In early 2019, we kicked off a project, partnering with Internews, which was dedicated to understanding how the organisational security community is growing and how that growth can be supported. This community research helped us provide some definitions of what organisational security work constitutes, what value practitioners from engaging in online communities, and what barriers prevent practitioners from engaging with and benefiting from such community spaces.
We did desk research, attended and participated in key community spaces and events, and conducted interviews and focus groups with 15 practitioners from different regions and communities, representing a broad range of perspectives and backgrounds.
We’re excited to present some outputs of this research today! We also invite you to catch up on past posts about this work, which also contain lessons learned.
The tools and documentation that emerged from our research are valuable for organisational security practitioners who are facilitating or participating in community spaces, researchers looking to better understand the value of connecting with one another globally, internet freedom community facilitators and funders who are looking to support the strengthening and growth of these communities.
From community research to community strengthening
We found this research to be illuminating as it gave us a more nuanced understanding of what this community looks like– for example, what backgrounds practitioners were building upon and what specific languages and framings were needed. It also strengthened some aspects we were already seeing through our support, like how important it is for orgsec practitioners to get to know an organisation and their context, check in with them after making recommendations, provide implementation support and make adjustments when contexts change.
We’ve used these learnings to contribute to the strengthening of the organisational security practitioners community itself, more specifically, the orgsec.community, which has community tools, a wiki and a mailing list. We have been part of this community since its beginning in 2016, and it’s been a valuable space for us to learn, reflect and connect with other practitioners that are experiencing or have experienced similar challenges.
The Orgsec Community Guidelines and tools update
Over the past several months, we have begun bringing our research findings into the ‘real world.’ We facilitated several community conversations where we shared the newly developed guiding principles and co-designed (with the orgsec.community) how we, collectively, want to apply them. This led to the development of an Orgsec Community Guidelines document, which gathers community agreements on how to collaborate and connect with each other, with the aim of making these community spaces and tools welcoming for a diverse community. We also updated the wiki to bring it into closer alignment with the current community and its needs. Finally, we contributed to the development of a community Code of Conduct and its Response team.
Throughout this entire experience–from research to implementation–we learned many things; here’s a look at some of what we learned.
Braiding security knowledge and approaches
The majority of our interviewees viewed organisational security as holistic security. That is to say, they focused not just on technical aspects of security, but also on communication and engagement skills, understanding context and more. As one practitioner defined it: “[holistic security points to] integrating awareness and practices around security–whether that’s wellbeing, physical, digital security–within all aspects of the organisation.”
This understanding of organisational security intertwines with the fact that organisational security practitioners have varied backgrounds. These ranged from roots in activism, feminist social movements and social sciences to previous roles in private sector security and computer science, and everything in between.
If connections between practitioners are strengthened, knowledge-sharing practices exist and individual journeys intersect, this diversity can become a strength. Braiding together different approaches and experiences can strengthen human rights defenders and organisations and can connect practitioners with resources to respond to the ever-changing challenges they face. This makes communities–in-person and online–key spaces to be nurtured.
Collaborating in uncertain times
While we were working in the community co-design, the Covid-19 pandemic hit many latitudes of where the practitioners are based. “Everything was on fire,” said one of the practitioners who couldn’t make it to one of the community calls.
Working in organisational security can be an intense job, as many practitioners shared through our research. Practitioners, especially those working as consultants or those working alone on security within an organisation, can also feel isolated: “We hide from the evil, but also from each other, so it’s hard to find each other.”
With the pandemic, human rights organisations have moved to remote offices and, in some cases, new technology developments supporting government surveillance have been put in place. This has made some organisations rethink their information and communications security practices, and required that practitioners get up to speed with online facilitation, training, and creating new digital resources.
Online community spaces can become a great resource to share practices and resources to support each other in these new scenarios, as it has been shown in the orgsec.community gatherings and the recent Organisational Security Village hosted by Internews. In our experience, addressing context, facilitating reflection on challenges and creating synchronous and asynchronous spaces to share resources, can contribute to community sustainability.
Long term support, longer term facilitation
“Long-term support is the only way to make [an organisation] more resilient”, said one of the practitioners during our research. We have a similar feeling towards community facilitation.
Throughout these months, we’ve been able to facilitate community engagements within the orgsec.community, which we believe have been working towards community strengthening.
While practitioners support human rights organisations through organisational change, they face staff turnover and burnout, while working in a often shrinking space for social justice work. Global context can also rapidly shift, as we’ve seen this year, as new technology developments that threaten human rights are designed and implemented. This, added to the long term support nature of organizational security where even years of support provision can be required, would benefit from a longer term perspective of community facilitation that supports community sustainability.
Illustrated by Matilde Salinas.