So, DC has an ISM-Community chapter.  We have a membership last I checked of 3 and we grew by an amazing 50% today. =)

Seriously, though, and I know you’re asking: What can one more security group in the DC area fulfill?  That was my first question when we first started talking about local chapters many months ago.

I mean, we have the following groups:

• ISC2 (get certified, do good works, get CPEs, work on DoD contracts)
• ISSA-NOVA (Take some training, be an auditor or manager)
• Infragard (Protect the infrastructure, get some priviledged information, rub elbows with the F-B-I)
• NovaSec (We’re not CISSPs, we’re technical!  Check your guns and your certs at the door)
• Security Geeks-DC (We’re highly technical, but we died out while Mike was taking his “vacation” in “someplace sunny”, much to his lament)
• SANS (go to a conference, get a technical certification, start a university)
• Numerous others

As usual, I’m tongue in cheek (I’m a jerk, but not that much of a jerk =)   ) about what these groups do, but keep in mind that I’m in some way associated with some of these groups, so I’m not by any means hating on them.

We have all these other organizations that do a fine job at what they do, so where is there room for just another security group?

ISM-Community is different.  Otherwise, we wouldn’t even think about trying to “compete” with these other guys.  What we are about is projects which other people can use the output from.  In other words, we’re the kind of community that can throw together a hasty boundary determination guide (for example, just writing “off the cuff”) if we want, and in a matter of days, people will have a quick-reference chart to print out and hang on their cubicle wall, use as a C&A artifact, cut up and make training slides from, use to teach their boss, and thumb through on the metro.

This is all stuff that if I were to do it for an agency, you wouldn’t be able to use it because it would belong to my customer or have sensitive data in it or be covered under a non-disclosure agreement.  However, all of us can clean-room a version and then it belongs to everybody.

Now isn’t that special?

• In This Corner, the Business Reference Model
• And in This Corner, Special Publication 800-60
• Feds to Embrace SaaS, End is Nigh for Security!
• The “Off The Record” Track
• ISM-Community DC Chapter Meeting Announcement

Well, I’m shocked.  I thought maybe people would trickle into ISM-Community and that it would be a gradual growth of users, chapters, and forum posts.  For the first 2 days, I have to say it’s been an overwhelming response, more than I was expecting.  To be honest, I didn’t know what to expect, and if it was just hyperbole.

I’m still trying to land on my feet, so to say, and things just keep coming.  Things are still fun, I guess we’re in the NPO honeymoon stage.  If this pace keeps up, though, I’m going to need to clone myself into a random array of redundant Mikes just to be able to sleep.

This is what I miss about the dotcom era.  Even though I ended up broke, divorced, and homeless by the time it was over, by God it sure was a fun ride at times. =)

The lesson of the ISM-Community launch is that there is a need for what we want to accomplish, and there are people who realize that there are things in a NPO that you can’t do elsewhere.  For example, create joint intellectual property where normally it would be a proprietary process, tool, etc.

• ISM-Community DC Chapter Meeting Announcement
• Can I at Least Get My Shoes?
• ISM-Community DC Chapter
• Making Press Releases
• Busy Days

Phew, I’m glad today is over.  It’s been a long, hard-won battle.

It started out with a commute out to Largo from Virginia.  It’s an hour-long metro ride, but I have a project that I had to check in on, and it’s been a month since I was last out there.

Then Mark Curphey officially launched ISM-Community.  In the course of 12 hours, we gained 35+ forum members and a sizeable amount of traffic.  It’s like somebody suddenly opened the floodgates.

To top off the day, Andrew Jacquith read my indicator species post and liked it enough to send the link to the security metrics mailing list.  If you haven’t heard of Andrew or his security metrics site by now, you need to go look.  His book is due out on the 30th of March, and it’s none too soon–I’ve been holding my breath ever since he put out the call for peer reviewers.  I don’t consider myself skilled enough at metrics (my metrics are spoon-fed to me by the government) to provide feedback to Andrew, but I sure will learn from reading his book.  I love talking to people who make me feel like I’m Mikey the Village Idiot–Security Geeks-DC was good for this.

• CISO’s Book of Death
• ISM-Community DC Chapter Meeting Announcement
• CISO’s “Book of Death” for June 22nd
• It’s a Series of Pipes
• Making Press Releases