Hi! Thanks so much for stopping by!
This is the repository for my GitHub Universe 2023 session Putting cybersecurity advocacy into action with GitHub Advanced Security SEC1808M. It contains all the additional information shown in the session.
If you haven't watched the session yet, here's a quick explainer: a lot of corporate cybersecurity is asking other people to change. But change is kind of hard1. Corporate cybersecurity teams2 can (and probably should) do better when it comes to helping people change. Science can tell us how to do that3! In my session I talk a lot about how to put science-based strategies into action by suggesting concrete steps you can take.
Note
To make these steps super easy to access, I've re-created them as issues in a project in this repository.
You can copy the project to use for rolling out your own change or you can browse through the issues individually. I've grouped the issues by milestones that correspond to the stages of change and gave them labels to make it easier to find what you're looking for.
In my session I refer to a couple of sources for ideas that aren't my own. Below you'll find the links for those
- https://en.wikipedia.org/wiki/Transtheoretical_model
- Boston University School of Public Health: Behavioral Change Models
- Cybersecurity Advocates: Discovering the Characteristics and Skills for an Emergent Role (NIST)
- https://hackervalley.com/e/episode-196-cybersecurity-advocates-with-julie-haney/
- GitHub Resources: Understanding GitHub Advanced Security
- https://nickliffen.dev/articles/why-advanced-security.html
If you have thoughts, comments or questions - come meet me in the discussion https://github.com/orgs/community/discussions/74695.
Footnotes
-
Which is also why generally people aren't big fans. ↩
-
Honestly the concept and strategies probably apply to other contexts as well, especially if your job is to support someone else. I'm just always talking about cybersecurity, because that's my area of expertise/experience. ↩
-
Ok so it can give us a pretty good idea, but (obviously) your milage may vary. ↩