Last week I read Simon Sinek’s new book, The Infinite Game. Worth reading, although I find his content more compelling when he is speaking, so Audible or YouTube may be the right way to go. This caused me to go back through my notes on Sinek’s Start With Why. And this caused me to review S4’s Why and where the event is and isn’t supporting that Why with the right How’s and What’s.

S4 Origin Story

This is not worthy of even a Marvel tv show on Disney+, but S4 did have a clear, singular impetus. Back in 2006, Matt Franz, one of our early employees who came over from Cisco, started fuzzing ICCP stacks. These are important protocol stacks that were used for communication between parts of the US power grid. A very nice attack path to spread across grid. Matt build his own stack to be able to fuzz some of the higher layers in the stack and found vulnerabilities.

Not a big surprise. Remember though this is 2006 and there have been no published ICS vulnerabilities. Almost no one is doing even basic random data fuzzing let alone intelligent fuzzing in ICS. So I told Matt, you need to present this somewhere. Matt said there was no where to present this where the attendees would understand the ICS AND understand the technical details of what he did. After looking around a bit, Matt was right.

So we created the S4 event as place where advanced content could be presented to an audience who gets it.

The first keynote at the first S4 in January 2007 was Whit Diffie. I selected Whit because he was one of the leaders who created a crypto community back in the late 80’s and 90’s. Back when the group was similarly sized to the original 36 who attended S4x07. He and others like Ron Rivest, Bruce Schneier, and David Chaum, nurtured and helped built the crypto (the words cyber and security wasn’t used much back then) community much liked we hoped S4 would do.

S4’s Why


Nurture and grow a community of talent that is creating the future of OT and ICS Security through bold and innovative thinking and action.

This Why was not fully developed in 2007. It really was a simple as creating a place to talk, learn and perhaps not feel so alone in this ICS security endeavor. A place to show great work to people who will get it. There wasn’t a lot of great work. Surprisingly, there wasn’t a lot of ‘not great’ work either.

By 2012 there were more people talking about ICS security, more ICS security events, more standards groups, even more ICS security vendors. It was in the 2012 – 2016 time period where we had to think hard about S4’s Why. Keeping it to advanced content, as opposed to an event that include SCADASEC 101 to draw a broader and larger audience, was an easy decision. The people that were going to Create The Future would not come to S4, or bring their best work to S4, if it was an event that catered to newcomers and those early in the ICS cybersecurity maturity. Of course, everyone is welcome; it’s just not designed for everyone.

The other thing that changed and solidified the Why in 2012 – 2016 was emphasis on bold and innovative thinking and action. And an environment at S4 that promotes creativity and new thoughts. We know that the overall OT / ICS community is conservative and slow moving. We want S4 to be the place where bold or even crazy ideas could be introduced and not immediately rejected. The ideas could be nurtured and expand to other events, initiatives, new companies, and probably most importantly new relationships.

Since we moved down to Miami Beach, S4’s Why has come into focus and you should, if we are good stewards of this, see it in the presentations, the venues, the social events, the giveaways, the food, literally every aspect of the event.

Decisions / Hits / Misses

We have had our share of stumbles at S4. We tried S4xEurope and S4xJapan, and while the content was strong, we couldn’t sustain it from either a time or business perspective. We tried splitting S4 into an OT-Day, and ICSage (cyberwarfare) day. We tried advanced training classes. The classes always sold out, but as first run, experimental classes they were hit or miss in quality. And we tried the ICS Detection Challenge, that didn’t meet our goals.

Right now we are trying the OnRamp 101-level and Highway 201-level live and online courses as ways to accelerate community growth and not detract from S4, and we will see if those succeed. We moved away from the popular S4 ICS CTF to Pwn2Own for S4x20. We are putting up a tent outside the venue, not only to serve lunch, but also to provide a place where attendees can relax and talk. S4 should change and some of those changes will fail and be discarded. We can’t expect bold and innovative thinking from attendees if S4 is safe and static.

With S4 moving down to Miami Beach in 2016, with 3-stages and a growing number of attendees, sponsor money became available and sponsor-related decisions cropped up. For example, there was S4x18 Sponsor who was a bit unhappy, and was leaning towards not sponsoring S4x19. They wanted things that were common at other conferences (speaking spot on the main stage, email addresses for all attendees, traditional exhibit floor open throughout the event), and they said, in a bit of candor, “you (S4) have to decide if this an event for attendees or an event for sponsors”. The answer was easy, it’s an event for attendees. We appreciate the sponsors, help them maximize their ROI for S4 when we can, and look for ways for sponsors to improve the attendee experience. However, in the end if we are true to S4’s Why, the sponsor related decisions are easy.


If you’ve read down to the end, I’ll reward you with some news. S4x22 is Jan 25 – 27 again in Miami South Beach. I’m amazed at how S4 planning now starts more than a year before the event. We have already contracted the Fillmore Miami Beach / Jackie Gleason Theater for the Main Stage. We have now have contracted for a very large Stage 2, and a large amount of additional space that comes with that.

The large Stage 2, over 3 times the size of Stage 2, is a clear win and overdue. The challenge will be what do we do with the additional space we have available, if anything. So we will be watching S4x20 this year to see how we can better help unlock the creativity in the talent that attends S4 and move that talent to action.