It takes a village...

Help me in making the Call Center Village a reality at a conference near you!

It takes a village...
Photo by Kev Seto / Unsplash

Before we get started, here's what's happening at Call Theory this week:

Office Hours

A weekly meeting with Call Theory and fellow customers to learn, ask questions, and network over general IT, call center, and Amtelco topics.

Scripting Sessions

A weekly meeting to train Amtelco Intelligent Series scripting topics from Basic, Intermediate, and Advanced topics on a repeating schedule.


Billing Update

I'm taking a small break from writing more about billing while I work out the remaining formulas...back soon!

GitHub - CallTheory/billing: Call Theory Billing
Call Theory Billing. Contribute to CallTheory/billing development by creating an account on GitHub.

Security Theater

Over the past several years, Call Theory has leaned towards the security side of the industry. For example, we spent time attending and learning at:

Additionally, we took steps to become more well rounded in our security knowledge and abilities:

TryHackMe | Cyber Security Training
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

Hack with me! https://tryhackme.com/r/p/labbett

This accumulated knowledge and ongoing learning helped Call Theory identify and report Amtelco Incident 202405-1 earlier this year, relating to the use of static and low-entropy encryption keys.

Security Villages

This leads me to the concept of a security village, which I first learned about after attending some of the mainstream security conferences mentioned above.

Here's a definition from BlueTeamCon:

Villages are individual rooms throughout the conference that provide unique experiences. The villages will run through the entire conference, and most are free to walk in and out of as you like.

DEFCON has a pretty large selection of villages:

DEF CON® 32 Hacking Conference Villages

DEFCON 32 Villages

Essentially, they are micro-conferences or events that setup some-level of informational/educational content relevant to the community - often in an interactive manner.

I need to re-iterate the informational and educational aspects of these villages: they are not intended for flimsy marketing attempts or for sponsors to sell you stuff. Those generally get weeded out quickly via community outrage.

Another attribute of these villages is that they are generally ephemeral - they move from conference to conference and don't exist in the real world otherwise.

This also means that resources are needed to promote, travel, setup, run, iterate, and tear-down the village – especially if you do it multiple times per year. As a result, many of the villages have some level of sponsorships available to help them become sustainable as ongoing educational opportunities.

The village sponsorships will typically provide digital and/or physical signage on the village website and at the live events for benefits such as:

  • Cash for travel, hotel, conference tickets, and event space for the village staff
  • Temporary or permanent software licensing from relevant vendors to use in educational scenarios
  • Swag to give away to village attendees (stickers, shirts, hats, etc.)

Essentially, some level of support to allow the village to operate.

Escape me?

I realize this is starting to get long, but have I ever told you that I really enjoy escape-rooms?

They are fun, collaborative events that involve a set of gamified (and usually themed) challenges of different types that you must solve to eventually progress and "escape" the room.

Escape Room in Atlanta, Georgia during 2022 NAEO Conference

I've enjoyed every escape-room that I've done, but I was always left wanting more - specifically, I wanted the challenges to be IT/security related where we could use the same security, network, and pen-testing tools from our day-job (or something closer to them.)

What I was looking for was essentially a more-realistic IT and security-based escape-room scenario that caters to IT professionals.

It Takes A Village

Modern call centers provide seamless 3rd-party support across a wide-spectrum of industries, often making security dependent on the client's specific integration. Many of them (and their clients) are also small and medium businesses that often don't have dedicated security roles or teams.

At this point, it started coming together for me:

Per-client security requirements makes call centers an excellent model for educational training as each client-account represents it's own security attack surface.

Imagine if I could create a collaborative, IT and security-based challenge that teaching physical and digital security techniques through a variety of different client-account configurations (i.e., challenges) mapped to actual security techniques from MITRE ATT&CK®.

Bonus points if it caters towards small companies that don't have the same types of resources that those with dedicated security and IT teams have access to.

And well, here we are:

Call Center Village - Security expo and challenge
Call Center Village is a micro-conference and community challenge centered around Answer Target, an escape-room like scenario that mimics a real call center. However, instead of trying to break out: you, your team - and the community - will collectively use your digital and physical security skills to break-in.

Call Center Village micro-conference - In Progress

Hopefully if I can pull this off, you'll see the Call Center Village coming to a conference near you! Check out the website for a ton of information on what I'm planning for this in the future.

Feedback is highly desired - let me hear your thoughts! Just hit reply.

My intention is that the resources used to execute the village - meaning all the knowledge, tools, and information - will be open-source under MIT licensing. This will allow anyone (especially those who run call centers) to have a playbook of call-center focused security techniques at their disposal.