I'm a displaced mechanic who landed in automotive management where I had to learn to work with computers and soon took over computer operations and administration. If you did systems and network administration in the 90’s, then you probably learned about security whether you wanted to or not. I liked it and gradually shifted my focus to security. As I was thrown into the tech industry, I discovered local user groups and learned much from them, when I had something to share I shared it- that started my long involvement in community engagement.
I have known Ron Gula, former Chief Executive Officer, and Jack Huffard, former Chief Operating Officer, for several years and we had made a few attempts at finding a place for me at Tenable. Ron asked me if I would be interested in being Tenable's first product manager and the timing was right, so I joined Tenable as the first person to hold the title "Product Manager." My role has evolved continuously since then.
In 2009, many in the hacker and security communities had come together on Twitter and people started discussing the talks that were turned down at the bigger conferences. A few of us looked and saw some interesting ideas so we made a place for people to share their presentations and discussions. Although there had been some discussions on how to make conferences better, we didn't intend to create a series, and certainly never expected to launch a global movement. Through the years, many people worked on administration and the organization of Security BSides globally, but (thanks in large part to my great employers, Astaro and then Tenable) I have been the only person to stay continuously engaged with shepherding the BSides movement since the very beginning.
Today, I handle all of the wiki, calendar, and map updates and administration. I answer most of the incoming queries to BSides global, I lead conversations with all prospective new organizers to review rules and expectations, plus answering their questions while I mentor and coach event organizers. I assist with conflict resolution on the rare occasions when that is needed and I preconfigure and deliver the firewalls and wireless networks for some of the largest BSides events. For formal roles, I am on the board of directors for three BSides 501(c)(3) orgs, on the advisory board for another, and have also just become deputy treasurer for the Diana Initiative.
In addition to my volunteer work with Security Bsides, I was asked to speak at DerbyCon in 2014 and decided to do a talk on some of the historical figures in the field of information security. As I researched the topic, I realized that although there were some good resources, there was a need for more. With the help of friends I developed a list of historical figures and selected a few for the presentation, but put them all into a wiki. In the past five years, with some help from a few others, the wiki has grown to include almost 250 names and I have given several presentations on the Shoulder of InfoSec. The wiki has grown to include antivirus and web appsec pioneers, and also some significant figures in hacker culture.
The Shoulder of InfoSec name comes from the quote attributed to Sir Isaac Newton, "If I have seen further it is by standing on the shoulders of giants." I have tried to focus on those who have provided shoulders to others, rather than just the "giants," thus the name Shoulders of InfoSec.
“The easiest way to get involved with Security BSides is to attend a local BSides event and see what they are about. BSides are not traditional commercial conferences, they are volunteer run, they are about sharing ideas, sparking conversations, and building community. BSides are also great for recruiting and career development.”
Check out the global BSides wiki at securitybsides.com to see a list of upcoming events. There are well over 100 events a year all around the world, so there should be one nearby for most people at Tenable and outside of our company.
My advice for those looking to get more involved in the security community: Jump in! Start by attending community-centric events. BSides are great, but there are other events which focus on community, too. Once you engage, you will probably see places where you can help, offer to do so- many roles do not require previous experience, so don’t let that deter you. The best career advice I can give is what they told me in elementary school math: "show your work." Your GitHub repo, YouTube channel, blog, whatever it is, is a place to show off what you've done and are interested in.
Written By: Jack Daniel
- To get involved with Shoulders of Infosec, check out the wiki and send me suggestions, additions, or corrections - or ask to join the wiki and add/edit yourself. Or, of course, just reach out to me directly.
- Kathleen Smith has written about the value of community engagement and cybersecurity careers, here's one of her posts here.