Finally, some good news about Organizational Security

This joint post comes from a group of organizational security practitioners from digital rights groups around the world, including the ISC Project’s Kody Leonard. It was drafted in preparation for a gathering at the Internet Freedom Festival on March 1-6, 2016, in Valencia, Spain.

When a group of us “organizational security practitioners” gathered in Prague in February 2016, we were cautiously optimistic about what we could achieve.

Many security experts and practitioners have been gaining invaluable experience while working to strengthen human right defenders and civil society organizations’ awareness, ability, and confidence in thwarting security threats while continuing on their striving for positive change. Commonly referred to as “organizational security,” this engagement comprises a complex, evolving, and multifaceted process which has been fraught with challenges.

For example, there is increasing belief that solely relying on one-off, tool-based security trainings and workshops pose serious limitations, not the least of which is the lack of systematic follow-up to encourage uptake of skills, practice, and a sustained behavior change. Many practitioners are experimenting with other approaches and transitioning towards more sustained and effective engagements.

So, earlier this month, 15 such practitioners convened in Prague to share our experiences, resources, and approaches, and to address our collective challenges by coalescing our understanding of what organizational security is, and how we, a fledgling community of trainers and organizational security practitioners, can grow and hone our practice.

More specifically, we put thought and effort into understanding and answering some questions:

• What do we mean by organizational security? What are its reaches and boundaries?
• What are the components (or “stages”) of a successful organizational security process? How are they interrelated?
• What are the barriers and the enablers towards success for the organizations? for us, the practitioners?
• What are some of the resources already in place? What more is needed?
• How can we benefit from each other’s experiences? How can we better leverage our collective expertise?

The result was an inspiring start, which we like to share and expand. We want Prague to be the beginning. We were very encouraged and buoyed by the depth and breadth of the collective knowledge to be tapped, and resolved to use the Prague gathering as a launching pad towards a larger knowledge space and a community of practice.

If you are attending the Internet Freedom Festival, we invite you to join us to see what we started in Prague, hear our outline of how to grow as an independent, open, and collaborative community; and if you are interested, to join efforts. You’ll find us at the organizational security session, currently scheduled for Friday, March 4. We want to hear from you about the challenges you face implementing organizational security support and your solutions; about your own organizational security systems and practices; and how you could benefit and contribute as an active member of this growing community.

The Prague gathering included (alphabetical by first name):

Ali G. Ravi, Confabium (post)
Alix Dunn, the engine room (post)
CC, EngageMedia (post)
Friedhelm Weinberg, HURIDOCS (post)
Jon Camfield, SAFETAG/Internews
Karel Novotný, APC (post)
Kody Leonard, The ISC Project
Kristin Antin, the engine room (post)
Maya Richman, the engine room (post)
Michael Carbone, Access Now (post)
Natasha Msonza, Digital Society of Zimbabwe
Niels ten Oever, Article 19
Pablo Zavala, Front Line Defenders
Peter Steudtner, HIVOS-DIF / pantraining
Wojtek Bogusz, Front Line Defenders