It had been a busy day at work and I was glad to be home. My wife had told me she’d be taking the kids out after school to a friends house so I knew no-one was home – yet I still announced loudly “Hello, I’m home.” We had been burgled a few months earlier and I still got butterfly’s coming back to an empty house. By announcing myself loudly I thought would give any burglars the chance to escape; and I would let them. The last thing I needed was a confrontation with a burglar. You see, Britain is unlike most other countries in the civilised world where scum who break into your home actually have more rights than you do, so if you end up punching them a little too hard you could end up with a criminal record.
Once I satisfied myself that the coast was clear I went to the kitchen and poured myself a glass of water and turned on the T.V. Flicking through channels I didn’t find anything of use and wondered what I could do with my ‘freedom’ over the next few hours. I find its one of the things that happens when you become a parent. You miss the freedom of not having kids at times, yet when they’re not around you don’t know what to do and wish they were back.
I’d been toying around with YouTube recently, uploading a few videos here and there with limited success. But I was still learning the art of making videos so I wasn’t that bothered by it. I thought I’d use the opportunity to make another video just to see how things went. It ended up being a short tongue-in-cheek video entitled “Benefits of being a CISSP” http://youtu.be/8DZkpynFhak . It was just a bit of fun and I didn’t think much of it at the time. However, once I published it I saw the viewing figures rise and rise. Wow – an ill-thought out video that I shot and edited in 2 hours was something people actually liked. I began to have visions of grandeur where I could earn millions from YouTube and retire.
Those dreams weren’t to be realized, but that wasn’t the worst part. I opened up my email box one day to see an email from someone at (ISC)2. The preview showed me the first two lines and I felt a knot in my stomach. It read,
Hello,
We’ve seen your ‘Benefits of Being a CISSP video’ which you created….
I didn’t want to open the email. I’d seen this kind of behaviour before from large faceless corporations. Someone at (ISC)2 must have taken offence to my video and at best the email was asking me to take it down, at worst I was looking at some legal proceedings. I cursed myself for being so stupid. In my haste and attempts to be funny I’d poked a bear, and now it had its claws out. I sat there for what felt like an eternity before I finally exhaled loudly and clicked the mouse to open the email with a little more force than was required. To my surprise the rest of the email was nothing like I expected.
Hello,
We’ve seen your ‘Benefits of Being a CISSP video’ which you created and we love it. Would you please send us the video file? We’d like to play this at an upcoming (ISC)2 event.
Thanks,
<redacted>
I still wasn’t entirely convinced and ended up exchanging a few emails to verify this was actually true. It got me curious as to what other assumptions I may have about the organisation that could be wrong so I attended the next (ISC)2 annual congress which was held in Philadelphia. I got to spend time with a number of staff, board members and executive team; where I found that a large number of my preconceptions about the organisation were wrong… very wrong. It would be an understatement to say that (ISC)2 had done a poor job of communicating all that it does and how members can benefit or get involved.
Whilst at the event I came across an initiative entitled Safe and Secure online (SSO) which provides a framework to enable members to go to schools and educate 7-14 year olds on how to remain safe online. Having children of my own, I thought it was an excellent initiative so I ended up offering to help out a little bit where I could. Upon my return home, I saw that I had been featured on the safe and secure website as a volunteer. “That’s nice of them” I thought to myself as I read through it.
Some 3,300 miles away, Bob Covello, a New York-based security professional was browsing the safe and secure website. He was interested in getting involved but wasn’t sure how effective it would be. Bob saw my profile on the website and thought he’d drop me an email. After all, he assumed he’d get a better response from a YouTuber than someone at (ISC)2.
I saw Bob’s email the next morning where he asked if it would be a good idea to become a SSO volunteer. The response was easy; it wasn’t about (ISC)2, or even security. In my mind it was all about how to give something to the local community. I wasn’t too sure about the whole onboarding process so I introduced Bob to James McQuiggan. I’d met James at (ISC)2 congress and I knew he was active in the SSO program as the lead volunteer in Florida. I hit send, and forgot about it. My job here was done.
Some weeks later I received another email from Bob. The email was full of positivity. He told me how after speaking to both James and I he went on to review the training materials and with the help of a third CISSP named Sandy Tyson he was able to make a couple of presentations at the Middle school in his neighbourhood. Not only did he receive great feedback from the school, but he told me how he felt like he’d made a bit of difference by educating some young adults and some teachers about online safety and security.
That wasn’t the end of it though; some time later the guidance counsellor from the school district invited him to come and speak about online anti-bullying. As an extension of what he had learnt through volunteering for SSO, Bob also created other presentations he uses to educate business people about online security. Bob summed up his experience with the statement;
“Volunteering for the SSO Foundation has introduced me to some of the kindest and most generous folks I have ever met, as well as teaching me to be a more caring individual.”
I sat back and reflected on it… Bob is a good man and he wanted to make a difference in his community. He would have done so without (ISC)2, James, Sandy or me . But (ISC)2 was the thread that connected us all… and that got me thinking. Despite all its fault and warts – it’s a juggernaut with over 90,000 members worldwide. That’s a vast resource of potential that can be tapped into.
Which is why I’ll be giving my support to the people I think will be the best additions to the board in the upcoming upcoming elections that run from the 16th to 30th of November 2013. (people like Jennifer http://securityuncorked.com/2013/11/who-is-this-person-running-for-isc2-board-jj/)
I’m not here to try and convince anyone of the pros or cons of (ISC)2 – I just wanted to share a story with you about how I was a small cog in a chain reaction that enabled a man several thousand miles away to help keep children safe. If one of those children grows up happier as a result, I think it’s worth the effort. (well its better than complaining about stuff on social media)
Javvad Malik 