2025-08-06 –, Florentine F
As a community, we can no longer count on power, be it the government or our employers, to engage with us out of goodwill. As workers, we cannot assume that "the cybersecurity workforce shortage" will protect us either. While our jobs, working conditions, and friends are threatened, the institutions we would turn to have also been eroded. However, this community knows how to build things for each other, and it's past time we turn that solidarity into broader power by channeling it through one of the few robust institutions left: unions and the labor movement.
This talk will use my experience as a member of the InfoSec community and as my department's union rep to make an argument for all of us, at least those of us who currently or want to sell our skills for a paycheck, to focus on building power as workers. It will build on existing arguments for tech worker unions by adding context specific to the InfoSec community, my practical experience in a union and the labor movement, and the current moment. All views are my own and not necessarily my employer's or any labor organization’s.
In recent years, there has been high-level talk within the InfoSec community about the role for organized labor in the community but with no active stakeholders "from labor" or practical InfoSec worker organizing experience present (see Cory Doctorow's DEF CON 32 talk, the White House's Cybersecurity Workforce Strategy, etc.). Similarly, in the tech worker space, I've noticed very little attention given explicitly to InfoSec workers and the unique considerations that apply to our community and industry.
I am mildly frustrated by this discrepancy, particularly since I've been involved with the labor movement long before I ever wrote my first "Hello World" program. It’s also a discrepancy ripe with opportunity, as many of the skills and values that define the InfoSec community are directly applicable to labor organizing. This talk is my attempt to start remediating the situation by making the pitch for unions and broader labor movement organizing to the InfoSec community as a member of both this community and the labor movement.
Initially, I waited to pitch this talk to Hacker Summer Camp until I could find a coalition of other unionized InfoSec professionals, or until I had buy-in from other parts of the labor movement that may be able to process any increased interest generated by this talk. However, the recent deterioration of the community's soft power policy influence and heightened attacks on the labor movement convinced me of the urgency of giving this talk this year.
This talk builds on arguments on the need for and utility of tech sector unions made by Cory Doctorow, Ethan Marcotte, the Tech Workers Coalition, various tech unions, grassroots organizers, and others. I tailor those general arguments towards the InfoSec community and industry to stress the relevance of organized labor as one of the best tools this community has to build power and influence people as we lose the voluntary deference, particularly as individuals, we received from our bosses and the government in the past.
This talk goes beyond a few words on how "you should unionize your workplace!" and provides an in-depth discussion on why building collective power as workers is more important now than ever, shows how it has worked in ways other forms of organizing cannot, and provides practical insight from the perspective of someone who actively represents developers, incident responders, analysts, auditors, cloud engineers, etc. when I'm not in a terminal or VSCode.
Logan is a Sr. Cybersecurity Specialist at a government agency and the Union Rep for its IT & Cybersecurity Team, but is speaking in a purely personal and union capacity. Professionally, he has worked across technical topics, including incident response, privacy, and cloud engineering. He has been a union rep for five years; serves on his union's bargaining, dispute resolution, and legislative committees; provides informal tech policy advice to the International Federation of Professional and Technical Engineers; and is a member of the Tech Workers Coalition and the Federal Unionist Network. He has a Master's Degree in Tech Law and Policy, but is not a lawyer and certainly not your lawyer.
In his spare time, he built and sells a """badge""" of a live LED display of the DC Metro System and developed ResidueFree, a privacy-enhancing tool for personal computers, as part of an academic paper and presented as a DEF CON 30 demo lab. He has volunteered with BSides NoVA, the DEF CON Policy Village, and Hackers on the Hill. Outside of tech and labor, he can be found doing Typical Nerd Things (playing D&D).