That's a classic scene from a great movie. And, if you think the movie is twisted, you should definitely read the book or the audiobook!
Many people know that the first rule of Fight Club is that you don't talk about Fight Club. That's because they didn't want to draw attention.
But in security, the first rule of security is:
That means a number of things:
- Security Awareness - a program at your organization to promote security themes. I like to focus on information people can use at home. I've talked about this in the past.
- Public Awareness - similar to security awareness but here security pros, IT pros, law enforcement pros, or really anyone, talks to the public about security and privacy issues. There are opportunities through the schools, community centers or school district parent organizations.
- Conferences - are a great way for people to learn more about security and for security and IT pros to learn more, improve their skills and make great contacts. I was recently at the HIMSS Privacy & Security Forum in Boston. I saw old friends and made new ones, heard some great speakers (and did a bit of speaking myself) and learned a few things.
- Professional Organizations - There are many IT and security professional organizations. Some of the organizations I participate in include ISSA, ISACA and Infragard. There are local chapters in most areas.
- Other local groups - in addition to the formal professional organizations, many areas have local groups for security leaders or security practitioners. You can find out about these groups and conferences or professional organization local meetings.
- 1:1 discussions - talk with a security pro about security! Even better... talk with someone who's not a security pro about security!
Here's the thing... the attackers - the people who are trying to break into networks or your home computer to steal data - talk to each other. They share ideas and techniques. They learn from each other. We must do the same.
How do you talk about security?