Category Archives: Infosec Communicator

  • -

Building a Culture of Digital Self-Defense

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,Lessons Learned,Social Networking Tags : 

Note: This article was previously published on September 20, 2016 in the EDUCAUSE Review Security Matters Blog

One of the biggest challenges in information security is raising the awareness of our communities so that they recognize threats and understand how to defend themselves. The difficulty of that challenge is exacerbated with up to 30 percent turnover of students, faculty, and staff yearly. It’s a multiyear process, but the key is to stick with it and not be afraid to try new ways of raising awareness and enrolling your communities so that they become part of your security team. I’ve provided a list of key components to building that security culture below. I’ve also provided some examples of our work at the Rochester Institute of Technology (RIT).

dsdmagnetnoqrcodeThink Strategically

You can’t change or create a culture overnight, and gains may seem almost imperceptible at times. Recognize that you need to think of security awareness as a key component of your information security strategy. (Yes, you need a security awareness strategic plan.) A strategy enables you to identify long-term goals. Security is often reactive. For example, we might respond to phishing attempts by warning our communities as the attempts occur, rather than employing a phishing simulation program1 so that they’ll recognize phishes on their own. To create (and harden) a security-aware culture, you must be proactive. It’s not always possible to get ahead of specific threats, but we can train our communities to recognize many of them.

Have a Plan

Thinking strategically requires a plan. A plan enables you to define how you’ll reach the goals defined in your strategic plan. What communication vehicles are already available? What needs to be developed? Where do your audiences (you have at least three: faculty, staff, and students) get their information? Are there community or departmental leaders they follow? What topics should you cover and when? (EDUCAUSE provides a calendar of topics and member-created content that you can leverage.)

Brand Your Security Awareness Efforts

RIT’s security awareness efforts are branded under Digital Self-Defense. A brand helps make your security awareness efforts visible and memorable. Almost every communication or event around security awareness at RIT bears our “DSD guy” (seen above). After more than a decade, most constituents recognize him. (Your university or college might have requirements around branding that may or may not make security awareness branding possible. However, you can still use a common layout and design in your communications.)

Leverage Existing Opportunities

What existing opportunities are available for improving security awareness? Are there orientation events for students, faculty, or staff? Are there benefits or wellness fairs in which you can participate? Have you contacted departments to schedule security awareness discussions? Have you created an ongoing security awareness class, either in person or online? Have you put posters on your buses? Given away swag with security awareness messaging at orientations? Look around and see what existing opportunities you can leverage.

erob1699image2

Be All Over Social Media

Where do your constituents get their information? Your university or college may have official news outlets or communication mechanisms. Does everyone follow them? Do students even read e-mail anymore? Who’s using Facebook? Twitter? Instagram? Pinterest? Snapchat? The rapidly evolving social media landscape offers opportunities, as well as challenges. Go where your audiences are. They’re unlikely to come to you. (As I write this blog post, we’re in the midst of our annual social media “like” campaign and expect to surpass 10,000 followers in our social media outlets.)

Identify and Leverage New Opportunities

Has your campus become a hotbed for Pokémon™ GO!? Have you thought of how you might leverage Poke Stops where students congregate? Maybe set up a security awareness table. Hang posters at Poke Stops inside buildings. What about Snapchat? Snapchat filters are really popular. Did you know that Snapchat allows you to create custom geofilters? Why not create some security awareness-oriented filters and offer them at high-traffic times and locations?

Hire Students with the Right Skill Sets and Mindsets

One of the strengths of our security awareness program at RIT is that we hire technology-savvy students with strong communication skills. After a while, you’ll probably find that well of inspiration you draw from has started to run dry. Student employees are a great source of innovative ideas and more importantly, they’re students. They understand how students communicate and how best to get their attention. Give them the freedom to be creative.

Enroll Your Community

It’s not really a secret, but we know as security professionals and IT organizations that we cannot secure our campuses without partnering with our user base. Have you thought about how you might enroll your users in your efforts? In fall 2015, we began our Digital Self-Defense Team program. The purpose of the program was twofold: we wanted to develop a sense of shared responsibility around information security, and we also wanted to begin measuring our successes with a survey. With small incentives for taking the survey, we had over 600 survey participants from a faculty/staff population of about 3,000. Almost half of the survey participants signed on to the Digital Self-Defense Team. That’s a growing population of security advocates on campus.

Volunteer and Network

I’ve been a member of the Higher Education Information Security Council (HEISC) Awareness and Training Working Group for almost 10 years. The innovative ideas and helpfulness of the group to new members are without parallel. Participation in the working group ensures a steady flow of new ideas and solutions to problems faced by all of us. Each of us has ideas to share, and the working group has developed a number of security awareness resources available today.2 I invite you to join us.

Notes

  1. Learn more about phishing simulation programs and read these 10 key points about implementing a campaign.
  2. The HEISC Information Security Guide: Effective Practices and Solutions for Higher Education includes several resources developed by the Awareness and Training Working Group: a quick start guide, detailed instruction manual, cybersecurity awareness resource library, and National Cyber Security Awareness Month resource kit.

  • -

What Value Does STC Provide to Its Communities?

Category:Infosec Communicator,Leadchange,Leadership,STC,STC Rochester,techcomm Tags : 

This post is a continuation of the ongoing discussion about the Society for Technical Communication to which I’ve been contributing on Larry Kunz’s excellent Leading Technical Communication blog (http://larrykunz.wordpress.com). Larry recently posted An Agile STC? Much of the discussion has been around what value STC provides to its communities. As I took part in the conversation, I’ve realized that this is a subject I should be writing about as well. Here’s more of the discussion. (Note that I’m actively involved in STC and a former Director.)

I don’t have up-to-date numbers, but roughly 50% of STC members are currently in geographic communities/chapters. The other 50% are not involved locally. That means there are two different membership experiences. When I stepped into the presidency of STC Rochester in 2010, we were very insular and had no information about what was happening at the society level. One of my goals was to reestablish that connection. I blogged extensively about determining our local value proposition at that time (benwoelk.com), primarily about the local level, and we’ve worked hard (and successfully) to provide value to the community. I also wrote about the value of volunteering. (http://benwoelk.com/why-i-value-stc-rochester/). However, I didn’t gain a full picture of what STC itself provides until I had the opportunity to serve at the Society level.

In terms of tangible benefits, STC provides a value calculator (http://www.stc.org/membership/join-or-renew-now/1408-value-calculator).

The tangible benefits are measurable. For me, the primary value is in the intangibles–the things not displayed by the calculator. I’ve always argued that what you gain from an organization can often be directly correlated with what you put into it. I have had so many leadership growth opportunities because I chose to be involved and step forward (and even create new initiatives such as the CAC Outreach Team to directly support community leaders) that the value to me personally has been enormous. Coupled with the professional network and friendships I’ve established, the cost to me has been minimal compared to what I’ve gained.

My experience, both at the local level and the international level, has absolutely transformed me professionally, in skill sets and in developing leadership skills. I attribute much of my growth in leadership skills to “iron sharpening iron”–working with other leaders towards shared goals, mentoring new and emerging leaders, developing a peer network of very smart practitioners who I can go to when I have questions or whom I can assist with answers from time to time.

My question has often been, what do people who are not actively involved as volunteers, at the local or international level, get from their membership?

Some may just want to support a professional organization that represents their profession.

Don’t forget that the STC works at the national and international levels to better the perception and value of techcomm. It was through efforts by STC that the Bureau of Labor Statistics now lists Technical Writer separately from other writers. At face value, that may not appear to have a direct impact on an individual member, but when HR departments benchmark salaries, that new category of Technical Writer makes a difference. STC has also supported Plain Language initiatives. (A good way to get a look at Society-level initiatives is by reviewing http://www.stc.org/images/stories/pdf/stc2015yearinreview3.pdf)

Others may value the access to continuing education opportunities.

When I was on the Board, we revised the strategy and mission of STC (http://www.stc.org/about-stc/the-society/mission-vision). We refocused on proving economic value (BLS info above, for example), but also on providing continuing education opportunities that equip our members to be successful in many fields. A techcomm mindset and the skills we develop around audience analysis and contextualization, much less actual technical skills, serves us well in multiple job roles.

  1. Here are a few of the things STC offers to support its communities:
    1. Through the Community Affairs Committee, direct support to chapters, including mentoring of chapter leaders,
    2. Specific webinars that are free to chapter/SIG members.
    3. Umbrella liability insurance for chapter events when a certificate of insurance is needed.
    4. Access to other community leaders.
    5. A number of webinars, both live and recorded, that address leadership-related subjects.
    6. A shared hosting platform that saves chapters the cost of having their own hosting.

For those of you who find value in STC, what have I missed? For those who don’t find value, what else would you like to see STC offer?


  • 1

Continued Thoughts on an Agile STC

Category:Infosec Communicator,Leadchange,STC,STC Rochester Tags : 

I’ve been contributing to an ongoing conversation about the Society for Technical Communication on Larry Kunz’s excellent Leading Technical Communication blog (http://larrykunz.wordpress.com) where he’s recently posted An Agile STC? As I’ve taken part in the conversation, I’ve realized that this is a subject I should be writing about as well. I’ll start by sharing some of the discussion here. (Note that I’m actively involved in STC and a former Director.)

Background

The Society for Technical Communication (STC) was established in the late 1950s and currently has about 6000 members worldwide. Like other professional organizations, it has seen decreases in membership as the baby boomers age and the technical communication profession has become increasingly specialized. The Society has somewhat autonomous self-governed geographic chapters around the world that range in membership from around 10 members up to 150 or so. Geographic chapter membership is not mandatory, and about 50% of STC members are members in local chapters. I’m a member of the STC Rochester Chapter, which has been recognized as Community of the Year twice in the last four years.

Discussion of Agile Methodology

Larry referenced a recent post by Australian technical writer, Swapnil Ogale, The ASTC is failing us in which Sawpnill discusses the need for new structures and focus on gaining new members. Building on Sawpnil’s discussion, Larry wrote about the application of Agile principles by STC communities and the need to, as I would describe it, discard old wineskins and use new wineskins that may be more appropriate to our culture. (The wineskins terminology comes from a Bible passage, Mark 2:22, “And no one pours new wine into old wineskins. Otherwise, the wine will burst the skins, and both the wine and the wineskins will be ruined. No, they pour new wine into new wineskins.” (NIV translation). I believe that terminology is apropos for structural discussions concerning chapters as well.

In reference to Larry’s assertion that Agile principles are needed at the chapter level, smaller focused activities might provide a viable path forward for many communities, especially given the challenge in recruiting volunteers for long term roles. (There’s a free CAC webinar on recruiting volunteers on July 22nd, 2016. Alice Brzovic and I are speaking. The webinar will be recorded. Register on Eventbrite (http://www.eventbrite.com/e/recruiting-new-volunteers-tickets-26552383895)

Rochester Chapter

When I look at the Rochester Chapter’s ability to continue to provide service to our community, sprints play a key role. Along with ongoing programming, there are a large number of shorter sprints associated with our annual Spectrum conference. These sprints provide a relatively short high-impact volunteer engagement period that I believe has really helped hold the chapter together (along with some outstanding leadership.)

Next week we are engaging our Buffalo-area members and their colleagues in a networking dinner–our first engagement with them in well over a decade. This wasn’t part of our planned programming, but connections were made, an idea floated through LinkedIn messaging, and several people have put an event together very quickly.

Innovation

Given STC’s changing demographics, it’s important that we examine new models and embrace those that are effective. STC’s Community Affairs Committee is well positioned to play a mentoring role here.

We absolutely have to innovate and attract members who become active volunteers. STC at the society level and chapters are structured very differently. There’s ample opportunity for innovation at the chapter level. Some structural changes at the higher level may be beneficial.

Alienating long term members who are used to that structure is somewhat of a concern. However, the baby boomers who built professional organizations are retiring in droves, and the structure and programming has to work for succeeding generations. Although I don’t agree with all of her points, Sladek, The End of Membership as We Know It, has good discussions around the need for organizations to transform. Post-baby boomers generations are looking for meaningful engagement for shorter periods and not necessarily a lifelong commitment.

I’ll continue this discussion in an upcoming blog post.

 

 

 


Categories