During one of my more lucid moments, I was reflecting on how, as security professionals, our security knowledge should not be confined solely to our place of business. We have a civic duty to the general populace to ensure that security awareness issues are front and centre. It would be insidious of us to sit back and rely on – gulp! – mainstream media to convey factual security information and content. If you’re like many security pros and shun human contact the same way the Kardashians shun integrity, then you’re probably not too keen on getting out in the community. So how can you start?

  1. Reach out to your local library – libraries will often put on various meetings that community members attend. Libraries are often dying to get great presenters and content so they’ll likely jump at the chance to bump the basket weaving class.
  2. Reach out to local YMCA and seniors groups – I had the chance to give a security talk to a seniors group and I must say it was one of my better experiences. Seniors do use modern technology and unlike many youngsters, want to make sure they use the technology in a safe and secure manner.
  3. Make it fun – if you lead a sad and miserable existence like I do you probably like to poke fun at celebrities and/or government officials. When people laugh during your talk they’re more likely to remember what you were talking about.
  4. Reach out to local schools – start at the grassroots.  
  5. Connect with local business improvement associations – many SMBs are unable to afford a dedicated IT security team yet the information risks their companies face remain unmitigated. Practical and quick tips on how SMBs can effectively reduce the biggest risks will be well received.  

The key is to make your talks informative yet entertaining and connect with your audience. If you speak about security in the same aloof manner that former Secretary of Defence Robert McNamara delivered the five o’clock follies during the Vietnam War, then your speaking days will be short lived. Instead of droning on and on and lecturing your audience on what not to do, try demonstrating a live hack (no shortage of these videos on YouTube) or show how their Facebook information could be used against them. These videos from SafeInternetBanking, while not in English, are an incredibly powerful way of showing online dangers (one of the best things to come out of Belgium since Tintin).

The most important message you can convey is that people need to be aware that there are direct real-world consequences from the actions they take in the virtual world. I’d like to make the argument that going out in your community is an investment you need to make that delivers value on four different fronts: personal, professional, community, and business. The benefits are numerous:

  1. You grow more confident as a speaker and communicator. This is one of the most critical business skills you can develop. You will no longer be nervous when discussing security matters with your executive management.
  2. Great way to grow your professional contact list. Make a good impression on someone in the audience and you may suddenly find that you are a hot commodity.
  3. Become more in-tuned with your community. It’s good to give back to the area that has given you so much.
  4. Demonstrates tangible business value. Do your security talks well and you’ll be winning new customers for your business. Who said security cannot create revenue?

I strongly encourage all security pros, regardless of age, to go out into their community and spread the security word. You, society, and your business will be better off as a result.