Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Shoulders of InfoSec: A Way to Give Back to the Cybersecurity Community

Infosec community groups such as Security BSides and Shoulders of InfoSec have provided me with knowledge-sharing opportunities throughout my career. Here’s how you can get involved.

I'm a displaced mechanic who landed in automotive management where I had to learn to work with computers and soon took over computer operations and administration. If you did systems and network administration in the 1990s, then you probably learned about security whether you wanted to or not. I liked it and gradually shifted my focus to security. As I was effectively thrown into the tech industry, I needed to learn quickly. I discovered local user groups and learned much from them, when I had something to share I shared it — so began my long involvement in community engagement.

I had known Ron Gula, Tenable’s former chief executive officer, and Jack Huffard, the former chief operating officer, for several years and in the early 2000s we made a few attempts at finding a place for me at Tenable. Eventually, Ron asked me if I would be interested in being Tenable's first product manager and the timing was right, so I joined Tenable in 2011 as the first person to hold the title "product manager." My role at Tenable has evolved continuously since then.


Jack Daniel speaking at a local Security BSides event.

In 2009, many in the hacker and security communities had come together on Twitter and people started discussing the talks that had been turned down at the bigger conferences. A few of us looked and saw some interesting ideas so we decided to make a place for people to share their presentations and discussions. Although there had been some discussions on how to make conferences better, we didn't intend to create a series. And we certainly never expected to launch a global movement. Through the years, many people worked on administration and the organization of Security BSides globally, but (thanks in large part to my great employers, Astaro and then Tenable) I have been the only person to stay continuously engaged with shepherding the BSides movement since the very beginning. 

Today, I handle all of the wiki, calendar and map updates and administration for BSides. I answer most of the incoming queries to BSides global. I lead conversations with all prospective new organizers to review rules and expectations, and I answer their questions while I mentor and coach event organizers. I assist with conflict resolution, on the rare occasions when that is needed, and I preconfigure and deliver the firewalls and wireless networks for some of the largest BSides events. For formal roles, I am on the board of directors for three BSides 501(c)(3) organizationss, on the advisory board for another and have also just become deputy treasurer for the Diana Initiative

Standing on the Shoulders of InfoSec Giants

In addition to my volunteer work with Security Bsides, I was asked to speak at DerbyCon in 2014 and decided to do a talk on some of the historical figures in the field of information security. As I researched the topic, I realized that although there were some good resources, there was a need for more. With the help of friends I developed a list of historical figures, selected a few to include in the presentation and put them all into a wiki. In the past five years, with some help from a few others, the wiki has grown to include almost 250 names and I have given several presentations on the Shoulders of InfoSec. The wiki has since grown to include antivirus and web appsec pioneers as well as some significant figures in hacker culture.

The Shoulders of InfoSec name comes from the quote attributed to Sir Isaac Newton, "If I have seen further it is by standing on the shoulders of giants." I have tried to focus on those who have provided shoulders to others, rather than just the "giants," thus the name Shoulders of InfoSec.

The Shoulders of InfoSec and Security BSides are just two examples of the many cybersecurity communities you can join. Participating in such groups provides opportunities to share knowledge and connect with others who share your passion for all things related to InfoSec.

The easiest way to get involved with Security BSides is to attend a local BSides event and see what they are about. BSides are not traditional commercial conferences. They are volunteer run. They are about sharing ideas, sparking conversations and building community. BSides are also great for recruiting and career development.

Check out the global BSides wiki at securitybsides.com to see a list of upcoming events. There are well over 100 events a year all around the world.

How to get involved in the security community

My advice for those looking to get more involved in the security community: Jump in! 

Start by attending community-centric events. BSides are great, but there are other events which focus on community, too. 

Once you engage, you will probably see places where you can help. When you spot one, offer to do so — many volunteer roles do not require previous experience, so don’t let that deter you. 

The best career advice I can give is what they told me in elementary school math: "show your work." Your GitHub repo, YouTube channel, blog, whatever it may be, is a place to show off what you've done and what you are interested in.

Learn more:

  • To get involved with Shoulders of Infosec, check out the wiki and send me suggestions, additions, or corrections — or ask to join the wiki and add/edit yourself. Or, of course, just reach out to me directly.
  • Kathleen Smith has written about the value of community engagement and cybersecurity careers, here's one of her posts here.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.