We’re excited to have two fantastic guests on our latest episode of Security Nation: Meg King and Beau Woods. Meg and Beau joined us for a great conversation about how to build better collaboration between the security community and policymakers on the Hill. Here’s a recap of what we discussed, along with some pro tips on how you can join the policy conversation at DEF CON, which is just around the corner.

Introducing our guests: Meg King and Beau Woods

Before we dive into our chat on security policy, let’s introduce our guests. Meg King is the Strategic and National Security Advisor to the Wilson Center's CEO and President, and she is also the Coordinator of the Science and Technology Innovation Program (STIP) at the Wilson Center. As a former senior staff member on the House Homeland Security’s Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment, Meg has written on topics ranging from ISIS hackers to encryption.

Beau Woods is a Cyber Safety Advocate with I Am The Cavalry, a global grassroots organization that is focused on issues where computer security intersects public safety and human life. Beau also serves as Deputy Director and Cyber Safety/Innovation Fellow at The Atlantic Council, an American think tank specializing in international affairs. In addition to those two roles, Beau is also the CEO and Founder of Stratigos Security.

Collaborating with policymakers to make better security policy

As we discussed on the podcast, Meg and her colleagues at The Wilson Center have teamed up with Beau to help educate policymakers on security issues. Contrary to popular conceptions about how D.C. power brokers operate, many of these folks genuinely want to understand how they can make our country more secure. We have a unique opportunity to help them learn how technology works so the government can then create useful legislation and oversight.

As Beau pointed out, this change has only recently taken place within the past five years or so. Now, infosec is on the tip of everybody's tongue in the Beltway. Members of Congress, federal agency employees, and congressional staffers are actually some of the most receptive audiences you could have because they want to get things right. We're at a time in history when folks in the information security community can make a huge impact by engaging in policy. And there's an open invitation from D.C., more or less, to go do that.

If we don't step up and become part of the solution, then D.C. staffers will look elsewhere for the guidance they need—potentially even to people who may have their own misguided ideas or unhelpful agendas. As security professionals, it’s incumbent upon us to do what we can to make sure that the policies that we're setting today are the best that they can possibly be.

D.C. to DEF CON: Bringing policymakers to Las Vegas

As Beau shared with us on the podcast, this outreach to D.C. has been underway for some time now and it’s already produced incredible results. A couple of years back, Beau started an initiative with the Atlantic Council called D.C. to DEF CON in which members of Congress would attend DEF CON to get completely and fully immersed in security conversations.

By engaging with the hacker community, these members of Congress began to understand that we all want the same thing and there's actually an untapped resource they can turn to for security expertise. Thanks to what they’d learned at DEF CON, these policymakers were able to go into policy conversations with a far more informed perspective, having learned firsthand how the security community actually views certain issues. As a result, they were able to bring what they’d learned into their policymaking.

Without actually knowing about Beau's efforts to bring members of Congress to DEF CON at the time, the Wilson Center's programming was focusing on creating similar educational experiences for congressional staff. Last year they brought about 15 or so staffers to DEF CON, with plans to bring a similar number of staff to this year’s event, and this year, they’re bringing members of Congress, too.

Says Meg, “We had some senior staff who were blown away … by the opportunities that they had been missing by not coming to DEF CON, the chance to talk with the infosec community, to literally sit side by side and have them walk through how to hack your car.” These senior staff then raved to their bosses, who became excited about security as well. A lot of good ideas arising from the conversations that the staffers had at DEF CON were then integrated into their work on the Hill.

Building on all of these successes, the D.C. to DEF CON team has joined forces with Meg and the BSides Las Vegas Conference on a collaborative effort to get even more policymakers engaged this year. They’ve got a dedicated track at Public Ground that includes several one- to two-hour sessions focused on public policy-level topics. To find out about what's on the agenda, check out the BSides Las Vegas conference schedule and view the list of talks and roundtables going on at Public Ground as well as the I Am The Cavalry talk.

How to join the security policy conversation at DEF CON

If you’re headed to Las Vegas, you might be wondering how you can participate in some of these policy conversations. A great first step, as we mentioned above, is to check out the Public Ground track at DEF CON. If you’re planning on going to BSides, definitely take a look at the I Am The Cavalry track. (Pro tip: As Beau shared with us, you don’t actually need a BSides badge to get in for Public Ground or I Am The Cavalry.) For either or both events, you can dip a toe in the water or just jump right in, depending on what suits you best.

Security Nation's own Jen Ellis will be taking the main stage for a talk on Aug. 9 at 10 a.m. alongside Cris Thomas (also known as Space Rogue), Congressman Langevin from Rhode Island, and Congressman Lieu from California. They’ll break down a specific threat, examine how Congress might react to it, then discuss ways in which Congress could do better when confronted with such a threat. Former Congresswoman Jane Harman, who runs the Wilson Center, will moderate.

Jen’s particularly excited about one of the Cavalry track talks featuring representatives from DHS and the Office of Management and Budget (OMB), who are going to discuss how the U.S. government is thinking about building a program for vulnerability disclosure for all civilian federal agencies. Richard Manning of UK government’s National Cyber Security Centre (NCSC) will be giving a talk about what the UK is doing around IoT security. The Hewlett Foundation, which is underwriting so many of these important cybersecurity policy conversations we’re about to have in Las Vegas, will also have a suite during DEF CON where people can host informal discussions on a variety of policy-related topics.

Beyond that, Beau recommends even reaching out to your member of Congress or even your state and local government offices to begin a conversation, introducing yourself and offering to help. The folks who work in these offices are much more approachable than you might expect.
You might not see anything come of the conversation right away, but they may well reach out to you the next time they have a question and need an independent voice from somebody who intimately understands the technology involved. Persistence is key—don’t be afraid to politely follow up.

That said, not everybody feels comfortable just diving in. If you’re shy and you just want to talk to hacker types, Tod recommends that you check out I Am The Cavalry or reach out to the Center for Democracy and Technology. Some other great organizations worth contacting include the EFF, Keep Up Today, New America, and the Open Technology Initiative.

Our thanks go out to Beau and Meg, not just for coming on Security Nation but also for all of the work they’re both doing to build better collaboration and advance the right kind of cybersecurity policy in D.C. If you’re headed to DEF CON, we’ll see you in Las Vegas! Be sure to stop by and say hello!