Friday, March 15, 2013

Threat Day Tampa! And thoughts about community…


I love my job! No, I’m not gloating that I've been able to spend time in the warmth of Florida, knowing its frigid cold back home in Maine! I seriously love my job.  I wonder how many people in the InfoSec space can say that. An official count tells me not many!  

Every quarter, Red Sky hosts a day-long briefing with our members. “Threat Day” is central in establishing lasting relationships between the members. These events, also establishes trust and fosters a sense of community.

We heard how an incident response team discovered a targeted attack and their smart, timely actions to thwart it, given a dossier on the cultural and political motivations of state sponsored ATP, and the creation of new tools that sifts through big APT indicators quickly and efficiently.

It was a very successful event and we are already looking forward to the next one!

A side topic of discussion this week was the observation that communities and information sharing environments are starting to pop up quickly.  These sharing environments are becoming prevalent because there’s real need to share data and solution providers have figured out that brand loyalty is as much human connection as it is providing a solution to a problem.

As the large InfoSec companies monetize the information sharing concept, I can’t help but think of some of the thoughts Red Sky’s lead analyst recently shared with me, which I think are spot on.  It is his conclusion that sharing communities fall into two categories – ad hoc or constructed.  Each of these community models has their pros and cons but before submitting your indicators, I ask you to consider the following.

The ad hoc community is the simplest to establish and are a result of necessity rather than by choice.  They may be loosely regulated and unstructured and sometimes lacking finished conclusions but these communities are fast moving, quick to respond, and provide a diversity of ideas, particularly deep technical evidence.  If you’re looking for a quick infusion of information, this may be the perfect community for you.

The constructed community is one which participation is purposeful.  Generally, membership is by request or invite only and governed strong bylaws. However, rigid rules and over governance can inhibit and even discourage sharing of information. On the upside, constructed communities reduce static, unnecessary and redundant information. When information is shared, its high fidelity, and you’re less likely to take a “wait-and-see” approach.

Red Sky is taking what is best from both community models and bringing them together in a single environment.  The strength of our community is equal to the strength of the relationships and trust between members. This is why we emphasize the value of our quarterly meetings!  This week’s Threat Day in Tampa is a reaffirmation of this belief. We work hard to bring smart people together, give them the tools to do their job efficiently, and provide them a content rich environment to share information, you can accomplish great things! 

In the future, when asked to join a group to share your information, ask yourself which type of community you’re being asked to  join, what do you expect to get in return for your information, and do you trust those on the receiving end?

If you’re interested in our Threat Day’s or want to join the conversation, email me directly at rgamache@redskyalliance.org