Community Service: How to Give BackNow is Ideal Time for Pros to Raise Awareness
"There are a lot of organizations out there today that facilitate giving back," says Waddell, who also serves on the Advisory Board of the Americas for (ISC)2. Those organizations include the National Cybersecurity Alliance, StaySafeOnline.org and the Department of Homeland Security's National Cyber Security Month, all of which aim at teaching the importance of being safe on the Internet, safe Internet practices and being on the lookout for identity theft, cyber-bullying and hacking.
Infosec professionals must start now in giving back to their community to bolster these efforts. "Ask around your workplace," Waddell says in an interview with Information Security Media Group's Tom Field [transcript below]. "A lot of the big companies out there already have some very robust and mature community outreach programs that already have a list of activities that you can sign up for."
Other avenues to explore include working with (ISC)2 and the Information Systems Security Association [ISSA], which include social responsibility and volunteer activities for members on their websites.
Lastly, infosec professionals who are parents should start talking with other parents and teachers. "I've made great progress doing that ... to really see what the need is in the schools and what the kids are dealing with today," Waddell says. "If you're really passionate about giving back to the students, that's a great way to get involved."
In an interview about the importance of giving back to the community, Waddell discusses:
- Ways that information security pros can give back;
- Benefits - and potential traps - for the individuals and organizations; and
- How to get started.
Waddell serves as director of the Information Security and Privacy practice for Tantus Technologies, an information technology and management consulting firm in Washington. Prior to this, he was a senior manager in the Audit & Enterprise Risk Services of Deloitte & Touche, LLP. He has over 18 years of experience in information technology and security, solving cybersecurity-related problems for clients such as several branches of the U.S. armed forces, the Federal Aviation Administration, the Internal Revenue Service, the Transportation Security Administration, the Department of State and the Social Security Administration. Waddell also serves on the Advisory Board of the Americas for (ISC)2.
TOM FIELD: To start out, why don't you tell us a little bit about yourself and your own experience please?
DAN WADDELL: I've been in the information security field, the IT field, for about 18 years in the greater Washington area. I recently joined Tantus Technologies after spending several years at the big-four level, helping our federal government clients protect their data and implement some cybersecurity-related initiatives. I'm also a member of (ISC)2, the certification body for information security professionals, and am actively involved in that organization in helping to promote cybersecurity awareness.
Giving Back to the Community
FIELD: Let's tackle this question up-front. Why is it so important today for information security professionals to give back to their communities?
WADDELL: First and foremost, I think it's a social or a civic responsibility that really drives the importance. The importance of civic responsibility is absolutely paramount to the success of our way of life. If you think about the organizations in our past that are part of our fabric, the American Red Cross, Peace Corps, Habitat for Humanity, Big Brothers Big Sisters, those types of organizations promote social and civic responsibility. Aside from being an information security professional, I think it's important for everyone to give back. But for information security professionals right now I think there's a definite need to help educate citizens at all walks of life, from our youth ... to the parents and the teachers, all the way up to our senior citizens, to help teach them the importance of being safe on the Internet, safe Internet practices and being on the lookout for threats such as identity theft, cyber-bullying and hacking.
FIELD: I know you're closest in particular to the ways people are giving back to the communities. What are some of the ways that information security professionals can give back?
WADDELL: There are a lot of organizations out there today that facilitate giving back. A couple that are up-front right now in the minds of information security professionals are the National Cybersecurity Alliance; StaySafeOnline.org, which has been around for about ten years now; some of your readers and listeners may be familiar with Cybersecurity Awareness Month, which was just in October. That's a multifaceted effort to disseminate security messages and information. That's been around for several years, and I think last year they reached about 175 million people through media and other activities.
Then, obviously, the information security professionals are typically members of organizations such as Information Systems Security Association, or ISSA, and also the (ISC)2 organization, which again helps to certify our professionals. The (ISC)2 organization recently created a foundation which is devoted to making the cyber world a safer place, and one of the initiatives of this foundation is called Safe and Secure Online. This is basically a program which allows information security professionals to give back to the community, to actually visit schools and talk to kids about the importance of some of the threats that I mentioned, such as identity theft and cyber-bullying.
Benefits for Infosec Professionals
FIELD: Well easily there's a compelling case for why the professional should do this and the benefit the audience is going to receive. Talk a little bit about the benefits the professionals receive from this outreach and their organizations as well.
WADDELL: Typically, participating in these types of volunteer efforts will get you CPE [continuing professional education] credits, so that's a big plus because I'm always on the lookout to help maintain our certifications through CPEs. The positive feedback you get from the teachers and the parents of the kids is worth a hundred times more, and obviously if you are doing that work in cooperation with your company, it obviously gives them some really good public relations-type of push. For example, one of the videos that we show to students as part of the (ISC)2 Safe and Secure Online program involves cyber-bullying, which is obviously an important topic these days. It's a very moving video which walks the audience through the daily struggles of a student who is being cyber-bullied. When the video is done ... you can hear a pin drop in the room, and you know how difficult that is to do with fifty kids in a room.
WADDELL: But afterwards, I'll start asking questions and it's like the floodgates open up. Kids will speak up and say, "I've seen that happen to a friend; it really hit home." Then you've raised awareness and helped create an environment where kids can speak freely about what was once a very hush, hush topic, and walking out of the school you feel like you are on top of the world.
Giving Too Much Back?
FIELD: That's excellent. Now, an odd question to ask maybe, are there hidden traps that you have to look for? In other words, can you give too much back? Can you give it back in the wrong places? What do you have to watch out for?
WADDELL: Absolutely. The number-one tip I give to folks that come up to me and express interest in getting involved is don't overextend yourself. I've seen folks that are really passionate about giving back, but they make the mistake of signing up for every event they see. If you are a relatively new volunteer, start slow. Do some research on what you're passionate about, make sure you've got the time and the energy to devote to it and pick one cause and then just start doing some information gathering and get involved slowly. Then once you find that topic, you'll see that passion come through and you can really, really make an impact.
How to Get Started
FIELD: That's great advice and it leads to a final question I have for you. What advice would you offer just to get started? Let's say we're reaching information security professionals at their workplace. This is something they want to take to their own organizations, to their communities; they want to go forward. How should they start?
WADDELL: Again, I would say ask around your workplace. A lot of companies today have a community outreach program. I'm fortunate enough to work for a company that just created a community outreach program, even though we're a small business. Tantus Technologies just created it a couple of months ago and we're actually aligning some of the cybersecurity initiatives underneath our program. We thought it was important to give back this way, and I know there are other companies out there that feel the same way. Of course a lot of the big companies out there already have some very robust and mature community outreach programs that already have a list of activities that you can sign up for. I would start there.
But obviously there are a couple of other avenues that you can explore as well. As I mentioned, if you're a member of ISSA or (ISC)2, for example, go to the website and poke around. Go to the chapter meetings. Ask around and talk to some other people in your network. Typically on these websites there's a link to another page that contains information about social responsibility or volunteer activities, and it actually gives you some good steps or a checklist on how to get involved.
Finally, if you're a parent like me, start talking with other parents or your child's teacher. I've made great progress doing that, just at the bus stop talking to other parents, to really see what the need is in the schools and what the kids are dealing with today. If you're really passionate about giving back to the students, that's a great way to get involved.