InfoSec Community Outreach Tips — Part 1: Public Libraries

Author: Tracy Z Maleeff

Originally published on Medium

Congratulations! You've decided to reach beyond your comfort zone and give a presentation outside of the hacker community. Mazel tov!

Libraries, public libraries in particular, are often underfunded and the librarians who work there are likely overworked and underpaid. It's not unusual for public librarians to take on responsibilities akin to being a social worker, a tax form consultant, and maybe even a therapist. Communities can rely on librarians for things beyond the scope of their jobs. Let's not make Information Security one more thing to be a burden. Give an InfoSec talk at a library to help educate and empower them.

Preparation Steps

Strategy

Decide if you want to present to librarians or to the library patrons. The difference is that a presentation to librarians should include workplace types of instruction and tips. A presentation to library patrons would be more consumer, personal types of security.

Contact a Library

You could contact the Library Director directly, or perhaps strike up a conversation with the reference librarian who is on duty when you visit the library. Keep in mind that these people are very busy. Consider the onus to be on you to provide information about yourself, your presentation, and basically sell yourself to them. Having some sort of personal recognition or an introduction can help expedite this process.

Patience

Many libraries have their events planned far ahead, six months or more. May or June is a good time to propose Cyber Security Awareness Month talks for them in October. If a library can accommodate you sooner, great! Just go into this knowing that they may not be able to fit you in immediately.

Audience Focus

If you agreed to do a talk for librarians and library staff, try to get an understanding of the tech knowledge level of those people. Without being intrusive, see if you can scope out what their network situation is. If you want to speak to a niche group specifically like senior citizens, parents, children, differently-abled, etc., make sure you are skilled in the security concerns to those groups.

Pivot

Be prepared to make more basic or more advanced explanations on the fly while presenting. You may find that the group is more tech savvy than you realized, or that there are more knowledge gaps than what you were expecting. Don't get rattled. Don't get exasperated. Just adjust. A helpful way to explain things more simply is through storytelling with analogies.

Takeaways

It's a good idea to create a slide deck or supplemental material that people can take home with them. Whether that's a Power Point with a lot of links and resources, or some other print material that you craft, this will be overwhelming information for a lot of people. Make sure they retain it by having your presentation double as a learning guide after you leave.

Swag

People love swag — Stuff We All Get. I do my best to gather up swag from InfoSec conferences and vendors for my talks at libraries. Both the librarians and the patrons love it. Camera covers, t-shirts, stickers, everything.

NO FUD

I cannot express this seriously enough. DO NOT SCARE THESE PEOPLE. Yes, these are very serious things we talk about, but find a way to give them instruction in a way that it EMPOWERS them to defend themselves or troubleshoot. EMPOWER THEM.

Follow-up, or Don't

One of the reasons I hear from people who don't want to give InfoSec 101 talks to the public is the fear that people will forever bug them with follow-up questions. That's a fair concern. If your agreement is with the library to speak to the librarians, make it clear in your written and/or verbal agreement what your availability is for follow-up. Just set expectations ahead of time.

Payment, or Lack Thereof

Be clear and up front whether or not you are seeking financial reimbursement to do this kind of talk. Keep in mind that most libraries are usually tight on funds. My recommendation is that you go into this offering your services for free. Ultimately, do what's best for the library, because that's who this is supporting.

This concludes your preparation tips. Subsequent parts will include specific content tips of what to include in your presentation.

About the Author

Tracy Z. Maleeff, aka InfoSecSherpa, is the principal of Sherpa Intelligence LLC and also currently works as a Senior Cybersecurity Threat Intelligence Analyst. She previously held roles at the Krebs Stamos Group, The New York Times Company, and GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library and Information Science degree from the University of Pittsburgh. Tracy has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers: Leadership books.

See https://linktr.ee/infosecsherpa for talks, interviews, and more.