Infosec community groups such as Security BSides and Shoulders of InfoSec have provided me with knowledge-sharing opportunities throughout my career. Here’s how you can get involved.
I'm a displaced mechanic who landed in automotive management where I had to learn to work with computers and soon took over computer operations and administration. If you did systems and network administration in the 1990s, then you probably learned about security whether you wanted to or not. I liked it and gradually shifted my focus to security. As I was effectively thrown into the tech industry, I needed to learn quickly. I discovered local user groups and learned much from them, when I had something to share I shared it — so began my long involvement in community engagement.
I had known Ron Gula, Tenable’s former chief executive officer, and Jack Huffard, the former chief operating officer, for several years and in the early 2000s we made a few attempts at finding a place for me at Tenable. Eventually, Ron asked me if I would be interested in being Tenable's first product manager and the timing was right, so I joined Tenable in 2011 as the first person to hold the title "product manager." My role at Tenable has evolved continuously since then.
Jack Daniel speaking at a local Security BSides event.
In 2009, many in the hacker and security communities had come together on Twitter and people started discussing the talks that had been turned down at the bigger conferences. A few of us looked and saw some interesting ideas so we decided to make a place for people to share their presentations and discussions. Although there had been some discussions on how to make conferences better, we didn't intend to create a series. And we certainly never expected to launch a global movement. Through the years, many people worked on administration and the organization of Security BSides globally, but (thanks in large part to my great employers, Astaro and then Tenable) I have been the only person to stay continuously engaged with shepherding the BSides movement since the very beginning.
Today, I handle all of the wiki, calendar and map updates and administration for BSides. I answer most of the incoming queries to BSides global. I lead conversations with all prospective new organizers to review rules and expectations, and I answer their questions while I mentor and coach event organizers. I assist with conflict resolution, on the rare occasions when that is needed, and I preconfigure and deliver the firewalls and wireless networks for some of the largest BSides events. For formal roles, I am on the board of directors for three BSides 501(c)(3) organizationss, on the advisory board for another and have also just become deputy treasurer for the Diana Initiative.
Standing on the Shoulders of InfoSec Giants
In addition to my volunteer work with Security Bsides, I was asked to speak at DerbyCon in 2014 and decided to do a talk on some of the historical figures in the field of information security. As I researched the topic, I realized that although there were some good resources, there was a need for more. With the help of friends I developed a list of historical figures, selected a few to include in the presentation and put them all into a wiki. In the past five years, with some help from a few others, the wiki has grown to include almost 250 names and I have given several presentations on the Shoulders of InfoSec. The wiki has since grown to include antivirus and web appsec pioneers as well as some significant figures in hacker culture.
The Shoulders of InfoSec name comes from the quote attributed to Sir Isaac Newton, "If I have seen further it is by standing on the shoulders of giants." I have tried to focus on those who have provided shoulders to others, rather than just the "giants," thus the name Shoulders of InfoSec.
The Shoulders of InfoSec and Security BSides are just two examples of the many cybersecurity communities you can join. Participating in such groups provides opportunities to share knowledge and connect with others who share your passion for all things related to InfoSec.
The easiest way to get involved with Security BSides is to attend a local BSides event and see what they are about. BSides are not traditional commercial conferences. They are volunteer run. They are about sharing ideas, sparking conversations and building community. BSides are also great for recruiting and career development.
Check out the global BSides wiki at securitybsides.com to see a list of upcoming events. There are well over 100 events a year all around the world.
How to get involved in the security community
My advice for those looking to get more involved in the security community: Jump in!
Start by attending community-centric events. BSides are great, but there are other events which focus on community, too.
Once you engage, you will probably see places where you can help. When you spot one, offer to do so — many volunteer roles do not require previous experience, so don’t let that deter you.
The best career advice I can give is what they told me in elementary school math: "show your work." Your GitHub repo, YouTube channel, blog, whatever it may be, is a place to show off what you've done and what you are interested in.
- To get involved with Shoulders of Infosec, check out the wiki and send me suggestions, additions, or corrections — or ask to join the wiki and add/edit yourself. Or, of course, just reach out to me directly.
- Kathleen Smith has written about the value of community engagement and cybersecurity careers, here's one of her posts here.