Training Colleagues on Digital Security? We’ve Got Your Back
What we made at our first-ever OpenNews security convening, in partnership with Buzzfeed Open Lab
Security week here on Source is digging into the tools and practices that protect the work we do as journalists, and it’s no accident these topics feel so timely in 2017. High-profile hacks and data breaches are at the heart of stories we can’t seem to escape. We’re covering the news at a moment when communication practices can affect not just the quality of our stories, but the physical safety of colleagues and sources.
Part of the OpenNews mission is to help the journalism-tech community come together as peers to solve problems. That often happens through code projects or conference tracks, but more recently we’ve been experimenting with small events that focus on a single resource. Security has felt like a topic we ought to address for a while now, and we were thrilled to partner with BuzzFeed Open Lab this month on a convening designed to improve security knowledge and practice in newsrooms everywhere.
Our goal was to produce a set of lesson plans and resources for people who find themselves serving as de facto newsroom security trainers. Amanda Hickman, who directs the Open Lab, has been working on security training materials for newsrooms for a while now, and helped shape the project from the very beginning.
We opened a call for participation in April, looking for community members who wanted to help build this kind of training resource. The response was amazing; we ended up with about twice as many volunteers as we anticipated—easily enough to put together a team of initial writers as well as a team of remote readers and editors. Both groups represented a diverse mix of people: some with formal security training, some self-taught; some from inside newsrooms, some from outside; many with experience training new people and peers.
At our work sprint in Chicago last week, OpenNews and Open Lab gathered 14 people for 2 days at KnightLab, framing out a newsroom security curriculum, writing up guidance for new trainers, and working on an initial set of lesson plans for people to teach. We captured details on post-it notes, passed around paper-and-post-it “GitHub tickets,” spent a lot of quiet time writing, and even set aside some time to walk through new lessons with a few guinea pigs.
By the end of the sprint, here’s how the training guide came together:
How can you become a better trainer? This section covers what to think about before, during, and after a newsroom workshop, and then offers deeper dives for readers with specific interest in facilitation and putting together training pathways for their colleagues.
Security topics & lesson plans. This will form the bulk of the guide. We start with about a dozen lessons, have mapped out immediate needs for more, and plan to keep adding community contributions in the days ahead.
Deepen your own security expertise. For trainers who want to build their knowledge base, this section guides you to excellent external resources (and it’s already formatted and added to the repo!). This is another place where we anticipate additions from the community.
There’s still plenty of work to do. Our next step is to give the editing team time to read, ask questions, and refine while we finish a few loose ends. Later this summer, we’ll format everything for GitHub and open it up for anyone who wants to help their newsroom colleagues communicate and store data more securely.
Giving this a home on GitHub will also let us create issues for new lessons to add, and open the project to pull requests that make it better. Security training material really needs to stay in sync with culture and technology, so we hope you’ll help us keep this guide up to date.
In fact, maybe you’re feeling inspired to add something right now! We’ve already identified a few gaps we’d love to fill in before we publish, so:
- Do you know any great games or activities that help people really understand technology & security concepts?
- Can you write a lesson plan to help reporters understand incident response, private browsing, or network isolation and airgapping?
- Do you have favorite links to resources that help you develop security expertise?
If you’d like to help us keep building this community resource, please let us know. We’d love to add your contributions, right now and down the road.