DTRAP has created a paper type that we’ve aimed at the working practitioners called the Field Note. We want short case reports that highlight an event or topic that is important to the author.
I’ve been asked “Why should I write one?” and I’m going to attempt to answer that in this post.
I’ve been around in the tech world for quite some time. My Bachelor’s degree is in Applied Math and I have (I think I’ve mentioned this) a PhD in Math. I spent time in Seattle during the Internet Bubble and, well, I’ve both been there and done that. I worked at a startup in Seattle and I did systems, I did networks, I wrote software, I did security, I even answered the Network Operations phone.
I’ve been a researcher, I’ve been a practitioner, and I’ve even been a teacher. That’s my background. It’s broad, broader than most, but as I often like to say, “It seemed like a good idea at the time.”
In the course of getting this journal started, I’ve found myself talking to quite a few people about it. I’ve had researchers tell me “There’s nothing a practitioner can tell me that I can use.”. I’ve had practitioners tell me “I try to talk to researchers but I don’t have the degree, so why bother.”
Both attitudes are wrong in my opinion. Very wrong.
Cybersecurity is, at its heart, a practical field. We need solutions from both sides.
Practitioners want practical solutions to our problems. We want things that work. Sometimes we want them right now, not later. That’s the practitioners job. If I have a ransomware attack to deal with, I want a solution. If I’ve got a new kind of DDOS taking my systems down, I need to mitigate it.
On the research side, I’m interested in patterns. I want to know if I can determine future attacks. I want to consider commonalities across attacks. I’m looking at the ecosystem of attacks, not just “What’s happening to my company today?”
(I’m going to summarize here) Practice is that specific event. Research is all those events.
A Field Note is a way for a researcher to collect data on the current events. What does the practitioner see that it’s interesting? What solutions do they need? For the practitioners, it’s a way of communicating with the researcher. If we don’t tell them what we need, how will they know?
It’s also a way of recording for posterity your observations. You’re probably reading this and assuming ‘Duh, I can write a blog, why do the Field Note?’. A Field Note is peer reviewed. Aside from being your opinion (like this blog is my opinion) a Field Note has someone saying “Yes, this is real.”
It’s also a way of advancing your career. Having peer reviewed publications on a resume is always good. It says “People thought my work was good enough to publish in an academic journal!”.
If all that isn’t enough to convince you, well, then this wasn’t for you. If it was, and you’re not sure how or where to start, email us at dtrap-editors@acm.org
1 Response
[…] These aren’t marketing papers. These aren’t white papers. These are case studies of events or solutions you found interesting. These are Field Notes. […]