Next steps

7 min readMay 24, 2019
One of the escalators in Hong Kong Central

Five months ago I wrote my first post here on Medium, it was about the project for a cybersecurity conference in Asia.
Finally last week the event took place and the results have been better than expected.

Still some small things to fix but the “core” idea worked well and the knowledge and experience collected in these months are priceless.

Just a quick recap of the challenges and features of the recent event:

  • No sponsors: everything was entirely financed by REVULN itself.
  • No marketing or promotions: the event didn’t have any promotional or advertising goals, therefore no “return of investment”.
  • Invitation-only and free: all the attendees have been personally selected and approved without selling any ticket, no ROI here too.
  • Two full days event: in line with most conferences but still unusual for the first time without any previous experience.
  • Two topics: each presentation had to be focused or connected to one of the selected topics and not just about anything infosec-related, thus limiting the submissions for the Call for Papers.
  • Niche topics: definitely the biggest challenge since topics like “open source intelligence” and “cyber activism” have the lowest coverage in cybersecurity events, moreover in Asia.
  • Hong Kong SAR (China): fascinating place and definitely not the cheapest for rooms and venue, it’s also not the first choice for conferences hosted by foreigners in Asia (another reason why it was perfect for the project).
  • International: only speakers and guests from the region, Hong Kong, mainland China, Taiwan, Japan, Thailand, Philippines, Singapore, South Korea, Russia and Pakistan.
  • Speakers from different fields: really great to see security researchers, lawyers, police forces and professors all together.
  • Selected participants: mainly from journalism, government and law enforcement.
  • No paid media coverage: not necessary for a private event and not the goal since the conference wasn’t the focus, journalists attended for their own interest.
  • No external support for organizing the event: I have personally worked on every single detail till the day before the event, from the choice of the hotel to the design of the brochure. That was done for various reasons including having a personalized conference and saving money in the future using the acquired knowledge.
  • No previous experience: this is a huge obstacle, and also the reason why a starting point (the “pilot episode”) was necessary as soon as possible. Additionally some places and situations are unique, reading about the experience of someone else is totally useless in these contexts.
  • No pre-announcement or hype: nobody was aware of the project before the public announcement that was made just one week before starting the Call for Papers, it was a surprise but also a mistake since people had no time enough for becoming aware of the event. Did I mention the previous over 4 years of silence?
  • Informal environment: it was just like a private party, relaxed and without formalities.

With these challenges in mind there were very limited chances to see the event realized, this is something that only who has organized an event at least once knows.
Indeed I thought it was a piece of cake before starting this adventure and I immediately realized it was just the opposite the first day after the announcement, really a mission impossible.


Every event has its own goals, those for this conference were:

  • Putting the selected attendees in contact with each other
  • Allowing the speakers to share their own experience and content
  • Collecting ideas and projects from people in different fields and different countries
  • Whatever will happen due to the recent event

Still searching the best way for accomplishing the first point without involving the privacy and social skills of the attendees, but definitely a good job on the other goals.

Difficulties and luck shots.

Obviously there have been many, many, problems in these months but also some few big luck shots.

A recent issue happened with the VISA of one of the speakers, it wasn’t ready and therefore… no speaker and back to the original plan of 11 sessions instead of 12.
It was pure luck to find not only the replacement few days before the event but even two presentations, on the social aspects of cryptocurrencies (that I was looking for months) and Named Data Networking.
So a huge “thank you” to both Gareth Hayes (EmurgoHK) and Stewart Mackenzie (Fractalide) for bringing such content with almost no time for preparing.
Gareth’s presentation is on Youtube:

Definitely a luck shot was also to find a place that offered us the party after the event, thanks a lot to the Lucky Dawgs Brewery, and also to Pedro Ribeiro for having realized this magic.

All these unexpected surprises were really welcome after over one year of organization.

Lessons learned

Without going deep in details I can say that:

  • Having a constant number of attendees for the whole day is impossible, people select specific presentations, or go out and come back, or just do networking outside the room (me too). This is clearly visible at all the conferences but still a negative point in an overall more than positive event like the recent one.
  • Journalists are extremely busy due to their work, keep that in mind and relax if some of them can’t attend at the last minute or can participate for few moments only.
  • The Wi-Fi LAN router has been the biggest success of the event, the attendees watched and downloaded all the slides, speakers profiles and various documents during the presentations, so why looking at the projector when you can follow the slides on your mobile?
  • Some support during the event is necessary or the consequence is a stressful experience busy while taking pictures, waiting attendees at any time, timing each session, taking notes, and so on.
  • LinkedIn worked really well for organizing the event while Twitter, the other social networks and the various CFP/events websites were just an epic failure. This is a work of actively building “real” connections and NOT passively waiting results or sending lame pre-built copy&paste texts to N people in one click.
  • There are good and bad things happening until the last minute, some of them can’t be planned before, maybe the bad ones yes but definitely not the good ones. Take it easy but keep low expectations too.
  • A difficult part is getting in sync with the hotel on details and other stuff, the event was planned one month ago before Ramadhan but some delays made it slipping in May and therefore loosing 1/3 of the asian speakers and participants.
  • The location for the pre and post event dinner, one of the famous wet markets in Hong Kong, was really a great idea :)
  • The Eastern side of Hong Kong Island is an ideal location.

I’m happy to share more about this experience, there is lot to talk about.

Regarding the slides of the presentations, please note that only some of them may be released on the website and currently there is no date yet, maybe next week or next month.
Being a private free event there is no real need or interest in sharing such material, the decision is up to each individual speaker.
The attendees who missed the slides at the event can contact me in private.

Recap of the agenda

  • Chun Pong CHOW (Hong Kong)
    My user-experience and understanding of “OSINT” and “private intelligence agency” as a fresh intelligence analyst
  • Setthawhut Saennam (Thailand)
    Using OSINT in CERT Operations
  • Egor Saltykov, Igor Lyrchikov (Singapore, Russia)
    What you will able to gather from neighbor social networks?
  • Hirokazu Kodera, Manabu Niseki (Japan)
    Catch Phish If You Can: A Case Study of Phishing Website and Actor
  • Da-Yu Kao (Taiwan)
    The Investigation, Forensics, and Governance of ATM Heist Threats in Law Enforcement Agencies
  • Chiawchan Chodhirat, Wongyos Keardsri (Thailand)
    A Development of Cybersecurity Techniques and Law Enforcements for Royal Police Cadet Academy
  • Dr. Rolando Rivera Lansigan (Philippines)
    The Privacy Act of 2012, its compliance and implementation in the Philippines
  • Yi-Lang Tsai (Taiwan)
    Cyber Security, Threat Hunting and Defence Challenge in Taiwan Academic Network
  • Yihao Lim (Singapore)
    Hacktivism in South East Asia
  • Dominic WAI (Hong Kong)
    An analysis of s.161 of the Crimes Ordinance and sharing of case law on this offence
  • Dasom Kim (South Korea)
    How to find suspected phishing sites and malicious cryptocurrency addresses via OSINT
  • Gareth Hayes (Hong Kong)
    Subverting the State with Bitcoin
  • Stewart Mackenzie (Hong Kong)
    Enhancements of Named Data Networking protocol

Next steps

Despite the name of the conference, REVULN ’19, the idea has never been to have one yearly event. Indeed I’m already working on the next meeting which is planned before the end of the year.

Still no details because it’s a flexible format and the topics will change every time, what’s sure is that it will continue to be invitation-only and free.

Currently there are at least three main groups of topics on which I’m strongly interested and I will choose one this summer.

Thanks everybody for attending.

Some speakers and their guests at the end of first day