Introducing the Field Guide to Security Training in the Newsroom
A collaboratively written guide that helps trainers train their colleagues
Most people don’t think much about privacy or security until they find themselves in a situation where they really need it. Often, by then it is too late. Wrapping your head around how the internet works while you’re in the middle of a high-stakes investigation is a distraction you can head off by taking privacy seriously before you encounter a crisis.
The 2016 Presidential election got a lot of folks, in and out of newsrooms, thinking about their digital privacy. And it reinforced something we’ve known for a while: there are not enough trainers to go around. There are fantastic people at great organizations that do lead trainings. There are also a lot of reporters who happen to have higher security standards than their colleagues, and they get called on to lead these trainings. But it is clear that there’s room for far more.
A lot of journalists think they’re not important enough to worry about digital privacy, but if you’ve got a byline, you’re a target. And odds are you are worthy of a breach. What’s more, taking digital security seriously requires cultural change and sustained attention. Workshops are far more effective if they’re tailored to the needs of their audience, and if they’re planned with the support and buy-in of the newsroom as a whole.
Introducing the Field Guide
With all this in mind, we created The Field Guide to Security Training in the Newsroom, a curriculum resource for security trainers and a round up of the best resources, articles and lesson plans by other organizations. Last summer, OpenNews and BuzzFeed Open Lab convened a dozen journalists and experienced security trainers at Northwestern University’s Knight Lab to jam out the first draft, and we’ve spent the last few months testing, editing, and refining that work to produce a fantastic and comprehensive resource.
Who is this for?
This guide is designed to address the needs of journalists based in the U.S. and Canada, working inside and outside of formal newsrooms. Legal frameworks and protections vary widely around the world, and trainers working with journalists in other countries may need to modify the materials to reflect local laws and local threats.
As a curriculum, this guide is written with “accidental experts” in mind: those folks in every newsroom who are already fielding questions about digital privacy and security and want to help their colleagues level up. Many organizations haven’t formalized this kind of training, so these lesson plans are here to help you create opportunities for peer learning.
And if you’re an experienced trainer preparing to teach reporters and editors for the first time, these lessons can give you some insight into the specific needs of newsrooms.
How to use this guide
This guide is a community effort, and we’re releasing it as a free, open-source project. You’re free to use and modify lesson plans according to your needs, print things out for outlines or handouts, and generally use these materials in whatever way will most help your newsroom.
Resources here are divided into three parts:
- Chapter 1 offers guidelines on leading an effective training, selecting lessons, and picking the right framing for your colleagues.
- Chapter 2 is the primary focus of this guide, with a dozen lesson plans that cover topics we identified as most in need of a newsroom-ready treatment. Each lesson includes an outline or agenda, and explains how to prepare, how long it should take, and what kind of existing knowledge participants should have.
- Chapter 3 can help you as a trainer improve your own security knowledge. It pulls together recommendations for further reading, as well as helpful ways of talking about technical concepts with a non-technical audience.
Our goal with this guide is not to replicate material that already exists, and there are a lot of good training resources and guides out there. So where appropriate, we also link to or round up existing training materials and guides.
Help us make this guide better
If you have questions, resources to share with us, or feedback on this guide, we want to hear from you. You can always file an issue if you need support, but you can also reach us at email@example.com. And we hang out in the #security channel on the News Nerdery Slack as well, so come chat with us there!
The field guide started as a collaborative effort, and your feedback is important to its continuous improvement. Here are a few ways we’d particularly love to have you contribute:
- New lessons and lesson ideas. The digital security landscape is continually evolving, and we want the guide to keep up with the pace of change. As new tools are developed and new threats emerge, we plan to add lesson plans to cover them. Let us know what topics you’re most interested in seeing covered, or share an agenda from a workshop you’ve used with your peers.
- Real-life feedback. If you use these lesson plans or other materials in your training sessions, we’d love to hear about it! We’re particularly interested in the results of workshops and sessions using the pathways suggested in Chapter 1.
- Translation and localization. The initial version of the guide was written with North American English-speaking newsrooms in mind, but digital security is important for journalists working in all communities and languages. If you can provide translations of the existing guide resources, or if you’d like to add lesson plans covering topics more relevant to your community, please contact us.
- Join our Advance Team. We’re looking for four or five newsrooms that want to work closely with us to lead trainings and edit the guide in the process. If you are excited about leading a training this spring and willing to give us thoughtful feedback on your experience, we’d love to have you on our advance team. Email us at firstname.lastname@example.org if that sounds like you.
The guide is maintained as a GitHub project, making collaboration easy. If you’re comfortable working with GitHub, we recommend that you fork our repository, make your changes on your fork, and submit a pull request back to the guide repository. (If you haven’t used GitHub before, and the previous sentence made little or no sense, this project could be an excellent opportunity to try it out for the first time! There are many guides to getting started with GitHub available online—a good place to start is GitHub’s own help site.)
If you haven’t worked with GitHub before and find the prospect a bit daunting, there are other ways to contribute. You can send existing lesson plans or glossary items that you’d like to share, in whatever format, to email@example.com. We’ll format them and add them to the guide. If you have an idea for a lesson plan and just want to get started, you can use the template we’ve set up to help organize your idea and present it consistently with the rest of the guide
And if you use this guide and find it helpful, we’d love to hear about that too. You can tag a “Thank You” issue in GitHub or just send us a note!
Amanda Hickman directs the Freelance Futures Initiative at AIR. She also shepherds emoji proposals with Emojination and teaches mapping and data visualization at the Berkeley Advanced Media Institute. Amanda led BuzzFeed’s Open Lab for Journalism, Technology, and the Arts from its founding in 2015 until the lab wrapped up in 2017. She has taught reporting, data analysis and visualization, and audience engagement at graduate journalism programs at UC Berkeley, Columbia University, and the City University of New York, and was DocumentCloud’s founding program director. Amanda has a long history of collaborating with both journalists, editors, and community organizers to design and create the tools they need to be more effective.
Kevin is a technologist whose interest in digital security stems from his time spent working with Canadian media organizations such as the Canadian Broadcasting Corporation and The Globe And Mail. He helped create The Field Guide to Security Training in the Newsroom after leading a project to implement SecureDrop at The Globe. He’s also worked on projects to investigate VR as a storytelling tool, as part of The Globe’s Lab351 newsroom innovation initiative.
Ryan Pitts is a developer and journalist in Spokane, WA. He’s the program lead for technology with OpenNews, a nonprofit organization that helps newsroom developers, designers, and data analysts collaborate on technology and support each other as a community. (OpenNews also publishes this website.) Ryan is a board member and developer at Census Reporter, and was the senior editor for digital media at The Spokesman-Review.