When I was a software developer, I never joined any dev communities. I didn’t see the point. I also worked evenings as a professional musician and mostly spent time within the music community and sports groups I was a part of. I spent time with my dev friends at work; I didn’t understand why I would want to know devs with whom I didn’t work. I was a senior dev. I had been for almost a decade, and I felt time out of work was “for me” and that doing anything to do with work on “my time” made little sense.
Then I switched to the security field, and everything changed.
Fresh Starts and OWASP
When I tried to join security, I couldn’t figure out where and how to learn the things I needed to succeed, so I joined the local OWASP chapter. OWASP (the Open Web Application Security Project) is an international non-profit dedicated to teaching everyone about application security. They have conferences, local chapters with meetups and online projects. I made a TON of friends (people whom I still talk to all the time) and learned constantly. I figured out that becoming the Chapter leader meant I could help decide which topics we would cover, meaning I could influence the curriculum to be stuff that *I* wanted to learn. I also figured out that almost everyone else wanted to learn the stuff that I wanted to learn! They gave me confidence that I *could* learn, and there was definitely a place for me in infosec. I also did my first-ever security talk at OWASP, and even though I was extremely nervous, all of my community members were absolutely wonderful to me. I also found my second professional mentor through OWASP, and then I was introduced to B-Sides!
BSides Is for Everyone
BSides is a free (well, ‘almost-free’) conference series that started in Las Vegas to welcome all the people who didn’t make it into Black Hat and Def Con conferences. It was for new speakers, new people to the industry and all the people who felt they didn’t ‘fit’ anywhere else. I gave my very first conference talk at BSides Ottawa, and even though my demo failed miserably, everyone was wonderful to me. I spoke at BSides Ottawa three years in a row, and I have spoken at BSides conferences all over the planet. These experiences gave me the confidence to speak in front of large audiences, which then turned into me speaking all over the world.
Joining your professional community, formally or informally, will open doors for you, help to teach you and support you. And if you try at all, it’s likely you will make lots of friends, too! Whenever I needed a job, whenever I had a technical problem I couldn’t solve or needed a friend, the infosec community was there for me.
They can be there for you, too.
Four Growing Communities to be a Part of
Below is a list of four lesser-known communities that I would like to highlight as very friendly, open and positive. They also all have a code of conduct, meaning that someone will get kicked out if they are inappropriate or abusive towards others. The point is to keep everyone in their communities safe. There is a lot to learn, and there are great people to meet in all of them.
- We Hack Purple Community (https://community.wehackpurple.com): Focused on teaching anyone and everyone to create more secure software, this community has premium content feeds on AppSec, DevSecOps, Cloud Security, etc. plus groups for chatting on various topics, a content email drip, online streaming events and more. It is a paid community, while the rest of these communities are all free.
- WoSEC Women of Security (https://www.womenofsecurity.com): Myself and a bunch of other women founded this organization so that we could make more friends who are women. Working with teams of all men for almost my entire career, I wanted a chance to meet other women. We have local chapters on five continents, but we have switched to doing more online activities since the pandemic started in order to be more inclusive of everyone. WoSEC is open to women and non-binary folks, and it applies the widest possible definition of those terms.
- Katie Paxton-Fear’s (https://insiderphd.dev) community, InsiderPHD (http://insiderphd.dev/discord): If you want to learn about Bounty Hunting with a fun and kind bunch of people, this is a great place to start! I’ve met Katie, and I’m a fan. She’s brilliant and is always trying to share knowledge and help people. Plus, only nice people are allowed in!
- WeAreHackerz (https://www.wearehackerz.org): WeAreHackerz (formerly known as WomenHackerz) provides guidance, support, workshops, CTFs, job opportunities, networking and so much more! This group is for people who identify as a person of a marginalized gender including but not limited to non-binary individuals, women (trans and cis), trans men, genderqueer, etc.
Infosec as a Community
No one vendor can defend the world against tomorrow’s digital security threats. Similarly, researchers can’t stay on top of the changing threat landscape on their own. That’s why it’s important for security professionals to join industry communities with one another. Doing so will move their careers forward and benefit their lives, both personally and professionally.
About the Author: Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.
Advisor: Cloud Defense, NeuraLegion, ICTC PAC, WoSEC
Founder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.