A Guide To Infosec's Volunteer Army
There is an enormous amount of unpaid work being done in the infosec space by volunteers, work that makes a real difference to the community.
There is a huge amount of work being done in the infosec space by unpaid volunteers and we owe it to them to take a moment and have a think about the work they do and why it is important. Am talking about the people who volunteer to help manage conferences, the people who volunteer to help manage communities and the people who volunteer to do the thousand little things that go unnoticed.
This article started with a tweet, we asked you to name those volunteers who made a difference to you in infosec and we were blown away with the response.
We love our volunteers in infosec and it really shows int he outpouring of affection for those who have volunteered and helped others in some way.
When others contribute their time, efforts, emotion and energy to helping others find their way in this space we call infosec, we should applaud them for it. Too often the work of volunteers goes unnoticed, or even worse is monetized without reward.
I know from being involved with the Secjuice project just how valuable the efforts of volunteers are. We are a totally volunteer non-profit group and without our volunteers articles would go unedited and emerging writers would not be mentored.
Without Paul Dannewitz, Miguel Calles, Jamie Collier, Nihad Hassan, Arif Kahn, Andrea Menin, Alessandro Innocenzi & Abartan Dhakal there would be no Secjuice and we would not be able to provide a non-profit platform for you to publish on.
Not forgetting our writers, volunteers every last one of them and all passionate about sharing their knowledge with others so that others may understand their work.
Blessed are those who volunteer their time to write up their research and share it.
The Volunteer Communities
One of my favorite infosec communities is The Many Hats Club and I sometimes think that their volunteers are nothing short of heroic. It is easy to moderate the Secjuice community because we just over 150 members, but when you have several thousand members in the group moderation suddenly becomes a serious business.
This group currently puts out some of the m0st interesting podcasts and stories in our space right now because they focus on community rather than technology.
We all know that the founders BuyDogs and Cybersectu are heroes, but lets not forget the people on the ground who help preserve the idea of community and maintain order. Without volunteers like epicpewpew, Meadow, TheCyberViking, proxyblue, Syrus, ShadowDXS, Toffee, Froot, Ragsec, FaLLeN, TheBeardedCat, Woodookitty and AdwareHunter keeping that clan together there would be no TMHC.
Blessed are those who build and maintain communities which connect individuals.
Another group of unsung hero volunteers are those who work with the most vulnerable people in our community, those with mental health issues. I take my hat off to the volunteers over at Mental Health Hackers, people like Amanda Berlin, Chuck Thalman, Megan Roddie, Susan Peediyakkal, Courtney Allen and Tom Williams. Mental health is an issue many in the infosec space like to ignore and the essential work done by volunteers at various conferences and online is essential to the overall well being of the wider community. Proper recognition, conversation and debate over these issues is essential to the health of the community as a whole.
Blessed are those who build groups which help support our most vulnerable.
The CON Volunteers
Let us not forget the goons, those people who volunteer to work at infosec conferences and help organize and manage the event. If you think it is hard to moderate and manage online communities, just you wait until you are in a room with thousands of hackers in person. Being on the frontline of a conference and acting as the public face of the conference puts volunteers in close contact with some of the most interesting and difficult people on the planet, it can be challenging work.
Conference volunteers are the people who make sure events run smoothly, who make sure participants are comfortable and safe, they are also the first responders if an accident or incident was to occur. Give those people a high five when you see them!
I am talking about people like "the god of infosec volunteers" Cooper, an audio visual hero to the EU conference scene. People like Tim Wilkes and Security Nihilist who run lock picking villages at a lot of cons (thank you Cooper) and Ian Tabor for running the car hacking villages (thank you Brian) in the UK and Carfucar for running them elsewhere. Then there are people like Gyle, Jessie, Mitch, Klepas, Cameron and Jacinda doing fantastic work down under helping to keep children secure (thank you Heidi). Others have the volunteer bug real bad and volunteer for lots of things, people like the DNS Princess (thank you Nicole), Franklin, MZbat, Andy Cooper, Leslie Carhart (more on her below), Dave Kennedy, Lit Moose, Dakacki, the Homeless Hacker, Isac and Unspecific (thank you Brian).
People like Tess Schrodinger for her work at many a BSides, Sofia the founder of BSidesNOVA, Circuit Swan and the DC801 Crew for their work at DEFCON (thank you Tracy), or The Soldier Of Fortran and Pink Tangent for their work at BSides and Blackhat (thank you GadgetSquirrel and Gorzilla). Not forgetting Avi and Matt (thank you Arden), who humbly protested that they only did a 'few' cons.
Shout out to Phyushin for gooning at @44con, @Steel_Con and @BSidesMCR, he also runs a free CTF each month (thank you Jay), shout out to @xme for the network stuff @brucon, the Angels for @ccc and @alistair for toiling on the badge, @Blackhoodie_RE folks and especiallu @barbieauglend, as well as @Steel_Con crew and @tanurai during the 'food issue' (thank you Vicky Jo).
There are just too many volunteers to call out individually, so am going to name as many as I can here, you make sure you give them all a follow on Twitter!
<FOLLOWALL> @AlexGatti, @nightcarnage, @securid, @theglennbarrett, @LenIsham, @someninjamaster, @SciaticNerd, @GrumpyHackers, @CoderDojoSA. @CoryJ1983, @Skiboy941, @livebeef, @buccaneeris, @mjnbrn, @sfzombie13, @kandi3kan3, @ZTC1980, @soc_analyst, @m3l1e, @primestick, @TeaPartyTechie, @dmmeurdebitcard, @pentestfail, @lanrat, @0x31337, @wendyck, @TheSweetKat, @pinguino, @Tr0phyWifeHacks, @FrustratedITGuy, @lintile, @Grifter801, @kandi3kan3, @zoomequipd, @netdogca, @parrywinkle, @WillCaruana, @YesItsKathleen, @Ngree_H0bit, @L4bf0x, @bluknight, @DrFedDC, @HackingDivConf, @jack_daniel, @Zero_ChaosX, @irongeek_adc, @Lickitysplitted, @chaoticflaws, @irishjack, @z0mbi3 for @dc44131, @cybergibbons, @securelyfitz, @fs0c131y, @CyberWarship, @1njection, @CyberFavourite, @Xymbiz, @callmetosyn, @password_ng, @Awwal_Quan, @ace109_, @sukry123, @sambowne and @Fox0x01. </FOLLOWALL>
I was talking to Lacey about all of the work she does at BSides, an awful lot of work and stress, but she absolutely loves it and this is what all of these volunteers above have in common. These people all deeply love their volunteering work.
Blessed are those who volunteer for more than one infosec conference.
The Mentors
In infosec we all like to tell each other to get a mentor, but actually finding a mentor is a lot harder. Very few people give up their time to properly understand what others are going through and help them with their journey, blessed are those that do.
I personally subscribe to the Law Of Three and believe it to be one of life's fundamental pre-requisites to success. One of my mentors explained this to me simply once, "if you want to succeed in life you need a mentor, but you also need to mentor others and keep peers alongside you". In short, always have a mentor, always be mentoring another and always have people on your level in your circle.
I have heard lots of good things about Lesley Carhart, she never seems to stop helping to mentor others, no matter what the subject if she can help she will. I have heard that she helps people with their resumes and mock interviews, helps them with their con talks and preparing for them, she loves volunteering to help people find their way in infosec so much that she has earned 'infosec treasure' status.
You can say the same thing about InfosecSherpa and Nicole Beckwith too, both of them consistently go out of their way to help others find their way through infosec.
I have been hearing good things about the Beer Farmers, I have been told that Mike, John, Ian, Andy and Sean have become notorious for taking lonely hackers under their wing, especially the ones who happen to find themselves in a dark place.
Blessed are those who mentor others, sharing their wisdom and experience.
They also have a charity event planned in support of the Mental Health Hackers and the EFF, a TMHC hosted podcast marathon which will last for 12 hours! I know they have a whole line up of awesome people joining them for that podcast and they have a GoFundMe for the event running so you can help support their efforts.
I know that there are lots of you out there who have not been named here mentoring others and I also know that people contribute in lots of different ways. As a Mac user I really appreciate Patrick Wardle for all of the work he does over at Objective See. Patrick contributes enormously to the security community by providing his software and knowledge for free and there are lots of people like him in the community.
Then you have volunteers like Marcus and Jen, the people who created the awesome Tribe of Hackers book and summit, with all proceeds going to charity. Big projects like these for a cause do so much goodness, people love their book and rightly so.
The Podcasters
Let us not forget Jack Rhysider and the Darknet Diaries too, nobody else out there is volunteering time to spend with the black hats in our space and tell their stories.
Let us not forget the ThugCrowd community and their group of volunteers out there doing brilliant work pushing out fine podcasts, mentoring others and helping their peers understand the cybers. But short of knowing that NotDan, Nux, 0Katz and rqu are involved with the project, not much else is known about this mysterious group except that they regularly raise money for charity and support hackers in a good way.
Blessed are those who volunteer their time to push out podcasts for the rest of us.
If you feel I missed out any group of volunteers, let me know!
Just in case nobody ever told you recently, we really appreciate your efforts and you volunteering your time to help others make their way in infosec. Thank you.
If you liked this article, you should definitely follow me on Twitter!