More than 25 years ago, the data security community started a very steep uphill climb. That’s when we started trying to teach mainstream users about security and digital privacy. They responded with blank stares. Rarely did they grasp what we were telling them.
A quarter century later, we can claim some success. They listen now, but much of the credit goes to the bad guys. The mainstream user has awakened because everyone knows someone who’s been a victim – someone whose daughter has been spied on, or their business network was locked up, or their bank account was hijacked. It’s no longer an abstract threat.
Mission Accomplished, sort of.
The Next Generation must complete the mission The world is awake. Now how do we persuade the mainstream to secure their systems? The task of the next generation will be continuing to evangelize security as we have done. Their focus can move to teaching process rather than about data leakage and vulnerabilities.
Big business has thousands of information security job openings going unfilled. Small business can’t afford experienced in-house IT personnel, never mind dedicated security specialists. Meanwhile, a college degree in cybersecurity may leave the graduate without any grasp of how to defend against real-world threats. What’s needed is basic training with veterans in the field. As a bonus, experienced practitioners keep their skills current.
As the Generation that carried the ball to the 50-yard line, our final obligation is to equip the next generation with the tools and the real-world know-how to go the rest of the way.
[Outline:] A. What’s needed: a radical change in our attitude toward security.
• Security is mostly about process, not products
• Attitudes toward open-source solutions must change. This is the next public education challenge.
B. The challenges:
• Most available security solutions are geared toward big business and seek big sales via a revenue “hockey stick.”
• Most outsourced IT personnel available to smaller entities have less focus on security and have a business model based on selling product.
• Most institutional security training is focused on the wrong things, and very generic attacks that are stale.
• There is a bias against open-source solutions, because they usually don’t result in a revenue “hockey stick.”
C. We are the Cavalry
• We’re recruiting volunteers to serve Computers for Kids with supervision from our DFIR and other technical experts. We believe they will become valuable contributors to the field of information security.
• Volunteers start with our Lion’s chapter, and optionally can connect with a Lion’s Club in their local community.
• We are engaged in a multi-step approach to training, covering hardware, software, AND…
• Process, specifically proper implementation of the Center for Internet Security (CIS) Controls and Benchmarks.
• Announcing: A free-open-source desktop operating system that is CIS Compliant.
• The focus in on paying dues, not paying tuition. We are the Cavalry– A free resource, different versions of the standard for different sized organizations  
D. About the Center for Internet Security Controls and Benchmarks
The Center for Internet Security Controls (CIS Controls) is an information security standard designed to help organizations and individuals protect against threats to their information assets. The CIS Benchmarks provide the low-level actionable guidance for implementing security measures across various domains, such as asset management, access control, and incident response, to improve overall security posture. The Benchmarks are the specific buttons and switches that make the foundation of CIS Controls a reality.
About The Computers For Kids Club
Millions of PCs end up in trash dumps, potentially polluting ground water and clogging land-fills – For 18 years, the Computers for Kids Club has diverted those computers to needy K-16 students – We restore these donated computers, reload them using Open-Source, CIS-compliant Linux on each system. – We identify lower-income students that don’t have a computer of their own at home – We train the student and parents about Open Source, data privacy and security. After training, the kids keep their lab computer. – We also train adults and interested students within the program. It gives them real world experience in the CIS Controls, privacy, security, and open source. This has proven to be in some cases a steppingstone to security jobs and side gigs. – We have a program for people to get involved from outside of the Reno, Nevada area. – The 18-year experiment has provided many lessons, to the point that the program can be packaged and recreated by a motivated evangelist anywhere in the world.