From Meeting Rooms to MozFest
So I ran my first MozFest session this year (spoiler: it was awesome) and I have been asked to share the journey leading me to this session. Spoilers takeaways:
- Push past imposter syndrome
- Listen to people when they contact you
- Grab opportunities
A long time ago …
… well not that long. This journey (well the story of it) began in 2015. I was working at Orange (the ISP) as a security engineer when I created a role playing game to engage non-technical and non-security practitioners in Cyber Security. Why I did it could fill another post. I created it for just one meeting actually. But the participants of the meeting told their colleagues how much fun they had, and suddenly a bunch of people wanted to play the game!
The same year I participated at a (maybe ‘the’) big french security conference, a highly technical one. The conference has a type of session called “rump session”, also called “lightning talks” in other conferences. Basically it is a collection of very short talk; 3-minute here. Talks are scheduled without a selection process; the slots are attributed on a first come first served basis. I decided to share the game through a 3-minutes talk. I though it might be of interest to less than 10 people (out of the 400 in the room) who had a job similar to mine. I hoped that the others could just have fun listening to the quotes I put in the presentation. Hello, Imposter Syndrome!
The feedback of this 3-minute talk blew my mind. So many people came to me in the hours after the presentation telling they had the same kind of issue I tried to resolve with this game and how they liked the solution. Suddenly this game was not just “something funny I did” but something actually useful to a lot of people.
BlackHat and first contact
Empowered by the feedback, I decided to submit the idea to a security conference. And I was rejected. So, in my mind, I went back thinking of the game as “something funny I did”. But during that time, people at work kept coming at me to play the game, and the results were there: more people became engaged in security, more people began calling the security teams, even reporting possible security incident. So, on a whim, I submitted to BlackHat USA 2016. My objective was to made the game known to some people in the review board and but not to be selected. I had already been rejected by another conference, and Black Hat is the poster child of highly recognized and technical security conferences, so in my mind my game had nothing to do there, but the review board had professionals who may be interested in the game.
I was selected. I could not believe it so I made my husband read the mail of acceptance to be sure I read it correctly. Then I checked the conference site on different devices to make sure it wasn’t a mistake (yes, I did that). When I was relatively confident that nobody made a mistake and that I was *really* accepted, I tweeted about it and made the first contact that led me to MozFest:
@papa_shell had created a security RPG too! His was for role players, with an awesome rule book, dice, characters sheets, and long hours of play, while mine was a 2-hour training without any dice or rulebook, but I did look at it and was glad to know about it.
To Mozilla Global Sprint to MozFest
Fast forward to 2017. @papa_shell contacted me again, he was leading a project for the Mozilla Global Sprint 2017 on his RPG and wanted to know if I would like to co-lead the sprint with him and others.
After hesitating a little (I played RPG a little when I was young but never was a hard core player, and I hadn’t read the full rules book!) I decided to trust him and accept the invitation. Then we spent a couple of day designing new campaigns, characters, and magic creatures for the world of Cryptomancer. Not only did I have fun, but I met chadsansing who was sponsoring this project.
After the summer, chadsansing contacted me again. He encouraged me to submit a session proposal to MozFest 2017 based on my RPG. I didn’t know anything at all about MozFest, or what a session there really was. I looked at the site, and got scared again : it was not a usual talk, but a participatory session, with no way to know if people would show up before the session itself. Could I do this ? MozFest itself seemed to be the right place for the game: the goal of the festival is to promote everything that make the internet a more inclusive, open, safe and useful space. So everything that allows teaching users about security and privacy without blocking prerequisites would have its place here, but the session format was out my comfort zone.
I talked to chadsansing about my doubts and he managed to reassure me (thank you!) so I submitted a session a couple of days before the deadline.
I was selected !
MozFest 2017
I tried to prepare myself for the experience, but the truth is you can’t really prepare yourself for your first MozFest. The participants are basically making your session; you just provide them with a subject and a framework. I did had the occasion to play the game in English for the first time right before the festival, and that was really all of my preparation :)
My session went very well! The majority of attendees was not security practitioners and said they had a lot of fun and learned a lot. *Yeah !*
Also, there were 12 of them and they stayed for the full extent of the session (a lot of people normally come and go during a typical session). I also had two security practitioners who provided me with very interesting feedback on the game, they made me conscious of some mechanics of the game I wasn’t aware of.
The festival itself was an awesome experience, I colored MRI scans with @R3RT0 and Katja Heuer, played a security board game with Geraldo Barros, watched @avadacatavra solder an enigma board, designed my crypto cocktail (yes, a real one), talked about privacy issue for minorities on the web, and even attended a “open leader” session. There were so many different people there, all dedicated to sharing and making our web a better place. Unlike many conferences I’ve been to, the goal at MozFest is not to show off your skills, but to share them to help everyone interested. This gives a specific vibe to the festival which is a truly refreshing experience.
The Journey Continues
And I will remember to stop auto censuring myself, to answer to people who invite me to projects, and to grab the opportunity to actually participate in those projects or events when I have the time to do so!
