The democratisation of knowledge in cybersecurity

All industries gate-keep knowledge. Some make it obvious, and others are more subtle about it – like academia, where complex, subject-specific language keeps the general public from understanding research. In cybersecurity it’s a bit of both; some information is actively concealed, while other information is guarded more covertly, through systems and language.

But for security, gate-keeping is usually counterproductive. The democratisation of knowledge improves security and protects people – so within the field, a growing number of experts are working towards better access to information, tools, and skills.

Why is the democratisation of knowledge important in cybersecurity?

Cybersecurity threats affect everyone. All organisations (of all sizes) and all individuals. So ultimately, making cybersecurity knowledge accessible to everyone allows more people and organisations to play an active role in preventing and responding to threats. 

Creating better access to security information helps to bridge the knowledge gap between cybersecurity experts and everyone else. This empowers people to use security tools effectively and engage in best practices – and in return, it makes the job easier for cybersecurity professionals. Knowledge and awareness are powerful routes to minimising human-generated vulnerabilities across networks, so making that knowledge available should be a key concern for the cybersecurity sector. 

And when more people from a diverse range of personal and professional backgrounds are actively engaged in cybersecurity best practices, the talent shortage in cybersecurity becomes a less urgent issue. There are less gaps to fill, because everyone has the capacity to protect their data. 

Among cybersecurity professionals, shared knowledge drives greater resilience

The democratisation of cybersecurity knowledge within the sector, between cybersecurity professionals and enthusiasts, is also critical for developing a culture of security and improving resilience. 

When we interviewed Paulino Calderon (Co-Founder at Websec), he said: 

“I genuinely believe in the power behind the democratisation of knowledge. I joined a program sponsored by Google that gave funds to open-source projects, and the infamous port/service scanner Nmap took me under its wing. I learned much from collaborating with people worldwide and sharing contributions with millions of users.” 

“The amount of experience and knowledge we can gain if the information is freely available is mind-blowing,” he added. “Mainly because when I started learning about cybersecurity, the information was mostly shared in small circles/silos. Together, we can make significant strides toward a future where technology serves as a bridge rather than a barrier, connecting us in our shared pursuit of progress.” 

The cybersecurity sector is getting better at sharing information. In recent years, structured principles and guidelines for sharing threat information have been developed and tested, and threat-sharing arrangements are drawing participation across sectors – with public and private organisations, non-profits, and law enforcement bodies getting involved. 

And open-source projects are at the heart of democratising knowledge. Not just because they make research, tools, and information freely available – but also because the act of engaging with open-source efforts helps to foster a culture of collaboration and knowledge-sharing. And that filters out into the rest of the sector, and beyond. 

Shared knowledge and open-source projects drive more robust security. That’s why enabling collaboration is at the core of everything we do at Black Hat MEA: because when cybersecurity professionals have the opportunity to learn from each other and elevate one another, the sector increases its capacity to protect against constantly evolving threats.

If you want to immerse yourself in the future of cybersecurity, join us in Riyadh for Black Hat MEA 2024.