3 essential qualities of a successful cybersecurity community forum

Image via Unsplash

There is no shortage of community forums for today’s 5.5 million cybersecurity professionals, including the Cyber Professionals Community from the Federal Cyber Workforce Management and Coordinating Working Group, the ISC2 Community, Malwarebytes Forums, the Information Security Stack Exchange and many others.

These forums provide information-sharing about the latest threats and attack trends, professional development, networking opportunities and additional resources at a time when they are much needed: Two-thirds of cybersecurity professionals say they face staffing shortages at their organization, and 92% are encountering skills gaps. Just 52% believe they have access to the tools and people required at their companies to respond to incidents. Due to budget constraints, 53% are experiencing delays in the purchasing and implementation of tech tools; 40% indicate that their team has been restructured or moved; 35% have seen their training programs cut; and 29% say their certification/education reimbursements have been reduced.

This elevates the value of the forums for cybersecurity pros as they attempt to fill in these gaps. In lieu of optimal organizational budgets and resources, they often turn to communities to get answers to their questions — and remedies for their problems.

How do these professionals get the most out of the forums? By seeking out those in which leaders, moderators and members make the following efforts to create a positive and productive interactive experience:

Make it educational

As indicated, cybersecurity pros are looking for valuable information first and foremost. Whether they are attempting to mitigate a malware incident or get the latest updates on a new threat, they seek out others who have more relevant experience and insights about these situations than they do. Or they may simply be searching for guidance on how to use a particular tool.

Whatever the motivation, the forum must allow for quick access to professionals who bring this expertise to the table. The content and general culture should primarily tap upon the knowledge base of members to expand awareness and understanding of key issues, trends and situations for everyone taking part, so they can apply “lessons learned” to their day-to-day roles, tasks and challenges.

Make it transparent

Participants should be upfront and candid about what they’re up against, security-wise. “Real” disclosures inform real knowledge gained. To be clear, participants aren’t looking for an onslaught of “scary tales” to provoke fear, uncertainty and doubt (FUD). But they do need clear, real-life stories to better position themselves to protect their organizations.

In addition, any illustrative examples or analysis should reveal the work behind it — how did the contributor come to his or her conclusions? Such details lend useful “peel back the curtain” perspectives about successful processes and on-point interpretations of cyber activity and data.

Make it easy

Keep in mind that not everyone taking part in a community is a cybersecurity professional. Forums will draw chief information officers (CIOs) and executives, managers and team members from outside the IT department as well. Security, after all, is now considered a critical component of an organization’s business model. This means there is a high level of interest in these topics across the board, as opposed to strictly among security team members.

Given this, moderators and participants should keep the presentation of materials and insights easy to grasp. They shouldn’t treat non-cybersecurity professionals in a condescending manner. With respect to basic, practical utility, they need to present materials (such as log entries, screen shots and diagrams) so that it’s simple for members to capture them with a couple quick “copy/paste” commands.

With a wealth of available forums, cybersecurity professionals have plenty of opportunities to soak up the immense expertise of our collective industry. But, at the same time, members are busier than ever as they deal with daily challenges in the form of new and/or formidable attacks — so they need to swiftly find useful information that will help them better navigate the threat landscape. When moderators and discussion participants seek to educate first in a transparent and easy-to-grasp manner, they will ensure that everyone involved will get the most out of their community experience.

Matt Korovesis is Technical Community and Education Manager at Censys. Image courtesy of Korovesis

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.