a massive ball of bureaucratic red tape and acronyms—seeing how things actually worked from the inside was amazing. Real work gets done here that has the potential to affect everyone on the internet. Millions (or billions!) of people worldwide can have their online lives shaped by the conversations that happen at ICANN.
In all, the trip was exhausting but excellent. It will take me a while to digest and absorb everything properly, but there are already tangible benefits. I hope to go to more events like this in the future!