Survival in a domain that is poorly understood and moves at breakneck speed demands a capacity to learn as much as possible from others who share your challenges. People in cybersecurity, who perhaps understand this better than most, have helped me appreciate the value of their community to their survival from the outset of my time in this field.
One of my first tasks, back in 2003, was to pull together a local evening in Leeds for a group of (ISC)2 members. The UK North CISSP group as they were then called secured sponsorship and a pub meeting room from a local brewery. The pub had an underground entrance and proved difficult to find. As I wandered the streets, I bumped into one or two others that were as lost as I was. One had travelled 80 miles from Liverpool to join us. Thankfully, we found the pub, where we ran into about 40 others, at least half of which had travelled from outside Leeds. This was the first time, they said, that they had been presented with an opportunity to find and compare experiences with others who might understand what they were facing. That group quickly outgrew the pub’s meeting room and I am still in touch with quite a few of those I met that evening.
Much has changed since 2003, including many of the challenges discussed, and how well we can stay in touch. Social media and community tools in particular have supplemented the face-to-face opportunities, allowing relationships to strengthen and communities to extend beyond local boundaries. This provides a phenomenal capacity for a diversity of interest to contribute knowledge and shape opinions, giving grassroots forces a voice that wouldn’t otherwise be heard.
I have had opportunity to lead many projects, drawn from a breadth of cybersecurity community input that crossed international jurisdictions, industries and areas of specialisation. Their impact ensured security was reflected in Europe’s eCompetence Framework (ECF); and in UK undergraduate computing science degrees affecting 20,000 graduates per year. Another pan-European group of professionals hailing financial services, online retail, marine, manufacturing and more documented and shared their lessons learned throughout the implementation period of Europe’s new General Data Protection Regulation.
Most recently, as an active IAAC volunteer, I have been supporting the Alliance for Cybersecurity, a collaboration of organisations that represent the lion’s share of people with an interest in the practice. They came together to ensure the UK government intent to professionalise cybersecurity accommodated the breadth of the practice. This group’s work to influence public policy and consultation for over two years led to its recent appointment to establish a UK Council for Cybersecurity.
Often people who sit within a community of interest are criticised for creating an echo chamber for the curation of like-minded opinion. This is an accusation that has grown with the advent of social media and algorithms that identify people with similar interests. Just the other day, I heard a media pundit on BBC Radio suggest that social media would even bring about the death of the local marketplace as the centre of community because people today can stick to interacting with those that agree with them online. I’m not so sure we need to worry about this. In my experience with community, both on and offline, people come together bound by what they have in common, and then grow and develop on the strength of their differences.
I have never been a practicing security professional but after many years of writing about the front-line experience of those that are, I have developed a unique perspective that is reflected in my commitment to drive professional understanding. Cybersecurity is a domain that is a little better understood today, but remains immature, and continues to move at breakneck speed. It ensures a constant stream of issues and projects to explore, perspectives to discover.
I am proud to be part of the cybersecurity community and to be community minded. It hasn’t yet had the chance to narrow my thinking. It has rather got me on the Security Serious shortlist for their Unsung Hero Awards. How cool is that!