Vulnerability Management Blog

NorthSec: On giving back…

We always come from somewhere

Almost no idea arises from a complete void. The idea of a genius thinker that possesses ideas that no one has is to startup world what unicorns are to biology: a fairy tale.

Delve is certainly no exception to this reality. Before Delve had these revolutionary ideas of incorporating the areas of big data, machine learning, and vulnerability assessment into a single solution, there was a group of people, at a given time, who were gathering together to collaborate, exchange ideas and try to figure out a solution to address a common set of problems. If these people had this chance of being in the right place, at the right moment, it was because of the strength of the community they were, and are still living in.

Speaking of community, one of the events we are very proud to support is NorthSec (nsec). This event that takes place in Montreal every year is certainly one of the best in its class in both the quality and pertinence of its content, but also regarding the core values on which the organization is rooted.

As this year’s event just ended with another flawless execution, I think it’s important to take some time to talk about what NorthSec is, the reasons why it thrives and the role Delve Labs plays in helping to support its success.

An event like no other

For those who are unaware of NorthSec, it was started seven years ago as a modest Capture the Flag event oriented toward hardcore security professionals who felt limited by a lack of daily challenges. Over the years, it has evolved into a modern-day security event powerhouse with trainings, workshops, a conference, and the largest on-site security CTF in the world. The event now gathers more than 1,000 people, of which at least 600 infosec pros participate in it’s strictly local-LAN, hardcore CTF for more than 48 hours. This is an exciting, yet grueling experience that no one can ever forget. On top of that, NorthSec is committed to the strictest policy of inclusiveness that makes it possible to create an atmosphere and forum which fosters equality amongst all speakers ,volunteers, and participants without compromise.

Getting back to its core values, one of NorthSec’s strengths has always been its capacity to survive monetization and corporate takeover. Through it’s seemingly simple “by the community, for the community” based message, the event has managed to keep an incredible 50 percent year-to-year growth record without ever recording a financial deficit. As a matter of fact, the event has also been able to steadily reduce its dependency on sponsorship money, to a point where commercial support is now absolutely unnecessary.

This tremendous success has been made possible as a result of many factors, one of them being the direct volunteer support of local corporate partners with absolutely no influence on the decision process, direction, vision and values of this non-profit organization.

NorthSec is an organization that does not participate in the RSA-style circus, where money, image and noise overpower content and pertinence. As a supporting partner, Delve is expected to give as much as our size allows, while getting absolutely the same treatment as a regular volunteer. No sponsored talks, no “event by”, not even a booth with a sales rep – this event is all about the experience, not the sponsors who help to support it.

The virtuous circle

Anyone who runs a corporation, whether it is a startup or Amazon, knows that recruiting talented people, training them, keeping them engaged and on top of their game is a very hard cocktail to mix. This hypothetical cocktail is in fact almost impossible to shake if you’re trying to top it off with some fruits of innovation and the sweet “bitter” of experience. For those who know us, it’s no secret that our involvement in NorthSec is exactly aimed at resolving these issues.

Every year, we offer our employees the opportunity to invest in themselves at NorthSec on their paid time, with no expectation of them making up this time later on. Our policy is simple and could be best described as “no questions asked”.  Given that, it’s no surprise that a part of NorthSec’s executive committee works at Delve. Even those Delve employees who do not serve on the executive team spend time volunteering at the event.

What could look like a very expensive community trip is in fact the most complete and cheapest integrated training available on the market. For the employee wishing to learn management and test themselves under a stressful environment, there’s always a high responsibility role available in the organization. For the employee wishing to invest time in learning new languages, new technologies, and new security paradigms, there is the technical team charge of the CTF challenges. For sysadmins and devops, there’s the infrastructure team. Name any modern day corporate challenge: communication, management, planning and doomsday recovery; and it’s all part of this event. – NorthSec even has a dedicated IoT team for its event badge (pictured above), and the masochists who wish to design them from CAD to production.

By having our company invest in this event in such a massive scale not only provides us with better talent and more skilled humans, it also helps us to give back to the community that made our project possible in the first place. This allows us to truly plant seeds for new innovation, new partnerships, and new local knowledge.

Even if it might sound somewhat radical, it’s a vision we embrace and profit heavily from in the end. 

Most Recent Related Stories

What is Risk Based Vulnerability Management?

Read More

Risk Based Vulnerability Management Product Update

Read More

Growing a Machine Learning project - Lessons from the field

Read More