Security practitioners solidarity circle

From DevSummit
Jump to navigation Jump to search

Security practitioners solidarity circle

Notes

This was a bit of a free-for-all, collecting questions & issues to be explored in more detail in coming days (hopefully)

Issues raised:

  • Concern about doxxing
  • Changing (and unknown) likelihoods in risk assessments
  • Integrating digital security with operational security (e.g. who are you trusting as a member of your circle??)
  • Our current work/current clients may become illegal in a new administration
  • Shortage of security providers; attendant burnout for those of us trying to meet a too-great need;the need for avoiding burnout
  • Training others: helping our communities better understand security issues
  • Training ourselves: better information for our shared community of practice. Tools; knowledge sharing; changing workflow

There's an environment of increased fear. It goes up the chain from the communities served, to the organizations that serve them, to us who support those organizations. How do we try to manage the work in this time of fear?:

  • It's real. Don't gaslight ourselves.
  • Reference: article by Team Communities ("the glitter people") on mental health for security providers
  • Reference: book Trauma Stewardship
  • Centering the humanity of the tech work we're doing
  • Can't do everything. Work with organizations to focus on the changes that they're ACTUALLY going to do - we'll get to the resteventually.

Need an infrastructure for shared knowledge, skill building and community