Very exciting to see a new offering of free public training for cybersecurity fundamentals from @cisacyber, via their Federal Virtual Training Environment (FedVTE) - with no login required!

https://fedvte.usalearning.gov/public_fedvte.php

Please enter your username.

Please enter your password.

Thanks! For your security, please enter your 2FA one-time token.

You haven't signed in in a while. We've sent a confirmation code to your phone.

We don't recognize this browser. Please enter the security code we sent to your email.

Is your phone number up to date? Please confirm it by entering the code we just sent.

Did your email change? If not, please call the phone number we emailed to you, then enter the number read to you.

Just to be sure it's you, we've gotten in touch with your mom. Next time you see her, please enter the six-digit code she gives you.

The last Roman roads were built in Britannia by no later than 410 AD. Aethelred II (the Unready…which actually didn’t mean he was ill-prepared, but was poorly-advised and was instead a pun on his own name which means that he was given good counsel) began his rule in 978 AD. That’s 568 years later, or more than twice the amount of time the United States has existed.

The USA could rattle around in in a forgotten sliver of history one day if we’re not careful to uphold the principles of liberty and responsibility upon which we were founded.

Been thinking about tech conference inclusivity and what being proactively welcoming and encouraging looks like. Much of what follows are snippets of my understanding of the subject matter: an incomplete and necessarily broad and shallow look at a systemic problem I have been trying to comprehend and seek solutions for.

People much more qualified than me with on these kinds of issues do this professionally and quite frankly get paid by their organizations to do so.

-----

A prerequisite of feeling welcome is believing you will be safe in a space.

The tech industry is a powerful and critical sub-system of our society. It is a force multiplier for any individual, organization, corporation, or government that has access to it. And like all sub-systems it mirrors the whole for better and for worse.

Systems of accountability are a required control in any organization--from the family to the largest organizations on the planet.

The responsibility to create safe and welcoming spaces (at work, at conferences, in leadership, etc) rests squarely on (the mostly white, mostly male) leadership.

This responsibility starts with self-education about cultural, systemic, and institutional racism, sexism and bigotry.

Understanding our biases and how they are informed by a culture and legal system rooted in white supremacy is required to undo the harm and exclusivity of our industry, our society, and in ourselves.

-----

Standards are created for areas which need controls.

Controls are put in place to modify and enforce behavior.

Controls require certification to be effective.

Certification requires governance.

Governance is created when a system or subsystem needs to be regulated. This is Control. (Hammurabi Code, Ten Commandments, Magna Carta, NIST, ISO, IEEE, UL, oversight committees, etc).

Without transparency, inclusivity, and equity, governance disproportionally benefits those in power and causes harm to those excluded from governance.

Governance which is not transparent to, inclusive of, and equitable for all that are governed will always continuously empower those already in power.

-----

The tech industry is the wealthiest and therefore arguably the most powerful subsystem in the world.

The tech industry is in grave need of governance and controls that are transparent, inclusive and equitable.

-----

Individual conferences (organizations, companies, etc) will continue to struggle to be safe, welcoming, inclusive and equitable without standards.

Frameworks for safety, equity and inclusion exist.

To my knowledge, no certification is available for tech orgs that have standardized efforts to be safe, equitable, and inclusive.

-----

Enacted policy which cannot be complied with is worse than having no policy because policy relies on trust.

Enacting a policy which you (knowingly or unknowingly) cannot comply with is breaking the social contract created by trust.

Certification creates trust though standardized, repeatable, equitable verification.

Self-certification is not really certification.

No organization can certify itself as having taken measures to be safe, inclusive and equitable.

-----

If the system of the tech industry is to change a board of governance for inclusion and equity must be championed by people in power in the industry.

For this board to be effective, it must be transparent, inclusive and equitable.

-----

Seek out those who work on inclusion and equity. Empower them.