The workshops are for adult learners who have many priorities, are part of organizations, and are connected to the reasons for doing digital security work.
Workshop 1: Our work is political.
In Week 1, we introduce the principles of holistic security and the need for a holistic approach, and outline several goals we have for the coming weeks and months. We develop practices in all of these areas in the course of the following weeks.
Objectives:
- Build a shared understanding of how politics and power shape the technologies and practices of surveillance
- Discuss and share strategies for using collective action to shift the design of technologies and practices of surveillance
- Develop risk assessment as a tool to bring back to each organization
- Understand why and how to use 2-factor authentication, strong passwords, and password managers to reduce unauthorized account access
- Recognize phishing attacks and identify ways to change phishing-vulnerable behavior
Topics we cover:
- State Surveillance, Colonialism, and Racism: a Brief History
- Risk Assessment: What it is, how to conduct risk assessments
- Holistic Security: What it is, why it's important
- 2-Factor Authentication
- Password Managers
Workshop 2: Our work is both individual and collective.
In Workshop 2, hear from guest speakers working in law and immigration justice. We take a step back and deepen your understanding of how the internet works, paving the way for a look at safer browsing habits and VPNs.
Objectives:
- Determine what data stewardship means to us as individuals and organizations
- Understand risks legal discovery poses to data privacy and security
- Deepen understanding of how networks and browsing work
- Gain familiarity with tactics and tools for network and browsing privacy and security
- Gain experience with VPNs
- Discuss motivation for increased browser privacy and security, and explore available tools
Topics we cover:
- Data stewardship and accountability
- Guest lectures: Speakers from NYCLU and Black Law Movement Law Project
- Understanding the internet: Networks, Wifi, Internet infrastructure and web requests
- Hands-on with VPNs
Workshop 3: Our work is about learning from and taking care of each other.
In Workshop 3, we shift focus to smaller group work, where we cover a range of hands-on topics from safer social media use to encrypted messaging. The majority of our work is in small groups, and we discuss organizational security and the elements for creating a security policy-making team in your organization.
Objectives:
- Support peer-sharing through facilitation and design of workshop
- Support participants at different levels by providing possibilities for reviewing topics and tools or engaging with new topics and tools
- Policy and Organizational Change: Make connections between topics we have covered and participants using workshop material to develop organizational policies and organizational security
- Provide concrete takeaways for participants to reinforce and deepen understanding and practice.
Topics we cover:
- Organizational security principles to enacting change
- Breakout Sessions: Hands-on topics reviews (Password Managers, 2-factor Authentication, VPNs and how to use them, Secure browsing)
- Breakout Sessions: New concepts (Encrypted video calling, Safer social media use, Action safety planning, Encrypted Messaging, Action Filming & Documenting safely)
Workshop 4: We do our best work when our values and practices align.
We tackle policy development topics and introduce concepts around policy and values alignment. The goal is to shift the conversation from the tools and tactics of the individual to the wider lens of how practices can become policies at an organizational level.We also revisit our breakout groups in order to have in-depth conversations on organization-level issues such as dealing with reluctance/disrupted workflows when adopting new security practices, tackling accusations of paranoia or frustration with new methodologies, and identifying realistic and achievable goals for your organization.
Objectives:
- Guide organizational self-assessment of existing resources and practices
- Identify team members who will support and drive policy drafting
- Begin to articulate a stated security strategy/vision and identify existing areas of alignment and improvement with this vision
- Create introduction to policy drafting plans to take back to organizations
Topics we cover:
- What alignment of values and practices looks like
- Self assessment: Where are our organizations in their policy-drafting process?
- Policy development working groups: fostering security culture, identifying goals, addressing the disruption of existing workflows, tackling paranoia, choosing alternative tools, and revisiting risk assessments
- Strengths Inventory/skillshare: Successful organizational tactics and campaigns
Workshop 5: Our work is ongoing, and this is the just start of a longer, sustainable process.
In our final workshop, we combine some final skill-building sessions on encrypted file storage and backups with a team activity on incident response, which brings together everything we have worked towards in the previous four workshops.We also debrief and wrap up as a group, looking at the ground we've covered, and get feedback on participants' experience.
Objectives:
- Learn about file and disk encryption
- Understand the importance of backups/redundancy and encrypted file storage
- Revisit safer social media use and how to choose and evaluate tools
- Synthesize concepts such as risk assessment, organizational policymaking elements, and concrete tools and tactics in team-based incident response scenario
- Debrief workshop series and collect exit metrics, feedback, and discuss goals for the project
Topics we cover:
- Encryption
- Choosing tools
- Safer Social Media II
- Backups and secure file storage
- Incident Response
Roadmap for Leading Successful Organizational Digital Security Trainings
Step 1: Get a few people to lead the digital security training project: facilitators and participant organizers. We recommend at least two facilitators per workshop, and more is ok!
Step 2: Prepare! Read through the Prep, Design & Facilitation Guides, plan your workshop series timeline and start to book locations and trainers’ meetings
Step 3: Participants! Identify, invite, and pre-survey your organizational participants
Step 4: Leader/facilitators prepare for each workshop ahead of time by assembling or using existing agendas, reading guides, print out handouts and activities etc.
Step 5: Host and lead the workshop(s) making sure there’s time for breaks and questions! Step 6: Survey participants to see how it went, what else they need, and how to improve - and debrief this information with the workshop leaders.