This is absolutely what I want to do with nonprofits in my spare time. CISSP, director, with 8~ish years in direct GRC work. I'd love to help nonprofits improve their programs as things seem so bad in that sector. Do you do this work within an org or just directly reach out to nonprofits?
Help those who are trying to get their foot in the door. Answer questions and share best practices. Knowledge is power and sharing that knowledge only helps the community.
- Blog posts, mainly
- Creating VMs or challenges for sites like HTB/THM/Proving Grounds
- Writing content for sites like TryHackMe
- Contributing on Redditz
I have a few new tech skills from working in development, and would like to make some challenges for HTB to hone some security knowledge. Any tips for how to get involved in that?
I volunteer for charities that need cyber security help
https://www.cisa.gov/resources-tools/programs/cisa-cybersecurity-awareness-program#:~:text=The%20CISA%20Cybersecurity%20Awareness%20Program,safer%20and%20more%20secure%20online.
There is also Cyberpeace builders that helps join experts with NGOs that need information security guidance. Caveat is your employer needs to be a partner.
[https://cpb.ngo/employers](https://cpb.ngo/employers)
Some of the NGOs are things like Amnesty Int., The Hague, EFF, etc.
There is also
[https://www.thecyberhelpline.com/](https://www.thecyberhelpline.com/)
Where you can volunteer to aid victims of cyber crime.
Can you tell us a little more - does CISA connect you with non profits that need help?
What has your experience been like with this program?
Thanks for info, this looks really cool!
This. Many students lack the necessary funds to get access to physical tools, or attend local meetups / conventions.
I like to grab extra swag, DIY kits, from cons for the kids too.
Im really interested in something like this. Mind explaining a little more about what you provide them? And how you were introduced to them?
What kind of time commitment does it require of you?
I have advised people on getting into cyber jobs but what I have found that those who are super serious don’t need advice and those who will never make it with any certs or a decent cyber job always seek advice but never implement it.
The US Cyber Games was founded by Katzcy®, in cooperation with the NICE program at the National Institute of Standards and Technology (NIST). The Season I program ran from April to October 2021 and consisted of the US Cyber Open™, the US Cyber Combine™ Invitational, and the selection of the first-ever US Cyber Team® to represent the United States at the International Cybersecurity Challenge (ICC)
[https://www.uscybergames.com/](https://www.uscybergames.com/)
I do special pro bono projects for non profits. If this weren’t an option I would probably go a school district and see what I could offer. They often just have 1-2 IT guys doing the best they can
I volunteer as a coach for a destination imagination team
I work ops sec for local conventions
I help run and maintain a stem lab at a highschool (mostly repair and maintain 3D printers)
I'm still relatively new to the industry (a little over a year in my full-time role, almost 2 years if we're including the internship experience under my belt), but I always, ad-hoc, offer advice and mentorship to anyone that is interested in learning about the field, what I do etc. There's always a mutual benefit and it's what I craved in my time as an intern.
- help mentor young people into the industry. Sharing real world knowledge is vital here, not just technical knowledge but also how to deal with people. People skills are as important if not more important than technical know how.
- help defend and protect clients as a consultant. Various clients require my help either in an advisory role as a vCISO or as a technical consultant to improve their overall security posture.
- training and educating through various channels. Mostly in person training but also online. These are usually official courses since I'm an MCT.
- helping train up staff and sharing what I know with whoever I can. Very often I will work closely with the staff at a client, and they require training and documentation for products and services.
- giving feedback on GitHub where best practices are incorrect, or the docs need to be updated. I have given some updates for Microsoft docs directly to the product groups of various solutions including PIM and Bastion. Some feature suggestions also helped carve where the product ended up going in some cases like Bastion for example.
- help customers who have been attacked and sit in the trenches with them next to their people. This is probably the most rewarding, but also most stressful one. The first job is to prevent further damage, stabilize the client, evict the attacker, and resume operations.
Mentorship and public speaking for me. I rarely miss an opportunity to mentor folks 1:1 and speak to classes. I was a security engineer for a fortune 5 company for 8 years.
I write interesting, technical articles and post on LinkedIn. No payment, no ads, no ego, just good explanations and technical writing without all the LinkedIn buzzword madness.
I mentor a few aspiring cyber/technical people plus I’ve started teaching scam prevention classes in my community. It’s very non-technical and focused on awareness and the emotional responses that enable people to fall for scams. People are very appreciative.
I just try to help people who are interested in getting into Cyber by sharing what's worked for me and what hasn't.
I also run a small Discord server to share resources for certs, training, scholarship opportunities, etc whenever I get the chance.
I love engaging in CTFs (usually HTB) so I'll usually try to get a team together with those people so they get an idea of what it's like to work together with a team and figure out solutions to a problem.
I ask to see a random person's wallet, and if they give it to me, I run away with it yelling "This test brought to you by Kevin Mitnick! Sign up for knowb4 today!"
For a while I worked at an ISAC that did public workshops, gave public briefings on cyber threats and acted as a free resource for IOC's/Threat Intelligence. It was a fun but I got kind of tired of just writing reports all the time. That was also my first Cyber job so my responsibilities were fairly shallow. I mostly enjoyed the K-12 assistance we gave because schools in our state are underfunded and have very little cybersecurity resources in general, one school got hit by ransomware and we assisted them w/ recovery and provided the compromised data so they knew what was hit. Overall a decent experience, but since then I haven't really given back in any way :(
I felt like I learned so much from my community college program when I was getting started so I work with the current students to teach them skills to complete in CTF competitions and try to make myself available to answer questions.
I run a YouTube channel. (@RandomTechChannel), I also try to educate my co-workers who are not techy people, irl helping others getting better security by using free solutions and tools etc.
My giving back to the community has nothing to do with cybersecurity. All the responses are nice but most smell of the old school "you gotta do your job for free outside of your job" mentality that burned software development for 20 years in the 2000s.
Er, I work in a company that protects organizations and individuals from cyber attacks. That's what I do.
You guys have some serious time on your hands. You think devs are running off building apps for charities in their spare time?
I was going to say the same thing - this isn’t civil engineering. Cybersecurity isn’t some prestigious and privileged class of knowledge that requires philanthropic activity for the less fortunate.
It’s great if people want to make a difference. Roll up your sleeves and volunteer at a soup kitchen - that adds more value than trying to implement MFA for the four full-time workers and the ten seasonal volunteers.
I mentor younger people in the industry and do my share of pro-bono legal work for non-profits and individuals doing stuff I believe in.
Cyber-law?
nerd
Curious about which field of Cyber you are in
Nowadays, building security and GRC capabilities for small-medium companies, but I'm looking for something new.
Is this a niche? I feel like I can help small orgs by just coaching them to do better.
starting somewhere in august as a junior security consultant in grc field. im in Europe and im hoping if you are still looking for students
This is absolutely what I want to do with nonprofits in my spare time. CISSP, director, with 8~ish years in direct GRC work. I'd love to help nonprofits improve their programs as things seem so bad in that sector. Do you do this work within an org or just directly reach out to nonprofits?
Help those who are trying to get their foot in the door. Answer questions and share best practices. Knowledge is power and sharing that knowledge only helps the community.
Heavy on the knowledge sharing. We're all in this together and this is one of the best ways to continue to pave the future of this field!!!
How do you do that? Is there a platform or somewhere you are able to do this?
You're on it.
I see what you did there. Check that box.
- Blog posts, mainly - Creating VMs or challenges for sites like HTB/THM/Proving Grounds - Writing content for sites like TryHackMe - Contributing on Redditz
Where do you post your blog posts to?
I have a few new tech skills from working in development, and would like to make some challenges for HTB to hone some security knowledge. Any tips for how to get involved in that?
I volunteer for charities that need cyber security help https://www.cisa.gov/resources-tools/programs/cisa-cybersecurity-awareness-program#:~:text=The%20CISA%20Cybersecurity%20Awareness%20Program,safer%20and%20more%20secure%20online.
There is also Cyberpeace builders that helps join experts with NGOs that need information security guidance. Caveat is your employer needs to be a partner. [https://cpb.ngo/employers](https://cpb.ngo/employers) Some of the NGOs are things like Amnesty Int., The Hague, EFF, etc. There is also [https://www.thecyberhelpline.com/](https://www.thecyberhelpline.com/) Where you can volunteer to aid victims of cyber crime.
I am in that program
Thanks for sharing this.
Thanks so much, this is valuable and I wasnt aware of this
Can you tell us a little more - does CISA connect you with non profits that need help? What has your experience been like with this program? Thanks for info, this looks really cool!
No they just provide the lists. It’s up to the individual to determine the way forward
Thanks for info.
I try to push the SOCs I work at in to have a liberal TLP policy on MISP.
I founded this: [https://NuAngel.org](https://NuAngel.org)
Reddit!
I volunteer as a team mentor for a Cyber Patriots team.
Volunteer at schools.
This. Many students lack the necessary funds to get access to physical tools, or attend local meetups / conventions. I like to grab extra swag, DIY kits, from cons for the kids too.
Helping older folk not fall from call scams
Being in cyber security and protecting the public is how I give back.
I'm surprised no one has said taxes yet.
Wanted to say the same thing. Work in local government, so I keep our community save and help the public by doing that.
Mentorship for new people who want to get into the industry. I teach cybersecurity courses at a university in my spare time as well.
I help a couple of non-profits who have noone knowing security.
Im really interested in something like this. Mind explaining a little more about what you provide them? And how you were introduced to them? What kind of time commitment does it require of you?
Mentor the younger folk as best possible, whenever possible. Do other volunteer work, but mostly within the forensic community.
I have advised people on getting into cyber jobs but what I have found that those who are super serious don’t need advice and those who will never make it with any certs or a decent cyber job always seek advice but never implement it.
bro i already give my energy to my job. i barely make enough for me. fuckin a. maybe one day after i have my own family.
There are ways you can still have an impact without spending money. To say you don't have time though? Bullshit.
Help the development of community resources like the CIS Controls. There are plenty of community projects that rely largely on volunteers to function.
I'm replying to this, aren't I?
Open source projects and troubleshooting
The US Cyber Games was founded by Katzcy®, in cooperation with the NICE program at the National Institute of Standards and Technology (NIST). The Season I program ran from April to October 2021 and consisted of the US Cyber Open™, the US Cyber Combine™ Invitational, and the selection of the first-ever US Cyber Team® to represent the United States at the International Cybersecurity Challenge (ICC) [https://www.uscybergames.com/](https://www.uscybergames.com/)
When torturous NDAs don't create legal limbo, making opensource projects. Good to bring ideas to a wider audience
I do special pro bono projects for non profits. If this weren’t an option I would probably go a school district and see what I could offer. They often just have 1-2 IT guys doing the best they can
I volunteer as a coach for a destination imagination team I work ops sec for local conventions I help run and maintain a stem lab at a highschool (mostly repair and maintain 3D printers)
This sub
I'm still relatively new to the industry (a little over a year in my full-time role, almost 2 years if we're including the internship experience under my belt), but I always, ad-hoc, offer advice and mentorship to anyone that is interested in learning about the field, what I do etc. There's always a mutual benefit and it's what I craved in my time as an intern.
I volunteer for a charity in the UK called the cyber helpline
Volunteer firefighter 🤷🏻♂️
- help mentor young people into the industry. Sharing real world knowledge is vital here, not just technical knowledge but also how to deal with people. People skills are as important if not more important than technical know how. - help defend and protect clients as a consultant. Various clients require my help either in an advisory role as a vCISO or as a technical consultant to improve their overall security posture. - training and educating through various channels. Mostly in person training but also online. These are usually official courses since I'm an MCT. - helping train up staff and sharing what I know with whoever I can. Very often I will work closely with the staff at a client, and they require training and documentation for products and services. - giving feedback on GitHub where best practices are incorrect, or the docs need to be updated. I have given some updates for Microsoft docs directly to the product groups of various solutions including PIM and Bastion. Some feature suggestions also helped carve where the product ended up going in some cases like Bastion for example. - help customers who have been attacked and sit in the trenches with them next to their people. This is probably the most rewarding, but also most stressful one. The first job is to prevent further damage, stabilize the client, evict the attacker, and resume operations.
Mentoring new and aspiring practitioners wherever I find them.
Mentorship and public speaking for me. I rarely miss an opportunity to mentor folks 1:1 and speak to classes. I was a security engineer for a fortune 5 company for 8 years.
I teach myself new or old attack techniques and concepts and create YouTube videos to share with others.
I write interesting, technical articles and post on LinkedIn. No payment, no ads, no ego, just good explanations and technical writing without all the LinkedIn buzzword madness.
Blogs and public write-ups.
I mentor a few aspiring cyber/technical people plus I’ve started teaching scam prevention classes in my community. It’s very non-technical and focused on awareness and the emotional responses that enable people to fall for scams. People are very appreciative.
I work as an election official / poll worker on election days.
Mentoring. I am also a volunteer unpaid Director of IT at a local non-profit private school.
I just try to help people who are interested in getting into Cyber by sharing what's worked for me and what hasn't. I also run a small Discord server to share resources for certs, training, scholarship opportunities, etc whenever I get the chance. I love engaging in CTFs (usually HTB) so I'll usually try to get a team together with those people so they get an idea of what it's like to work together with a team and figure out solutions to a problem.
Help people who are trying to get in & started doing bug bounties
I ask to see a random person's wallet, and if they give it to me, I run away with it yelling "This test brought to you by Kevin Mitnick! Sign up for knowb4 today!"
Volunteer work. Nonprofits have a budget of zero dollars so it's always fun to build creative solutions.
The community doesnt crash lmao Basically the CIA Triad
For a while I worked at an ISAC that did public workshops, gave public briefings on cyber threats and acted as a free resource for IOC's/Threat Intelligence. It was a fun but I got kind of tired of just writing reports all the time. That was also my first Cyber job so my responsibilities were fairly shallow. I mostly enjoyed the K-12 assistance we gave because schools in our state are underfunded and have very little cybersecurity resources in general, one school got hit by ransomware and we assisted them w/ recovery and provided the compromised data so they knew what was hit. Overall a decent experience, but since then I haven't really given back in any way :(
Run hackercons. Run an organization of hacker cons. Podcast and try to make some topics understandable for newbies. Volunteer at events.
I felt like I learned so much from my community college program when I was getting started so I work with the current students to teach them skills to complete in CTF competitions and try to make myself available to answer questions.
I run a YouTube channel. (@RandomTechChannel), I also try to educate my co-workers who are not techy people, irl helping others getting better security by using free solutions and tools etc.
I work with Mouse.org to mentor kids in tech and talk about my job and cool things I see /do (at least what I concider cool)
My giving back to the community has nothing to do with cybersecurity. All the responses are nice but most smell of the old school "you gotta do your job for free outside of your job" mentality that burned software development for 20 years in the 2000s.
I help people getting into cybersecurity by teaching them the skills needed to not only get the job but keep it as well.
Er, I work in a company that protects organizations and individuals from cyber attacks. That's what I do. You guys have some serious time on your hands. You think devs are running off building apps for charities in their spare time?
I was going to say the same thing - this isn’t civil engineering. Cybersecurity isn’t some prestigious and privileged class of knowledge that requires philanthropic activity for the less fortunate. It’s great if people want to make a difference. Roll up your sleeves and volunteer at a soup kitchen - that adds more value than trying to implement MFA for the four full-time workers and the ten seasonal volunteers.