All About Peerlyst, a Thriving Online Platform for Cybersecurity Professionals

I am very proud to contribute to both Tripwire’s the State of Security and to be a regular Peerlyst poster. Peerlyst is a very important online platform for cybersecurity professionals. It’s my pleasure to speak with Limor Elbaz, Peerlyst’s CEO and founder. She shared with me some excellent insight about what inspired her to start Peerlyst and what makes the platform stand out from the crowd. Kim Crawley: What inspired you to establish Peerlyst? Limor Elbaz: My entire career was in security, from the Israeli army through starting Sansa Security, which delivered a crypto engine that is now embedded on every iPhone and Samsung phone, through starting the virus lab at Finjan and creating new products in alliances with companies like McAfee and Trend Micro. In my last gig, I was VP of corp dev at Imperva/Incapsula. In all these roles, I've watched the challenge of security professionals learning, sharing knowledge, consulting with peers and the inherent conflict between security professionals and vendors. Security products are vital for the work of protecting an organization, yet most of the threat education comes from companies making those products or companies paid by them. I wanted to create a place where security professionals (and later, more IT people) will be able to share knowledge, educate and get educated, do a better job, and of course advance their career. Along the way, we learnt that we can help vendors too by giving them a focused stage for education while keeping the quality high and not harming the users’ experience. We're also learning that we can help recruiters fill security jobs without spending hours on interviewing irrelevant candidates. KC: What's the story of Peerlyst? LE: We started by building a comprehensive algorithm to detect product names and the security taxonomy (security tags). We launched a prototype at the end of 2014 at Black Hat in Vegas, making a call to users to come and discuss products by writing reviews. Very quickly, dozens of users asked us to blog on Peerlyst's behalf, and we realized that security professionals want to talk not only about products but also about many security topics. The format became less rigid, and users started to create blogs and discussions, resources and even tools. In March 2016, we launched a comprehensive new site, using a new stack (Meteor.JS, MongoDB, React.JS). Users now have rich profiles, reputation building, the ability to follow anything (companies, products, people, tags), and sophisticated feeds of content. Peerlyst now hosts an enormous amount of how-to’s that were co-created by the community, training, panels, meetups around the world and a comprehensive security calendar, all maintained by the community. A typical user would follow topics of interest, people, companies and products, and they would get a very personalized feed of content generated by the community as well as several external news. Users get invited to posts related to their expertise and interests as well as to relevant jobs. This makes more than half a million of security professionals come to Peerlyst regularly, with a high engagement rate, long sessions and a healthy dynamic of crowdsourcing content. Users on Peerlyst are now creating thousands of security wikis. They even created ebooks that are a collaborative effort of up to a dozen users each, and they are being offered on Peerlyst, as well as Amazon (The Beginner’s Guide to Information Security, Essentials of Cybersecurity, Essentials of Enterprise Network Security, The complete WarBerryPi  and more). Next, we created Secure Drop, which is a system based on Freedom of the Press where users on Peerlyst can drop information completely anonymously, and we’re one of the first organizations to expose the 200 million breached Equifax records. This initiative evolved into nosecrets.peerlyst.com, where all this breach data is hosted in one database and users can look for records containing their data, and act on it. KC: How does Peerlyst benefit the cybersecurity community? LE: We're addressing a few problems that block security professionals from doing their job and advancing their career:

1. Inefficient knowledge flow. Vendors and analysts are good at creating educational content because they have research teams, yet not every organization can afford a subscription with an analyst firm.
2. Formal security education and certifications are quite expensive. Peerlyst offers free peer-based training, as well as an extensive mentoring program.
3. Security people don't get to talk to their peers often enough. Physical events, like conferences and round tables, are not enough.

Peerlyst eliminates the barriers of information flow, enabling anyone to learn and advance their career, by accessing thousands of crowd-sourced resources, connecting with the top experts without barriers and discovering the latest trends without checking dozens of resources. Peerlyst also gives everyone an opportunity to demonstrate their own expertise in their own way and at their own pace. Thus advancing everyone's reputation and career. KC: What types of posts are really well received? LE: The best posts on Peerlyst are resources, which are posts that teach a skill or guide others. For example, how to perform a security task, how to acquire a specific cybersecurity role, or how to get a certification or skill. Peerlyst often creates a placeholder post, and the community builds it out. Check out this for example, a resource that was used over 50,000 times: How To Build And Run A SOC for Incident Response - A Collection Of Resources. KC: How can companies benefit from partnering with Peerlyst? LE: We partner with several types of companies:

1. We syndicate content to external magazines that give our authors the credit and link.
2. We partner with excellent writers to create awesome content for the community.
3. Vendors can partner with Peerlyst by becoming members of our vendor community. A vendor membership sponsors the site but also allows the vendor to create a listing for the product and promote content to users in a way that is based on actual interests. (Vendors cannot buy impressions on Peerlyst. Content is distributed based on interest only to make sure that the user experience is intact.)

We welcome more ideas, wishes and feedback. Peerlyst was truly made by the community in most aspects. We are only the facilitators.  

Image

About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.