Finally, some good news about organizational security

This joint post is co-authored by Michael Carbone and fellow organizational security practitioners from digital rights groups around the world, in preparation for a gathering at the Internet Freedom Festival on March 1-6 in Valencia, Spain.

When a group of “organizational security” practitioners gathered in Prague this February — see the full list of participants below — we were cautiously optimistic about what we could achieve.

Many security experts and practitioners have been gaining invaluable experience while working to strengthen human right defenders’ and civil society organizations’ awareness, ability, and confidence in thwarting security threats while continuing their striving for positive change. Commonly referred to as “organizational security,” this engagement comprises a complex, evolving, and multifaceted process which has been fraught with challenges.

For example, there is increasing belief that solely relying on one-off, tool-based security trainings and workshops poses serious limitations, not the least of which is the lack of systematic follow-up to encourage uptake of skills, practice, and a sustained behavior change. Many practitioners are experimenting with other approaches and transitioning towards more sustained and effective engagements.

So, earlier this month, 15 such practitioners convened in Prague to share our experiences, resources, and approaches, and to address our collective challenges by coalescing our understanding of what organizational security is, and how we, a fledgling community of trainers and organisational security practitioners, can grow and hone our practice.
More specifically, we put thought and effort into understanding and answering some questions:

  • What do we mean by organizational security? What are its reaches and boundaries?
  • What are the components (or “stages”) of a successful organizational security process? How are they interrelated?
  • What are the barriers and the enablers towards success for the organizations? For us, the practitioners?
  • What are some of the resources already in place? What more is needed?
  • How can we benefit from each others’ experiences? How can we better leverage our collective expertise?

The result was an inspiring start, which we would like to share and expand.

We want Prague to be the beginning. We were very encouraged and buoyed by the depth and breadth of the collective knowledge to be tapped, and resolved to use the Prague gathering as a launching pad towards a larger knowledge space and a community of practice.

If you are attending the Internet Freedom Festival , which takes place March 1-6 in Valencia, Spain, we invite you to join us to discuss what we started in Prague; hear our outline of how to grow as an independent, open, and collaborative community; and if you are interested, to join our efforts.

You’ll find us at the organizational security session, currently scheduled for Friday, March 4th. We want to hear from you about the challenges you face implementing organizational security support and your solutions; about your own organizational security systems and practices; and how you could benefit and contribute as an active member of this growing community.

The group of practitioners who gathered in Prague included (alphabetical by first name):
Ali Ravi, Confabium (see post)
Alix Dunn, the engine room
CC, EngageMedia (see post)
Friedhelm Weinberg, HURIDOCS (see post)
Jon Camfield, SAFETAG/Internews (see post)
Karel Novotný, APC (see post)
Kody Leonard, The ISC Project (see post)
Kristin Antin, the engine room (see post)
Maya Richman, the engine room
Michael Carbone, Access Now
Natasha Msonza, Digital Society of Zimbabwe
Niels ten Oever, Article19
Pablo Zavala, Front Line Defenders
Peter Steudtner, HIVOS-DIF / pantraining
Wojtek Bogusz, Front Line Defenders