One of the more common questions I get is where can I network and grow my knowledge within my community. If you’re not thinking about your network, you should. As I’ve been recording the Building a Life and Career in Security Podcast, one of the most common themes is having a strong network — and in fact many people say a strong local network.
I had hoped to write a long list of places to get engaged. And locally in your city, there probably is. As far as national and international resources, there are only a few common organizations that everyone can get engaged in.
The Open Web Application Security Project (OWASP) is an organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
OWASP goes first because I’m biased. I run the local Chicago Suburbs chapter of OWASP and I think it’s a great resource to learn and network locally. (Stop by every other 3rd Wednesday.) OWASP is a unique organization in that both security professionals and developers are engaged in the community.
While they are known for the OWASP Top 10, the knowledge and projects go much deeper. And as a result the presentations and local OWASP chapters can be fantastic. (Warning: They can also be awful, but no worse than anywhere else you’ve been.)
ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide. The COBIT framework and the CISA, CISM, CGEIT and CRISC certifications are ISACA brands respected and used by these professionals for the benefit of their enterprises.
I was all ready to spell out ISACA but apparently they go by acronym only now. Historically ISACA was dominated by auditors with a security slant. Now, with the addition of more broad certifications, the group is focused on the intersection of risk, security, and audit.
ISACA also has great presentations and in most cities has a pretty robust group to govern the chapter.
The primary goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity, and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved. Members include practitioners at all levels of the security field in a broad range of industries.
ISSA is the sleeper of the bunch. In Chicago, they consistently have meetings each month with pretty high quality speakers but they advertise less so (in my opinion) don’t do as good of a job getting the word out. Needless to say, worth checking out.
Head over to meetup.com and see what is local to you. Many cities have great local meet-up groups you can join and connect at. I’ve attended many meet-ups through meetup.com.
In each city, there are local conferences put on by the community. In Chicago, we have Thotcon. In Minneapolis, they have Secure360 (probably one of the best regional conferences I’ve seen). Nationally, B-Sides is a community-driven group organizing regional conferences. B-Sides is a great place to get involved in locally as well.
What Am I Missing?
I’ll keep adding in resources of groups you can get engaged in to this post. Send me an e-mail at [email protected]. Please make sure they are national or global groups that have local conferences or meet-ups you can attend. I’ll update this post as they come in.