How to Build & Scale Cybersecurity Communities Recap

Written by
The Society
Published on
December 16, 2020

On December 9, the Cybersecurity Marketing Society held an expert speaking session with, Pratik Ghumade, an Operations Manager at audius in India (previously a Media Strategist at NULLCON and Hardwear.io) and Antriksh Shah, a Director at Payatu and the co-founder of Payatu, NULLCON, and Hardwear.io. In this session, Ghumade and Shah shared their learnings from building communities and organizing meaningful community events and tips on how to bring the hacker and cybersecurity executive community together.

You can watch the full video of the event at the bottom of this recap post or on the Cybersecurity Marketing Society YouTube!

Everyone Needs a Community

Everyone needs a community. But starting a community requires a process that starts with finding a common interest that people share. Once you have that interest, people need to be able to gather in a physical space (or in an online space now) to have discussions. As more people come together, they connect, talk, share, and learn together.

But as Shah said, “The key success to any community-building is to repeat.” There is no community if there aren’t consistent, regular meetups that encourage members to participate. (And in COVID times, these events need to be translated online.) His organization, NULLCON, branded as ‘Asia’s Premier Information Security Conference, Training & Exhibition platform,’ was started in 2010 and has grown tremendously in 10 years.

The growth of the NULLCON community is driven by diversity. People with different backgrounds share their experiences and learnings, expanding the group to more people and perspectives. At the last NULLCON event in March 2020, more than 2,000 people turned up from all over the world.

What Your Community Needs

Fostering Inclusiveness

Shah emphasized that communities need “a safe and supporting environment to share and learn from.” With an environment that cultivates candid discussion, people are able to share unique skillsets and make new friends, and it discourages working in silos. Build a culture where there’s constructive feedback so everyone can learn and grow in the community.

He referred to a talk by Kate Temkin titled “Spreading the Load: Building a Better Hardware Hacking Community” that included helpful tips on fostering inclusiveness. It’s necessary to be supportive and show members how new situations can be approached. This includes creating entry-level materials for people to learn from and building more open, inexpensive tools. By celebrating “teachers” that uplift everyone—rather than focusing on the “rockstars” in the industry—you’ll be able to create an atmosphere of open discussion, inclusivity, and growth.

Engage With the Stakeholders In Your Community

All communities include multiple stakeholders, such as governments, private companies, universities/academia, researchers, practitioners, and the media. You need to find a balance between two conflicting parties, and the two sides need to genuinely want to learn from each other. At NULLCON panels, people from all sides of an issue, and from all perspectives, are brought together to provide holistic insights on multi-faceted topics.

Helping the Media Understand Cybersecurity

Because of their influence, one of the most important stakeholders is the media. Often, many basic concepts of engineering and security aren’t clear to the media, which affects how they portray stories to mainstream audiences. By creating an environment among non-tech people that shows hackers aren’t bad, it encourages understanding and empathy.

Addressing Conflicting Viewpoints Respectfully

In addition, the gaps between security researchers and government agencies need to be bridged. In 2019, the top Indian intelligence government agency officially sponsored the NULLCON conference to engage with the community and learn how the community can help them safeguard the country’s intelligence structure. These types of relationships help often conflicting groups learn from each other.

At the same conference, Shah spoke with Robert Baptiste, a French security researcher and ethical hacker who had concerns about how the Indian government agencies were handling cybersecurity issues. At Nullcon, Baptiste had a public conversation with the Indian intelligence chief where they were able to discuss the topic in front of audiences.

Ghumade and Shah also mentioned Joerg Simon and Fabian Affolter who worked on the Tibet Project. They provided nonprofit support for international communities like the Tibetan exile government through cybersecurity awareness workshops and introduced lessons on how to be a better hacker in universities and schools.

Building Relationships with Industry and Academia

Furthermore, Shah noted a time where the conversation between academics in hardware security and the industry was closed. Hardwear.io was started in 2015 as a platform for hardware researchers to talk and share knowledge. They realized there was research being undertaken by those in academica, but there were very few PhD students or academics at the conference. The group held a poster competition, where PhD and undergraduate students prepared posters on their research and presented them at the hardware.io conference. Not only did this provide industry exposure for the students, but it gave the industry new information and solutions. It was a win-win for both sides and built a relationship between the parties.

Fostering Professional Growth Through Mentorships & Services for your Community Members

building and scaling cybersecurity communities antriks shah pratik ghumade

NULLCON offers robust benefits to its community members, including a mentor-mentee program. Ghumade shared how NULLCON HackerHelp was started in 2019 to provide the needed cross-community-mentorship and support to hackers who often face many stressful challenges keeping updated with the newest technology.

The NULLCON resume and career clinic was initiated to help those looking for new jobs or those who embarked on career transitions. Ghumade said, “This kind of culture of widely sharing knowledge, experience, and expertise is incredibly satisfying.” There are hidden gems that appear when people become mentors.

The Power of Volunteering

Another core tenet of NULLCON and other successful communities: give before you get. Ghumade stressed that you should try to be helpful to anyone by volunteering at other meetups and conferences. He pushed people to challenge community members to learn something new and give back to the community. Giving back can be in any form, such as talks, workshops, and blogs.

He said, “Someone once helped me when I was young and starting in cybersecurity, and now I want to give back by sharing the knowledge with others.”

Decentralize Communities to Keep Them Going & Partner to Scale

What’s harder than starting a community is maintaining it. Many communities fail, and often it can be attributed to having too many stakeholders. The varying interests of these groups make it difficult to grow, move quickly, and create inclusiveness. Thus, it is important to decentralize communities when scaling, like having chapters in their own cities run the program their own way.

But when starting a community in a crowded marketplace, you need to identify what you want to get out of a B2B community, such as obtaining more business. However, Ghumade noted that it’s important to build the community from a non-business point of view, such as making it volunteer-driven and research-oriented like NULLCON. NULLCON was started because there were no local cybersecurity hardwear groups in India. Shah wanted NULLCON to have a wider audience with an international perspective because it is important for India as a software-developing country to know the latest security trends to make secure products.

It is also necessary to partner with other members who are willing to drive the community with the same passion and objectives in mind. By repeating, or keeping a consistent pace, you’ll be more likely to keep the community alive. Collaborating with other communities and programs will help draw in more members.

When it comes to sponsorship, it’s a balancing act. NULLCON doesn’t do paid or sponsored talks because the conference aims to gain trust with other communities and researchers.

If you want to learn more about building and scaling your own community, watch the talk here or below. Shah and Ghumade ended the session on a quote: “If you want to master something, teach it.” And that’s what communities are for. If you want to get in touch, please email antriksh (at) payatu (dot) com and pratik.ghumade (at) audius (dot) de. Follow the Cybersecurity Marketing Society on LinkedIn and Twitter to join more events like this in the