Is There Anybody Out There? - Thomas Schreck

yeah thank you very much for the nice introduction um and also for the besides munich how you called organizers to invite me to give this keynote so when they asked me about can you give the keynote i was asking myself what should i talk about it's always always the same thing what do you want to do and for me when i was young and listen to keynotes and still doing listening to keynotes i always think how should a keynote look like it should be inspiring it should be giving a new sword so the first obvious choice was let's talk about cyber but i hate this red cyber so here's the normal slide deck about all the cyber

buzzwords around there and i will not talk anymore about cyber so you have set one so the next topic which came to mind let's talk about blockchain because i don't know how you how you are doing but i get a lot with this password so every manager coming to me every company let's do something about blockchain blockchain blockchain blockchain i can't hear it anymore so here's the obvious slide deck slide about blockchain i will not talk anymore about that so then we had a really good talk with the business organizat organizers um and we discussed about what can give back to the community so i i grew up in a large organization you know sometimes very bureaucratic organization

and every time i went there i was like okay this is really the way people are doing that so i learned a lot when i joined communities as the introduction was saying communities are so important you learn things and you get new in inspiration and so on and therefore we said okay let's talk about communities so why can't i talk about communities so i joined very young with a community and i was there as a yeah newbie first time attendee however you get called and then i was at this large organization called form of incident response and security teams which is the largest organization for security teams in the world i was there on the board of

directors for six years and were the chairman for that and believe me or not it's it sounds great but it's a lot of work so i know what the besides people are doing in their volunteer time i had professional staff around so i want to use this opportunity now that you give them all and not only the volunteers because they have forgot about thanking the whole organization team of a lot of our plows because what they are doing is amazing and they're doing all that for you so please give a lot of uploads to them now

so i want to share the experience i had with communities building up communities running communities learning from my communities and so on so this is also a bit of a personal talk so when i was finishing university i was i thought i know everything and i learned the total difference when i joined the first organization first company and i was very overwhelmed i learned new passwords every day and i was like oh god university have not prepared me for that job and what did i do wrong with with what i learned and so on so i was really i was really sometimes a bit nervous if if i'm as an engineer doing the right thing

and back then when i started we had not had this company cultures where it was still hierarchy driven and so on so i looked at the topics what what we're doing on a daily business and i always thought is it really how this work is it not really boring is that not a lot of problems and on so i had a lot of questions every day and all these questions were not really answered by my teammates because those were the ones were doing that all the time the same thing so i said question not what they were doing so i felt really alone i felt alone with my questions i was like there am i in the right place am i doing

something wrong and so on so the question came to me is there anybody out there who has the same problems i do who has the same perspective on topic than i do and that was for a large i think over over one year a huge topic i thought about i i questioned myself and so on is there anybody out there by the way which band no one i think floyd right so my favorite band so it was obvious choice so is there anybody out there and i can tell you yes there are there are a lot of people out there you see it here in the community there are a lot of people out there and there are a lot of people

out there in in the whole in the whole uh industry we have who are doing work who do volunteer work who share experience on their own but you need to find that you need to engage with them and what i want to do today is to discuss with you about my experience i had when i joined those communities learned grew failed and in the end where i was able to run off one of those communities and spend a lot of time in there and it's a it was a great experience it's still a great experience and i want to give you i hope that you when you go out of this office talk today that you yeah have

ideas about what what may you what you can do also to give back the knowledge you have so how's this talk structured today i have three important topics which i want to cover the first is what is this about so what is about communities what you really should learn from communities and so on the next one is what you need to do so how can you give back what you experience what you learned and so on and last but not least what you gain so what you can get out if you do that if you do it and on so let's start about what this is about so who of you are part of a community

so who so the people who not still have her hands erased uh who are part of the community so who thinks that's a lot of work being in a community okay that's interesting i have a totally different perspective on that so when i talk about communities what do i mean so i'm there are a lot of communities out there there are these super exclusive globs where companies pay five uh five number uh membership fees annually and then there are the more industrial-driven organizations who are based on volunteers and then there are yeah communities like b-sides or others who are totally volunteer-driven like yeah b-sides over and so on so we have a very we have a lot of different people like

the isaacs who get a lot of money every year they have professional staff working on topics and you have those larger communities which which get money from sponsors and someone running it and then you have the total volunteer driven ones and i can tell you one thing in all those communities there's one thing which is common it's all about the people who are engaged with that so if it's as if even they have a lot of money they are in the background people who really think this is the thing which we need to drive it's important for me so they spend their whole spare time in this community building it up and so on and that's always the same thing

but why do you do that so the first thing why are doing that is learning so for me when i joined after this one year thanks to a former manager of mine one of those communities i came there for five days and i can tell you i went back home and i was totally uh full of sugar and totally overengaged and so on because i gained so much knowledge during that week and that's mostly because the nice thing about this community is there are people there who are in the industry for way longer and who are willing to share what what um what say experience what say faults so i grew up in the cser community and the

nice thing about the caesar community is they are always in the background so caesar people literally don't talk about in the public how cool they are they are not in not on on stages doing huge keynotes they are in the background and securing our network our internet and so on and when i went there there were all those people who were in the business for 30 years 20 years and when i talked with them and showed them i'm really happy to learn from them they gave back all the knowledge they have to me and i was lucky that two of them which i call now friends took that opportunity up and and helped me support me to grow where i'm i am now

but it's not always one way it's not always that the orders give back to the younger what i learned is that as a young engineer i question topics and questions hey is that the correct way doing so is it really what we did as a best practice for 20 years something which should be done like that isn't there new technology out new new thinking and in our society where we need to adapt our brushes and exp a good experienced person in our community is seeing this potential that people are questioning and hearing and not just saying no no no we have done that for 20 years we know that's working and that's the wrong attitude to to

tackle topics you need to listen to the people understand what you if it if that's maybe something that you're doing for 20 years or wrong and accept that you may be wrong so the former team i was running it was always important for me that i listened to what they are doing what what say what they what the experience they have and so on and for example when i was doing programming i was really bad in that and there is one person here so here in the audience who need who i think hated to uh read my code overflow so and for me it was important that i i was i was not telling him i'm the older one

i know what i'm doing that i listened to him and said okay you're better than that so please do so so learning is not always about one way always giving the experience to younger it's all the other way that all the older people are listening to the younger people understanding hey maybe they are right or they're not or we are wrong we should change what we are doing so that's an important very important question and i choose this picture by purpose because in our global society and especially what we are doing on the internet we also need to listen to other cultures what i've experienced in some communities is when there are people from other cultures since investing

in the western culture approaching you they always say okay yeah what do you talk about in africa i don't care what you're doing africa and this is also which we need to so uh yeah we need to improve because our cultures are so important technology decisions which we are doing so it's not only learning between us it's learning listening to other cultures our societies and so on and with all the crisis we are very highly seeing that's getting more and more important so the next thing it's not about it's not only about sharing so for example the organization uh i uh i was on the board first it was known for the huge conference so they had an

annual huge conference people around the world came there but it was mostly only known for this conference and i hated that because there are these c-shirts around there who really want to engage in on a daily on a daily business of working each other so if there's an attack on going there are structures in in blaze where ceasers can communicate to each other say hey we have this problem can you step in so i don't know who if you are isn't are in the response but in zero response is not tied to one organization it's most of the time or uh yeah a community which needs to work on that so this is so keen that

you have ways in place when you need to work with each other that you say hey i have a problem and then you step in and support those people if you go through management for example so i had some times when you do my report to my manager and my managers that tend to the next manager can we talk to this company it takes ages and when lawyers are involved then it takes forever so direct connections to each other are so important so building up a network in the community is so keen so you should not only go there and say great i will sit here and listen and then i go home you should be in

there go out talk with the speakers talk with others build up a network because this network is so keen on daily operations and it's not only being there at a conference it's also doing the conferences joining a mailing list give talks somewhere so it's it's keen because when you have this fire fighting happening you need to use this this network and help each other and there are various communities out there where you can do that but they're also something which is called trusted communities trusted groups and those people are those communities are sometimes called fight club so there are fight club rules i am not really huge fan of this fight lab rules but there are communities who are

individuals these individuals share their knowledge share their operational work sometimes when i open my email box and i'm seeing what the text i'm going in this main list i was like wow who should how should i process that all this information we have so you see this is ongoing this is something which is helping each other is so important so this is what you are able what is this about learning from each other sharing the knowledge supporting each other when there are things happening but as i said before you also need to think about okay how this community is working so you come here you listen to talks you already learned that there are your

volunteers who supp who are organizing all of that there are sponsors who are paying the money says that we can be here at a conference hotel and so on but imagine if there would be no volunteers doing that no sponsors and no speakers and so on nothing would happen so you would instead of going to munich and talk to each other you would need to go to the office or her home office and do your work so only because of volunteers this is uh this is possible so what can you do that this can be improved the situation we have yeah first of all share your experience so i think all of you have on a daily

basis yeah something is happening in your office you build a tool you had an incident or you had a good hack but you never want to talk about because as for example with me i always said for example oh i was really doing a bad job there so i should not talk about it or oh i don't have the time to prepare talk or whatever you find as an external uh as an rule that you don't do it and that's wrong so first of all what i learned is talking about failure is often more important than showing off so i'm for example now back in the academic field and i can tell you one of

the worst things about the academic field is that you only share great great uh great papers in big conferences and then you gain again another point that you're good talking about something but for example in the academic field we don't talk about failures even if there should be those talks the industry is a bit better here but not as it could be so talking about failure especially in our field is so important because everyone can learn and leverage from that next when you work on something and you think okay i don't i'm not really sure should i publish that or not do it i don't know how your company policies are and so on but put it on github

and share it on twitter talk about it that's very important give go to a conference talk about it then you get feedback and maybe find people involved in that i have seen so many cool projects dying on a laptop's hard disk because people have not wanted to share it so for example my students when they come to me to do write their final thesis i always say i don't want to have this source code on a on a usb stick or on a cd and not kidding still on cd sometimes put it on github tweet about it because it's maybe no one is interested in but maybe there are then you said then you build up your

profile so what i want to encourage you is that everyone who is here now in the audience will submit the talk to next next year's besides even your manual can be selected [Applause] if you not get selected it's an experience you have you get feedback and so on so that's important share your experience then help others so you are here because you want to learn something but it's not only about learning it's also that we as people are very complex we may have our personal problems and so on and that's so keen in a community when you have a smaller community you build up friendship and therefore it's important that you listen to others maybe they

say ask for help you don't understand that they're asking for help so you need to listen to them carefully understanding what's the problems they have and then they help help them and this is something which i experienced quite often so i had personal problems i had problems in the shop and so on and i have always people i can ask outside of the outside of my company uh within my company and so on and this important thing what i wanted to give or what i want to share with you is first of all if you need help if you have a complex problem for example learning to solve you should not be alone just ask just experience people or

people you trust and tell them hey i have this problem can you help me or if you have personal problems because you don't really know how your career path is ongoing there are a lot of communities outside supporting you on that so ask for help and more important be there if someone is asking for help so talk to them and and use this time i know we are in this industry we are all stressed out and we're doing a lot of work on a daily basis and then you oh and now it's 9 00 pm and i still need to talk with this one guy because he is asking for help and that's the total wrong

the total wrong attitude to it it's something when you help someone you may later on when you need help this person may help you as well and i can tell you i i was at that situation quite often and and it was always very important for me that i had someone to talk a talk so now to the last point now i told you about what's all about these communities i talked about what you need to do or what you should do and so on but what do you regain from that so first of all knowledge and as you know knowledge is keen in our society it's very important that you that you gain this knowledge

and for i can tell you from my experience that's the most what you get from a community is exactly that knowledge so what's what what kind of knowledge so i can give you now some examples um so i was working on a on something within my former company so i said we were able to detect some uh attacks and i had a problem with privacy so the way i wanted to do it was on from a private perspective wrong and i knew that but privacy is important for all of us so i was really there for three months i have not found any solution so i went to a conference and discussed it with a friendly circle as it's a

luxembourg c-3 and i talked to alexandre i had this problem and just told him what what problem i have and he looked at me oh that's quite easy just use that in that europe and that is the data structure and and everything is solved i was like wow this was a very easy answer so i went back home implemented that and it worked and yeah this knowledge that helped me on a daily basis and that's just one example another example is when i was when i became manager i never really were a good people manager and some of the audience can't tell about that so i didn't want to discuss it internally and also the team i

yeah i was in there was totally different to other teams so i couldn't really ask for help within the organization so i went out there and discussed with others who were running successfully teams like mine and said okay what are you doing what you how how how do you solve that in that problem or how you tackle that and so and they gave me wonderful ideas about what you can do and that's also knowledge it's not only about technical knowledge it's also about how you yeah manage people how you how you grew your people and so on and last but not least building up friends so for example my best friend i i met uh at a conference or first of all i met

him with on a mailing list and i thought who is this who is this person who is asking so stupid questions but being biased and now he's my best friend because we found out that hey we have the same we have the same technical interest job interest but also private interest and i can tell you for sure that all of us are bit same not only only in the industry but also in our private sphere so you gain friends and like i i must say when i when i look into my friendship most of those people are within my community so these are the people i trust a lot i i talk on a daily basis and even i

have private problems i have them because they knew me they know how i'm working and so on so this is what you also gain a lot of friends which you can use the whole career path and later on hopefully also when you retire you can do nice trips with them and so on so that's also important that you just don't just look at the look at hey this is just a job because our job takes the majority of the time we have on a week so you should share that with friends and not with with people who you're just in there for eight hours on a day so this is what i want to talk with or

talk about um what i learned why for me communities are important and so on and i hope you get you under yeah you gain something out of this talk that you learned about something and that you submitted a talk next year thank you very much i hope you enjoyed it

does anybody have a question for homeless it's a great opportunity

[Music]

uh so first of all uh thank you for your talk uh when you mentioned uh we should talk more about failure uh it reminds me of something that i read i think in uh this book from uh i think it's called it uh and fragile but basically the guy makes this argument that we have this a big graveyard of failure behind us so when you see like say book authors we have like someone that release a book and we have like i don't know 10 000 people that never released a book but tried to publish something could you please discuss a bit more how would you approach that how could we discuss more failure give maybe some ideas

so you you can approach it on on various levels i think there is a conference format out i can't be called the name where you just talk about failures uh i think that's one approach the second approach is within organization you what you can talk is that you do what you can do is on a weekly basis on monthly basis you have uh an evening where where you're only allowed to share failures you did and then on a daily on a daily job basis uh you may do a instead of doing a scrum or dailies and then you also talk about in the dailies about what did what did not work and how you solve that so you need to facilitate

a culture where you discuss it and way more important is that from a mindset you need to allow your allow failures so it's quite often that people think okay if it if i fail i'm doing a bad job it's quite obvious it's quite the obvious it's um opposite sorry obvious the opposite it's you need to understand hey when i'm doing a fail it's totally fine that it's his failure and now i need to understand during lessons learned about what i what i did wrong and honestly when i so i have a small child at home and she is doing the whole day failures i can shout at her and say you're doing it wrong or can i

can just show her why she did it wrong and that's like a mindset chef we need to we need to do and i can tell you our society unfortunately still doesn't allow failures so starting to change in our society that failure is allowed is the first thing which is important to do but a great question okay thank you very much and enjoy the rest of the day