Contributing to the Cybersecurity Community Scott Morris, Vice President, Chief Information Security Officer at BlueCross BlueShield Western New York sits down to talk to Steve Moore about how to be active on cybersecurity communities. They  talk about how to encourage young security professionals to find their voice, and the importance of sharing information as a means of strengthening the industry as a whole.   What Advice Would You Have for Your Younger Self? I'm not one to really hold regrets or look back at the past, but I would say I've always pursued the uncomfortable things. I always try to find things to solve or problems I could help with, which is how I got around in the day. So always challenge yourself and make sure that you always make the right choices. I would tell my younger self to continue pushing.   What Was Your Actual Start in InfoSec? My starting point was in information technology, more importantly in web development. I used to be a web developer by trade & quickly came to understand the risks involved in that. I continued to grow in my information security knowledge & experience, and for a while I was an expert in my former organization. And then I grew from there with a keen desire to know as much as I can and to help as much as I can in information security. Through observation & conversation, Steve Moore has come to realize that some of the best people in InfoSec didn't actually start off in it. You kind of have to learn to build and create things and ultimately break them before you can know how to defend and protect them. And this is a great foundation As I look back on my career, I recently realized that even from the early days and in previous organizations, I've never actually applied for a position; I've always somewhat in a way created the position. And I did that by finding areas or things that needed to be solved or fixed and made better. In my current organization for example, we had an issue where we were having problems passing or being consistently good in our external audits. I took that on and turned it around, and through that exposure in a very diverse organization, I was able to start piecing together some of the things we needed to get where we are today and build the successful security program we have in place.   Any Tips for Someone Getting Ready to Do What You've Done? The answer is something I tell all of my team members today. For the most part, what we do is not something we're responsible for and we can successfully build respect and great relationships. You need to understand your controllers and the people responsible for these processes and functions and build a relationship with them to help move things forward.   How Did You Get Involved in Security Communities? At my previous role, I worked for a large consulting company and I had a very large community. But I realized that I needed to have more exposure outside of that. So I started turning to people and organizations locally around here. But there weren’t security communities back then; there were more technology communities. So getting involved with technology organizations was my entry point. I was hooked immediately and continued to grow & expand to where I am today.   What Do You Think is the Responsibility of Security Leaders? As a leader, I think it's really important to set an example. I try to do the best I can by participating in these communities in various ways by not only attending it but by being a part of it, being an action and a voice within these communities, and by bringing my teams along and the people that are in this space. As leaders we have a responsibility to continue driving that. In Buffalo we are a pretty small community and we leverage those conduits and forms to continue to grow and vet out what we're doing. So lead by example, participate and the teams will come along.   What Benefits/Changes Have You Seen in the Junior Staff in the Buffalo Area? In Blue Cross Blue Shield, we are fortu