Also participating in the discussion (and helping with questions and taking notes) were:
- Kristin Antin, Huridocs
- Rachel Weidinger, Derecho Labs
- Kaustubh Shrikanth, Greenhost
Key points from the discussion
Correction: during the discussion, Soraya misspoke, saying that they have translated SEC into thirteen languages. They have actually translated SEC into eleven languages.
- The SEC was developed after the US Presidential Election in 2016 to support emerging digital security trainers.
- EFF already puts out materials like Surveillance Self-Defense, which is a resource for individuals to understand how to use tools, but not necessarily for trainers. The vision was the SEC would be a way to help trainers explain the underly concepts of SSD.
- User centred design methodologies were critical to their approach. They engaged emerging trainers and asked them specifically what would work and what wouldn’t for training in their communities. They spent quite a bit of time testing assumptions and listening. Soraya initially started with a set of slides, but trainers needed something physical they could hand out.
- It took about a year to develop the SEC website, which is quick for curriculum but longer for a website.
- Regarding Network-Centric Lifecycles – the SEC is currently in the Birth (Launch) phase, and they are hoping it will be a living document that will continue to grow
- They started out by researching other materials that were out there and seeing what they could learn.
- They had ten personas for participants of training and ten personas of trainers. They also included ‘inclusive design’ principles in developing those. These were critical for their writing sprints. Two resources that were helpful for this:
- Along with getting test curriculum, out into the field and seeing how they would be used, they distributed the materials to partners and solicited feedback.
- Other resources that were helpful for the SEC
- LevelUp and its materials on how to be a good trainer and the problem-solving approach to learning.
- and more in SEC’s credits
- tart by understanding the threat model and then setting expectations about the ability to learn tools like PGP and TOR. Sometimes it can be more critical to understand the underlying concepts behind PGP and TOR than actually learning about the tool itself.
- To understand how good your content is, it’s critical to listen to users. Soraya strived to make people feel comfortable to tell her what frustrates them in the materials.
- In making sure that materials are ready to launch, it’s important not to be too much of a perfectionist. It’s important to understand when it’s good enough, but communicating that you want feedback on how to improve it.
- Getting back to the Lifecycles post – the process of developing the SEC has been well matched to the pre-conceptions, conceptions, and birth phase, and they are still figuring out the rest of the stages of the SEC Lifecycle.
- Kristin Antin pointed out how when you are writing code, you are often getting inputs and eyes on the code as you are going along, but when we are working with text-based content, it can be very different. We mentioned:
- We need to remember that user centred and human centred design methodology actually comes from good old-fashioned community organising. In terms of the SEC, it can be a tool for leadership development in those communities learning about digital security. Stay tuned to The FabBlog for an upcoming post. We also mentioned:
- O’Reilly’s Art of Community
- Sal Alinsky’s Rules for Radicals
- In regards to the LifeCyles – repositories for content is critical for an Afterlife. GitHub is a tool currently being used, but it’s far from perfect for text.
Questions that EFF is currently asking to help improve SEC:
- Have you used our Security Education Companion to prepare to teach digital security to beginners? Did you look at it on a computer, tablet, phone or other device? What was your impression of the website?
- In particular, have you used any of our Security Education 101 articles (https://sec.eff.org/articles) or Lesson plans (https://sec.eff.org/topics) to prepare for a workshop? If so, was the information helpful? What additional information would you have liked to see?
- If you used a lesson plan (https://sec.eff.org/topics), we’d love to hear how the lesson went. Did our time estimates account for how long it actually took? Were learners still confused? What kinds of questions did learners ask? Did you feel adequately prepared to answer these questions?
- If you used a teaching material (https://sec.eff.org/materials), such as a gif or a handout during a digital security workshop, what did you find to be useful? Were learners able to participate fully (e.g. were they asking questions that indicated that they were paying attention and understood the overarching lesson)? Did learners have questions when looking at the resource, and if so, what were they? Were instructions on handouts and on how to teach gifs sufficiently clear?Was there anything that frustrated you about using the site or any of our resources?