Why Shared Storytelling Is Key for a Strong Cybersecurity Community

“Hey, we should jot that down.”

I heard variations of this phrase over and over in my computer network operations career. What will likely not surprise you is that acquired knowledge is rarely written down. Standard operating procedures (SOPs) and documentation often share an adversarial relationship with blue teamers — paper threat actors, as it were. Yet, this same blue team audience is filled with voracious readers who constantly seek out new information and learning experiences. Hosting SIM was the catalyst to creating a book filled with tacit knowledge from the blue team community.

And we did just that in “Bluenomicon,” a collection of essays from infosec luminaries, broken into three topical sections. Leadership tips from people like Wendy Nather, Rick Holland and Sherrod DeGrippo. Technical tips that will help you raise your skills as a network defender. And the last section of Bluenomicon is filled with DFIR tales from network defenders who have “walked the walk.” It also includes origin stories from the creators of the Pyramid of Pain, the Diamond Model and the Cyber Kill Chain, if you’re into that sort of thing.

However, as we got deeper into the weeds of this collaboration, it became clear that we were also — perhaps unwittingly — following a process mapped out by a tried-and-true thought model known as SECI, often used as a vehicle for knowledge creation and transfer.

Bluenomicon had become one of its real-world applications.

The value of forming an executive village

Ultimately, it was fascinating and rewarding to connect with these experts. Our conversations together were an important reminder that building community and sharing best practices are critical for security and technology leaders to drive digital resilience for their organizations and deliver the best outcomes for their customers.

Building community is the ROI

Throughout the creation of Bluenomicon, I have come to appreciate the importance of tacit and explicit knowledge specifically in the realm of network defense. Tacit knowledge refers to personal, subjective knowledge that is difficult to articulate or transfer directly. It includes the shortcuts, the small acts of digital wizardry that we’ve learned through hands-on-keyboard time. Explicit knowledge, on the other hand, is codified and can easily be communicated and shared — yes, this means the documentation and SOPs we all love to hate.

In the context of the SECI model, tacit knowledge plays a significant role in the socialization stage. It is during interactions, discussions, and collaborations with fellow blue teamers that tacit knowledge is shared and exchanged. This socialization process fosters a deeper understanding of shared experiences and community insights, turning tacit knowledge into explicit knowledge. It does take a village.

Explicit knowledge is crucial in the  externalization, combination, and internalization stages within the SECI model. Externalization involves transforming tacit knowledge into explicit forms, such as written essays and articles. The contributors to “Bluenomicon” shared their tacit knowledge, which was then externalized and made explicit through their written contributions. This externalization process allowed for the codification and documentation of their expertise, making it accessible to anyone who downloads it.

The combination stage of the SECI model involves integrating explicit knowledge from various sources. In the case of "Bluenomicon," we combined the essays and insights provided by different contributors to create a comprehensive body of knowledge.  Combining that explicit knowledge created something new.

Finally, the internalization stage of the SECI model refers to the process by which individuals acquire and apply explicit  knowledge for their understanding and use. I hope that when readers engage with the book, they internalize the explicit knowledge presented within its pages, gaining insights and expanding their understanding of network defense.

The circle of life learning

I’ve been lucky enough to have friends and colleagues in the cybersecurity community become subject matter experts in the most challenging technical areas, develop widely adopted frameworks and also rise to leadership positions. They all (not shockingly) note that a career in cybersecurity requires dedication to learning, and most in the community share a common desire to see others excel. Sharing knowledge and experiences builds our resilience, and prepares us for the challenges we regularly face in this field.

I am hopeful the explicit knowledge we’ve created in “Bluenomicon” will be combined with the tacit knowledge of readers, creating new explicit knowledge that can be shared with the world.

Get your digital copy of the book here.