My next class:
Performing A Cybersecurity Risk AssessmentOnline | US CentralNov 6th - Nov 7th 2024

What are YOU doing to give back to the security community?

Published: 2016-08-20. Last Updated: 2016-08-20 23:33:14 UTC
by Russell Eubanks (Version: 1)
6 comment(s)

Someone has played a large role in helping us become inspired and motivated to develop as an information security practitioner. We certainly did not get where we are today on our own. Without a doubt, I have been fortunate to have learned from skilled security practitioners who have directly shaped my career growth - many may never fully recognize that impact. It remains a priority for me to lean into the direction of helping others grow and develop into the very best security practitioner they can become. A favorite topic of mine is sharing a lesson learned that quite often revolves around "from now I will always" and "never again will I" do that again.
 
We can all benefit from others successes and often times even more by others failures. There is absolutely no need to repeat the lessons already learned by others. By being intentional about growth, we can all improve and get wisdom as cheaply as you can.
 
Several ideas to get you inspired:
  • Ask yourself regularly "Who can I share that lesson with”
  • Establish an informal mentoring program at your $DayJob
  • Serve in the leadership of your local security group such as BSides, ISSA, InfraGard, ECTF, OWASP
  • Volunteer at your next local information security event 
  • Reach outside our information security community
 
What one thing can you commit to do next week to give back? Let us know in the comments area!
 
Russell Eubanks
Keywords: Lessons Learned
6 comment(s)
My next class:
Performing A Cybersecurity Risk AssessmentOnline | US CentralNov 6th - Nov 7th 2024

Comments

I go through and statically analyze many pieces of open source software for potential bugs and write the necessary patches. I just had 11 different tickets for OpenSSL-1.0.2 reviewed and committed for the next release of OpenSSL...
Static analysis of open source software? You certainly earned a hearty sense of gratitude from many. Thanks so much for giving back in that manner.

Russell
Welcome addition to our list of ideas from Ivy via social media - Reach outside our information security community in order to make an impact to other industries.

Russell
I try to do the following, hopefully it helps
- simply share IPs, hashes, etc. on sites like Open Threat Exchange, Virus Total ... so that others can see what you've seen
- also make sure to add meaningful comments/notes when I post things on sites like Open Threat Exchange, Virus Total, etc. so others can understand and have context around why the IoC was posted
- blog about how malicious traffic or scripts work for ones that I understand so that others don't have to re-invent the wheel
- share malicious or suspicious scripts and traffic that I do not understand so at a minimum others can know that it exists and has been seen by others
Teaching at the local school has been one of the most rewarding things I have ever done. Using Rasberry pi's and IOT devices you can really bring out the talent with the kids.
Teaching them about the engineering processes for requirements, analysis and design. Highlighting the different testing strategies and the SDLC, Top 4, OWASP & general auditing tools really gets them excited once they've completed a system. Also how to greenit (re-use old tech) and of course the importance of ethics. Give it a go and share with the next gen.
A great way to give back to the community while gaining experience is by becoming a CyberPatriot mentor. At the center of CyberPatriot is the National Youth Cyber Defense Competition. The competition puts teams of high school and middle school students in the position of newly hired IT professionals tasked with managing the network of a small company. In the rounds of competition, teams are given a set of virtual images that represent operating systems and are tasked with finding cybersecurity vulnerabilities within the images and hardening the system while maintaining critical services. Teams compete for the top placement within their state and region, and the top teams in the nation earn all-expenses paid trips to Baltimore, MD for the National Finals Competition where they can earn national recognition and scholarship money.
There are teams all over the US looking for industry volunteer mentors. I've been one for 6 years and find it very fulfilling to develop next-generation cyber professionals.
See http://www.uscyberpatriot.org/.

Diary Archives