It takes a village...
Help me in making the Call Center Village a reality at a conference near you!
Before we get started, here's what's happening at Call Theory this week:
Office Hours
A weekly meeting with Call Theory and fellow customers to learn, ask questions, and network over general IT, call center, and Amtelco topics.
- Tuesday, 10/8 @ 3pm Eastern
- Zoom Link and additional information
- Fallback Topics - Automating test server environments
Scripting Sessions
A weekly meeting to train Amtelco Intelligent Series scripting topics from Basic, Intermediate, and Advanced topics on a repeating schedule.
- Thursday, 10/10 @ 12pm Eastern
- Zoom Link and additional information
- Training Topics - Basic Assessment (Basic I, Basic II, Basic III topic review)
Billing Update
I'm taking a small break from writing more about billing while I work out the remaining formulas...back soon!
CallTheory
Security Theater
Over the past several years, Call Theory has leaned towards the security side of the industry. For example, we spent time attending and learning at:
- BlueTeamCon
- Columbus B-Sides
- DEFCON 31
- DEFCON 32
Additionally, we took steps to become more well rounded in our security knowledge and abilities:
- we partnered with Drata to provide security compliance options,
- launched Grove City Tech Lab and now run a monthly digital and physical lock-picking meeting,
- created and ran our own 6-week security workshop through TryHackMe called the Call Theory Security Workshop that focused on the specific software and services our customers are using
- we regularly internally train security topics and tools on TryHackMe and HackTheBox
Hack with me! https://tryhackme.com/r/p/labbett
This accumulated knowledge and ongoing learning helped Call Theory identify and report Amtelco Incident 202405-1 earlier this year, relating to the use of static and low-entropy encryption keys.
Security Villages
This leads me to the concept of a security village, which I first learned about after attending some of the mainstream security conferences mentioned above.
Here's a definition from BlueTeamCon:
Villages are individual rooms throughout the conference that provide unique experiences. The villages will run through the entire conference, and most are free to walk in and out of as you like.
DEFCON has a pretty large selection of villages:
DEFCON 32 Villages
Essentially, they are micro-conferences or events that setup some-level of informational/educational content relevant to the community - often in an interactive manner.
I need to re-iterate the informational and educational aspects of these villages: they are not intended for flimsy marketing attempts or for sponsors to sell you stuff. Those generally get weeded out quickly via community outrage.
Another attribute of these villages is that they are generally ephemeral - they move from conference to conference and don't exist in the real world otherwise.
This also means that resources are needed to promote, travel, setup, run, iterate, and tear-down the village – especially if you do it multiple times per year. As a result, many of the villages have some level of sponsorships available to help them become sustainable as ongoing educational opportunities.
The village sponsorships will typically provide digital and/or physical signage on the village website and at the live events for benefits such as:
- Cash for travel, hotel, conference tickets, and event space for the village staff
- Temporary or permanent software licensing from relevant vendors to use in educational scenarios
- Swag to give away to village attendees (stickers, shirts, hats, etc.)
Essentially, some level of support to allow the village to operate.
Escape me?
I realize this is starting to get long, but have I ever told you that I really enjoy escape-rooms?
They are fun, collaborative events that involve a set of gamified (and usually themed) challenges of different types that you must solve to eventually progress and "escape" the room.
I've enjoyed every escape-room that I've done, but I was always left wanting more - specifically, I wanted the challenges to be IT/security related where we could use the same security, network, and pen-testing tools from our day-job (or something closer to them.)
What I was looking for was essentially a more-realistic IT and security-based escape-room scenario that caters to IT professionals.
It Takes A Village
Modern call centers provide seamless 3rd-party support across a wide-spectrum of industries, often making security dependent on the client's specific integration. Many of them (and their clients) are also small and medium businesses that often don't have dedicated security roles or teams.
At this point, it started coming together for me:
Per-client security requirements makes call centers an excellent model for educational training as each client-account represents it's own security attack surface.
Imagine if I could create a collaborative, IT and security-based challenge that teaching physical and digital security techniques through a variety of different client-account configurations (i.e., challenges) mapped to actual security techniques from MITRE ATT&CK®.
Bonus points if it caters towards small companies that don't have the same types of resources that those with dedicated security and IT teams have access to.
And well, here we are:
Call Center Village micro-conference - In Progress
Hopefully if I can pull this off, you'll see the Call Center Village coming to a conference near you! Check out the website for a ton of information on what I'm planning for this in the future.
Feedback is highly desired - let me hear your thoughts! Just hit reply.
My intention is that the resources used to execute the village - meaning all the knowledge, tools, and information - will be open-source under MIT licensing. This will allow anyone (especially those who run call centers) to have a playbook of call-center focused security techniques at their disposal.