Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Shoulders of InfoSec: A Way to Give Back to the Cybersecurity Community

Infosec community groups such as Security BSides and Shoulders of InfoSec have provided me with knowledge-sharing opportunities throughout my career. Here’s how you can get involved.

I'm a displaced mechanic who landed in automotive management where I had to learn to work with computers and soon took over computer operations and administration. If you did systems and network administration in the 1990s, then you probably learned about security whether you wanted to or not. I liked it and gradually shifted my focus to security. As I was effectively thrown into the tech industry, I needed to learn quickly. I discovered local user groups and learned much from them, when I had something to share I shared it — so began my long involvement in community engagement.

I had known Ron Gula, Tenable’s former chief executive officer, and Jack Huffard, the former chief operating officer, for several years and in the early 2000s we made a few attempts at finding a place for me at Tenable. Eventually, Ron asked me if I would be interested in being Tenable's first product manager and the timing was right, so I joined Tenable in 2011 as the first person to hold the title "product manager." My role at Tenable has evolved continuously since then.


Jack Daniel speaking at a local Security BSides event.

In 2009, many in the hacker and security communities had come together on Twitter and people started discussing the talks that had been turned down at the bigger conferences. A few of us looked and saw some interesting ideas so we decided to make a place for people to share their presentations and discussions. Although there had been some discussions on how to make conferences better, we didn't intend to create a series. And we certainly never expected to launch a global movement. Through the years, many people worked on administration and the organization of Security BSides globally, but (thanks in large part to my great employers, Astaro and then Tenable) I have been the only person to stay continuously engaged with shepherding the BSides movement since the very beginning. 

Today, I handle all of the wiki, calendar and map updates and administration for BSides. I answer most of the incoming queries to BSides global. I lead conversations with all prospective new organizers to review rules and expectations, and I answer their questions while I mentor and coach event organizers. I assist with conflict resolution, on the rare occasions when that is needed, and I preconfigure and deliver the firewalls and wireless networks for some of the largest BSides events. For formal roles, I am on the board of directors for three BSides 501(c)(3) organizationss, on the advisory board for another and have also just become deputy treasurer for the Diana Initiative

Standing on the Shoulders of InfoSec Giants

In addition to my volunteer work with Security Bsides, I was asked to speak at DerbyCon in 2014 and decided to do a talk on some of the historical figures in the field of information security. As I researched the topic, I realized that although there were some good resources, there was a need for more. With the help of friends I developed a list of historical figures, selected a few to include in the presentation and put them all into a wiki. In the past five years, with some help from a few others, the wiki has grown to include almost 250 names and I have given several presentations on the Shoulders of InfoSec. The wiki has since grown to include antivirus and web appsec pioneers as well as some significant figures in hacker culture.

The Shoulders of InfoSec name comes from the quote attributed to Sir Isaac Newton, "If I have seen further it is by standing on the shoulders of giants." I have tried to focus on those who have provided shoulders to others, rather than just the "giants," thus the name Shoulders of InfoSec.

The Shoulders of InfoSec and Security BSides are just two examples of the many cybersecurity communities you can join. Participating in such groups provides opportunities to share knowledge and connect with others who share your passion for all things related to InfoSec.

The easiest way to get involved with Security BSides is to attend a local BSides event and see what they are about. BSides are not traditional commercial conferences. They are volunteer run. They are about sharing ideas, sparking conversations and building community. BSides are also great for recruiting and career development.

Check out the global BSides wiki at securitybsides.com to see a list of upcoming events. There are well over 100 events a year all around the world.

How to get involved in the security community

My advice for those looking to get more involved in the security community: Jump in! 

Start by attending community-centric events. BSides are great, but there are other events which focus on community, too. 

Once you engage, you will probably see places where you can help. When you spot one, offer to do so — many volunteer roles do not require previous experience, so don’t let that deter you. 

The best career advice I can give is what they told me in elementary school math: "show your work." Your GitHub repo, YouTube channel, blog, whatever it may be, is a place to show off what you've done and what you are interested in.

Learn more:

  • To get involved with Shoulders of Infosec, check out the wiki and send me suggestions, additions, or corrections — or ask to join the wiki and add/edit yourself. Or, of course, just reach out to me directly.
  • Kathleen Smith has written about the value of community engagement and cybersecurity careers, here's one of her posts here.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training