InfoSec Coffee Break

An InfoSec Coffee Break is a security awareness technique to engage technologists and have meaningful conversations. Discussions about process and control improvements occur organically. Coffee break calls also result in cultural change, security advocacy and risk mitigation. Attendees learn along the way and keep current on emerging threats and countermeasures.

Start by hosting a 30 minute call and leading a review of InfoSec news and resource links. Encourage participants to submit their own links to an e-mail distribution group. On future calls, review links in order of submission. Links from attendees with differing interests lead the calls into new topics and areas of focus.

Those guidelines keep things fresh. Thirty minutes goes by fast. Gently influence each topic to five minutes or so. In practice there are about four topics per call. Maintain the casual water-cooler feel of a coffee break.

Meeting Invite Template

Subject: InfoSec Coffee Break (Meeting Invite)
To: infosec-coffee@<company>.com
Cc: infosec-team@<company>.com

Purpose: Participants in this weekly call discuss emerging threats and vulnerabilities. Topics include attack vectors, hacking techniques and countermeasures. We do not try to solve for every topic. The Moderator keeps the call moving and may recommend an offline meeting. This call promotes security awareness in general. Valid topics include ways to learn more about best practices and pursuing InfoSec certifications.

Process: Participants in this call send links to infosec-coffee@<company>.com. The Moderator calls out topics in order of receipt. The person who submitted the topic speaks to it. Send an e-mail to <Name>, asking to be added to the distribution group.

Image background: Coffee cup

Click here for more professional development tips