PG - I Club and So Can You - Christopher Lamberson

thank you so this is AI club and so can you I'm Christopher Lamberson as I was introduced quick talk about Who I am I work two part-time information security jobs and I also study at a Columbus Georgia based university more importantly for this talk I'm also president and founder of the university's collegiate Information Security Club black box society so what is this talk about first is about why you should start an information security Club lessons learned from my struggles and successes things I've seen work at other clubs and I'll provide a brief information security Club starter guide I want to emphasize that this talk is not just for collegiate clubs but I try to frame the advice and insights in such

a way that they would be applicable to a more general group or a professional organization or a collegiate organizing if you want to go that route real quick when I refer to an information security club in the most general sense that is just a gathering of people who want to get together to do something information security related the real goal here is that people will come here hear this talk or see it later on YouTube take the knowledge learned and start their own information security Club alternatively if clubs already exists in your home town or city hopefully this will inspire you to take a look around and become involved otherwise you're already involved in which case keep being

awesome so why start an information security Club your reasons basically boiled down to helping others or helping yourself you can help others and the old fond of fantasy games the white mage was the healer you will be supporting your group like the white mage would support the party you can be the change you want to see in the world in that if you want to see more people well versed in the OWASP jinn your group can have a webapp focus and your audience could be professionals already working in the field you can also attract newcomers to the field and get them started on the right foot you can also take a stab at shrinking the phone-sex skill gap that currently

exists alternately you can be helping yourself one of the best ways to learn any subject or topic is by teaching it to others studies have shown this so if you wanted to learn web app security spin up a lab read some books but then go and do a tutorial or workshop or our talk about web app security to help cement your knowledge and ensure that you know the subject matter also you'll be growing your pool of contacts and connections which you can call upon in the future when you're networking or trying to move into a new position you can also group up for competitions expect your group has a competition focused win some money have a lot of fun

maybe a little background I come from a smaller city which when I started creating my information security Club had no vibrant information security scene that I could think of or assault you see at the time and I really think it's important that if you don't live in a big city to still be involved and cultivate a community around you and improve yourself and the InfoSec community at large so I Club experiences I actually founded two clubs one that kind of morphed into the other the first one was the computer security special interest group or cops X cig blackbox Society or BBS I've also checked out Def Con group DC 404 in Atlanta and the information

systems security Association Columbus Georgia chapter I included my what I've seen those groups do the good things they do to give this talking more rounded presentations so again it is not just aimed at collegiate groups so I started with a computer security special winter we had some good successes we grew the group from pretty much just me and a couple of friends to a mailing list of something like 32 to 36 people we produced the university's first competitive capture the flag team to actually place in the collegiate level competition that I am aware of but it wasn't all great and I picked up a lot of lessons learned from the experience first of all the organization was

created as a special interest group under my University's Association for Computing Machinery or ACM my thought process was well now I don't have to deal with paperwork or any bureaucracy I can just offload it to ACF when in fact I just added another level bureaucracy that I would have to deal with when reserving rooms for meetings or trying to request or request funding also since the organization is a flat structure all of the workload kind of fell on my shoulders there weren't other people with other responsibilities that could help me in a lot of things which was a struggle which we would solve with the black box ascites so with the black box society we went to the university we

formed the organization as an official organization we had a structure officers someone to handle reserving a room someone to handle social media and websites that we run so I want to handle all the money so we distributed the workload everything with a lot smoother since we were also an official organization we could take advantage of the social media platform that the university provides for all registered student organizations we can also schedule rooms and have regular meeting times and places the organization is still not as good as I think it can be one of the key areas where we should improve I think is more community involvement more members and attendees doing presentations and I've seen other clubs do that we'll talk

about it it's really great and it's something I want to try to emulate and I think you should emulate in your information security club when you go home and found one so a good thing of seeing that these other clubs at DC 404 new attendees get attention they have a brief moment at the beginning of every meeting where new members are asked who they are to introduce themself yeah it helps to me it helps them to mingle attendees do most of the presentations that I've seen there's not an official talk guy and that's excellent that's something you should try to get done in your organization probably the coolest thing they do is they always have background events like

a network king of a hill CTF competition or a lock-picking village as for the ISS a Columbus Georgia chapter they have a more well respected and prestigious name attached to them as far as companies go in the eyes of companies which means they have better backing they can usually get better venues for their meetings and sometimes get their meetings catered so the overall takeaways from the real-world experience I've had and the things I've seen from other clubs distribute the workload have a structure to take care of any budgeting you need to do if you want to go on trips you may want to consider membership dues sponsorships bake sales you know the usual have a consistent

meeting time in place this helps others to schedule around you and to make sure that they can be there for your meeting communicate well have a well known means of communication whether it be a mailing list the IRC IRC channel or social media such as like meetup maybe so information security clubs starter guide first thing you need to do is decide whether you want to bootstrap your own organization or branch off from an existing organization there are pros and cons each this talk will be mostly concerned with bootstrapping your own organization the second thing you want to do is have a look around your local area maybe a group already exists that does all the

things you want to do and all you'd be doing is kind of adding to the noise by starting your own Club that just a proxy for the other and always always keep your audience in mind through the entire process since social essence clubs are a social thing you probably already have your audience in mind the second thing you really need start thinking about is logistics you want to consider a location how are you going to advertise and how are you going to communicate with your location I've seen organizations use University classrooms corporate meeting rooms restaurants cafes and pubs in the dual Tetris picture sometimes it won't be so obvious what you're the best location is

the key things you're going to need are probably a projector depending on what kind of meetings you're going to be having it needs to let you get loud enough to have a meeting and it needs to be court and let you get quiet enough to have one-on-one conversations between other people some other nice things to have are power strips lots of power strips never you can never have enough power strips and lots of different adapters for different hookups if you're using that projector I swear that was in the talk the whole time so you want to start thinking about advertising you it could be as simple as putting up flyers where smart people hang out using social

media such as meetup or working with your parent org if you decided to go that route meaning you start thinking about communications how are you going to keep in touch personally I usually like mailing lists you may prefer social media or IRC once you have all your logistics figured out once you have figured out where you're going to meet when you're going to meet and how it's going to go down you start thinking about your first meeting because you go back to considering your audience what you should be doing all the time and for simplicity's sake I've broken down audience into students professional in general secondly you may want to pick an angle this probably should change at

least every other meaning to keep things fresh but it can be something like in these are just examples competition preparation skill development networking and career development so let's say you have a club with a collegiate audience with a competition focus a meeting you may want to do is introduction the CTF talking about the differences between jeopardy style king of the hill attack the fan maybe talk about other security competitions like collegiate cyber defense competitions stuff like that alternatively if you have a more general audience with a career development focus as your first meeting you may want talked about local tech companies what they're looking for who they're hiring for bonus points you need guest speaker

from one of those companies to come in and hear it straight from the horse's mouth we talked about spinning off your own organization are spinning off of a existing organization there are way too many organization organizations that you can spin off of to go over down this talk but for example if you want to do a Def Con group they have an FAQ if you want to do an ISS a chapter they have a startup kit if you do want to do a 2600 meeting they have guidelines so in conclusion critical up just do it it can be really easy it can be just it can start off it's just a social get together with you and your friends for

networking of a heel competition all you need to do is have that room and time ready invite people over and have that first meeting in your mind I'm going to take questions here shortly but first I'd like to thank my proven guy proving grounds mentor Rachel Rachel Linenger all the black box Society members and officers my academic mentor dr. Beaucaire and all the computer science faculty at CSU and a shout out to DC for for and the columbus chapter of the Issa for unknowingly contributing to my talk questions alright thank you very much