If you work in a security role in the private sector, particularly if you work in one of the 17 areas designated as critical infrastructure, you can join one of the many public-private cybersecurity partnerships. These partnerships are a key place where knowledge transfer happens in cybersecurity. Many of these groups are coordinated by law enforcement agencies, and joining such a group generally requires a background check and a commitment to treating information acquired confidentially. This is a serious commitment and you should not join unless you can honor it.
As Berkley alum Ashwin Mathew explains, knowledge networks in cybersecurity depend on interpersonal social trust that takes time, patience, and reciprocity to build. Professor Mathew’s report for CLTC is an important read for those who are considering a career in cybersecurity. In it, he explains how cybersecurity knowledge flows, and how its structure contributes to continued inequities in the profession. Selecting the right mentor is important, but so is making efforts to bridge the gender and race gaps that interpersonal networks can create.
FBI’s Infragard is a great place to start. Infragard has thousands of members and a nationwide presence. Infragard welcomes individual memberships.
You are likely to find smaller, regional or local groups most useful. However, these groups usually require a referral from a current member to join. One group to consider is the U.S. Secret Service’s Electronic Crimes Task Force, which meets quarterly. Another option to consider is your industry’s Information Sharing and Analysis Center (ISAC). Many ISACs can be found here.
Outside the law enforcement context, the National Institute for Standards and Technology operates many working groups of interest that are easy to join, have good networking, and are not necessarily centered around policing. For instance, NIST’s National Initiative for Cybersecurity Education (NICE) has a working group that meets monthly to discuss ways to articulate and advance cybersecurity education. Check out the apprenticeship, collegiate, and training and certification groups. There are also opportunities to engage NIST on its seminal Cybersecurity Framework and its nascent Privacy Framework.
Established cybersecurity experts may be eligible for membership in smaller, carefully vetted programs, such as M3AAWG and Ops-T.