Before RSA expanded to take up the entire Moscone, before Blackhat grew to amazing proportions, before even Defcon became a big time event, there were local meetups to talk about security. Often looked at as a gathering of mistfit ‘hacker’ types, these gatherings many moons ago were all about sharing knowledge about vulnerabilities, techniques, new tech, and more. And as often as the group met in person, there were the listserv groups that allowed them to all keep in touch and continue to grow a community. Security, no matter how much marketing buzz is created, is still all about the community.
It’s simple when you break it down into psychology. People create communities based on two primary factors:
- A common location or regional area;
- A common interest;
In the case of infosec it was often both of these elements working in congruence to generate a strong community base. This is how events like DerbyCon get their shape (it’s top of mind since it just happened last week). A cool group of people in Louisville get together to talk about security and help each other, some sponsors help to keep the lights on, and a few years later it’s still an awesome gathering of people more akin to a family reunion than a conference. Watching the live DerbyCon feed via YouTube it was obvious how much learning and sharing was happening amongst the people, and it is exactly this concept of community building, or acting locally, that will help us to then transition into thinking globally.
Building Security Communities in Your Own Backyard
Community matters in security, and it is what will help us continue to fight the battles being waged online, but it always starts at home. One example really struck me recently when the Pwnie dev team, many of whom reside in the great state of Vermont, signed back up to sponsor two upcoming Vermont security cons; vtTA (Vermont Technology Alliance) and HackVT, a 24-hour hackathon. Both are great orgs that are focused on continuously building this burgeoning community in their backyards.
When we talk about security companies we often get blinded by enormous funding announcements and valuations, marketing-fed FUD clouding up the environment, or the creation of the rockstar hacker grabbing yet another keynote. But the work, the real work, is being done at the local level, where practice becomes code. Without this mentality there are no big security companies, because most of them started locally, often in a garage (or basement as the Pwnie team did), and often surrounded by friends who weren’t getting together because of dreams of riches years down the road.
Instead, they dreamt of creating a group of people who would create some cool stuff that could help people be more secure throughout the globe. Act locally, think globally.