Summary
In this episode of What’s in the SOSS, host CRob interviews Clyde Seepersad from the LF Education Department. They discuss Clyde’s journey into open source, the role of LF Education in supporting the community, and the importance of cybersecurity education. They also delve into the development of the Cybersecurity Skills Framework, emphasizing the need for continuous learning and community engagement in the tech industry.
Conversation Highlights
00:00 Introduction to Open Source and LF Education
02:59 Clyde’s Journey into Open Source
05:54 The Role of LF Education in Open Source
09:00 Cybersecurity and the Global IT Cyber Skills Framework
11:59 Framework Development and Industry Collaboration
15:13 Continuous Learning and Community Engagement
Transcript
Intro Music (00:00)
Clyde Seepersad (00:02)
Five years ago, eight years ago it was “What are these container things and how are they going to make a difference?” Fifteen years ago it was “What is this hypervisor and how’s it going to make a difference?” We’re having a moment now where there’s this combination of security’s super important in every single aspect.
CRob (00:20)
Welcome back to What’s in the Sauce, the OpenSSF’s podcast where we talk to interesting people that are involved in open source development and standards and supporting our amazing communities. And this is the season two we’re quite excited to have graduated on to the next level. I’m CRob, I’m one of your hosts here at the OpenSSF.
I’ve had the pleasure to be involved with this community for just under five years and I get this amazing chance to interview some amazing, interesting luminaries. And today we have a real treat. We have Clyde from the LF Education Department and they specialize in helping people understand.
open source tools and methodologies and techniques. So, Clyde, can you give us maybe a few minutes of your open source origin story and kind of explain a little bit about what LF Education does?
Clyde Seepersad (01:19)
Thanks, CRob. I’m excited to be here. I’m excited to have education be talked of as a luminary because often when we do materials, people start looking very intently at their toes and hoping that somebody else will do it. Always happy to get a platform to encourage more folks to come on in. The water is fine. I am sort of a latecomer to open source. I’ve been involved for the past 10 years or so and was off on the dark side doing my thing.
And one day a headhunter called up and said, we have this interesting opportunity. We think you’d be good for it. And at the time I was in Austin, Texas. And I thought, well, know, Austin is not that big a town. It was great to meet extra people. We’ve scheduled a 20 minute coffee and no harm, foul. And it took two and a half hours to wrap up the conversation because we just kept going and I kept thinking, I had no idea that dot, dot, dot.
And so I left that meeting, went home, told my wife that the coffee I had told her about ended up being a two and a half hour conversation and I was going to leave my job and go do this non-profit thing that she had never heard about and that I had only barely heard about several hours earlier. And it just…
CRob (02:35)
must have been some great coffee.
Clyde Seepersad (02:37)
It was good coffee. I think it got cold several times. So the refresh cycle on the coffee was good, which, you know, is important. And, It’s just been such a phenomenal ride, right? Obviously, we’re recording this, whatever, 10 days after the deep seek drop, and cool things just keep happening in collaboratively developed spaces, which is, maybe not ever was thus, but certainly ever will be thus. I think that is the new way that stuff gets done. And of course, one of our big priorities along with everybody else on planet Earth in the last few years has been the security space and trying to think about what more could and should we all be doing.
CRob (03:18)
Mm hm. So a lot of people might not be aware that the Linux Foundation has a whole group dedicated towards training and education. So maybe could you talk a little bit about your group and kind of the things that you all do for the community and our members?
Clyde Seepersad (03:33)
Technical folks like to work on technical problems, right? They like to spin up new projects. They like to work on road maps and get from beta versions to release candidates to GA to one to two to X. Some of them like to go to meetups and connect with other folks. Not terribly many like to step back and think about how will I onboard the next person who isn’t currently super excited about this. And I think that’s where this team shows up as we say, as we show up and we say, listen, we can help you with the instructional design. We can help you with the development of quizzes, with the multimedia, with the video, with the, you know, the multilingual stuff, with the production value, with the sort of mapping out of the process, with the handling of the tools that author the content.
If we, if you can work with us, because the one thing we’re not as experts in, fill in the blank, right? There’s a thousand projects at the LF. A lot of what seems scary in terms of putting education together and not just putting it together, but importantly, getting it into the hands of the right people quickly is what we can do. And so that’s what I like to brag on this team is we’re doing a lot of things that aren’t central to any one open source project or initiative, but we’re bringing a set of skills and capabilities that you typically don’t find in kind of the core maintainer community, but they’re very complimentary and we can say, we’ve got all the folks and the tools and the processes to do all the stuff that makes your, know, makes your hair hurt. Let’s work with you. Let’s work with you to get the story out. And importantly, let’s get the story out not just to the people who are already excited and way down the weeds in the GitHub repo.
Let’s get the story out to the next folks out there who, if you ask the question, and I always say to the team, the most important question we can help folks answer is what is that tech and why do I care? And that is very much about, you know, what are these technologies? What did they do that were impossible yesterday, was much easier to do, was able to do in a way that is more cost effective because it’s a shared license. Because that’s where we help, but that’s where we can really help is to bring new people into these ecosystems.
CRob (05:53)
So thinking back of your journey with the LF Education crew, what are some of the timely topics? Like what are some of the most requested things or what are you all working on? What’s your priority lately?
Clyde Seepersad (06:06)
Well, you’ll be shocked to hear that AI is on the list.
CRob (06:13)
You’re right I am shocked.
Clyde Seepersad (06:14)
Pretty much the only two topics I hear currently are security and AI. Five years ago, eight years ago, it was what are these container things and how are they going to make a difference? 15 years ago,it was what is this hypervisor and how is it going to make a difference?
And then you get the most specialized conversations and things like networking. But I think it is definitely true that we’re having a moment now where there’s this combination of security is super important in every single aspect and trying to figure out what exactly the Gen.ai future is going to look like and where we never ever have a junior software developer ever again because, quote, GitHub is pretty good at first pass stuff. You know, I think there’s a series of really active conversations around trying to envision what our future is going to look like. And both those components are front and center.
CRob (07:09)
Very nice. Well, one of the things that you and I have been collaborating on most recently is the global IT cyber skills framework. Could you maybe talk a little about where this idea came from and kind of what you’re intending to do with this project?
Clyde Seepersad (07:25)
Sure, and really appreciate all the support you’ve provided on this. It really started with a very simple observation, which is, as I listen to folks talking about cybersecurity, a lot of what the pattern we kept hearing was there are specific job functions and areas of responsibility related to cybersecurity that everybody wants to be very focused on. So whether that is intrusion detection, pen testing, there’s a lot of specialized focus on cyber. And it’s a little bit like the Sherlock Holmes story where the key clue was the dog that didn’t bark. What about all the people who aren’t cyber security specialists? They’re app developers, they’re network people, they’re database admins, getting up every morning thinking about where the latest vulnerability is going to come from. But they have not been part of the conversation.
And so I think that’s really what we’re trying to do here is to say, we have to find a way to make everybody who touches these systems part of the conversation on cybersecurity and make it easy for them to figure out what their part in the broader strategy is. security is not something you can inspect in at the end, right? It has to be there from the get-go. And that has not been…a big part of the conversation, which is not surprising when the fire is hot as you put in the water on the most immediate source of the flames, but you’re not paying as much attention yet as to where the fuel load is building up. And so think that’s really what we’re trying to, hoping to catalyze is a broader conversation around just how extensive the concept of cybersecurity is when you think about all these different roles in technology. And so it’s great that we’ve started with the specific folks that are in a CISO’s office, but we have to make sure we don’t stop there.
CRob (09:32)
Yeah, I love that kind of looking at the framework, the fact that we looked at many different job types and kind of thought about it from somebody’s career at the beginning of their career, they needed to have certain experiences. And as you evolve and kind of get more, you level up, so to speak, there’s more increasingly complex tasks that you’re asked to do with. you talk a little bit about – just give us kind of a sneak peek into the framework and kind of what went into some of this thinking.
Clyde Seepersad (10:01)
Yeah, think we, there were two things we were trying to make sure that we use as our North Star. The first was it had to be easy to use. We have to make it easy for people to have this conversation. So how can we develop something that is not intimidating, easy to use, people can see their way to the end goal where they’re using it. And the second is, can we make something that is not a special snowflake, that is industry agnostic, that’s geography agnostic? Because what you, and to have those two things be true, and you know, we worked with hundreds of folks who volunteered their time and expertise on this. Where we ended up was saying, to make it easy, we have to have it be, simple for folks to figure out where different people in their organization might slot in. So how can we group like with like? And so we went through this exercise with a group of experts and then validated it through a large form field study survey in the field. And we ended up with 14 or 15 job categories or job families.
Clyde Seepersad (11:23)
That’s not to say that there aren’t people out there who straddle lines, and there will always be, but we felt pretty good about having these categories as sort of people who are grouped together. So things like network specialists, things like database administrators, things like software developers as distinct from app developers, so smartphones. And then from a career perspective, as you alluded to, CRob, there’s this concept that there are things you need to know when you’re just starting out.
And there’s more things you need to know when you start taking more individual responsibility and yet there are more things you need to know, especially as you take on managerial responsibility and start supervising the works of others. And so what we ended up with, if you envision sort of a two by two framework, a set of job families where we have examples, we can help people visualize, oh yeah, I’ve got folks in that box. And then this continuum of experience where newer folks, there’s topics and we’re very, you the topics are quite specific and so they’re somewhat opinionated, but we wanted it to not be a hand wavy feel good.
We wanted people to be able to look into that framework, see things they violently agreed with, maybe see some things they violently disagree with because maybe it’s not relevant and that’s okay, right? It’s very much meant to be a alaqaat, Kanban style. I like this, I want to use it. I don’t like that, I want to take it out. I think this is missing because I’m in industry X and I want to add it in. But I think we’re hoping that the concept of it’s a simple framework. You can print it on one page. It’s a way to start and then make it your own. Make it relevant to your department. Make it relevant to your industry. Move stuff left, move stuff right, blend stuff between buckets, but use it as a accelerant, right? Instead of staring at the blank white board. This is the collective wisdom of hundreds of folks who spent decades in this space – stand on their shoulders, right? Use it as a jumping off point.
CRob (13:20)
I loved the kind of practitioner perspective that the framework brought. Could you maybe talk about, I know we’ve had some conversations with other folks within the ecosystem. How does this work alongside or complement other similar efforts?
Clyde Seepersad (13:37)
Yeah, I think our view is that this is meant to be a entry point for people to think about cybersecurity for their broad audiences and not to replace. There are some very good, more specialized frameworks that already exist out there, right? So you have things like SOFIA, you have things like the NICE framework. And our take was we look around and we listen.
And those are not being as used, used as much and implemented as much as you might have thought. I think part of the reason is they’re so sophisticated and there’s so much detail that they’re a little maybe intimidating if you’re starting kind of at the, at the, at the starters pistol. And so we’re envisioning this really as a gateway exercise to say, here’s a way that you could start. It’s not saying that it’s fully comprehensive of everything you’d ever think of, but it’s saying these are the lowest common denominator pieces, right?
And so it’s a discrete, easy to wrap your head around, printed on a page starting point. And hopefully what we see is that once people start their journey, they gravitate towards some of these bigger frameworks that already exist according to what makes sense for their organization, for their industry, for their geography. And so we’re very much seeing this as complimentary of frameworks that are more specialized that exist, really as a way to get more folks far enough down the path that they start using those frameworks with confidence.
CRob (15:14)
I love the effort. I’m really looking forward to kind of unleashing this and sharing it with the broader ecosystem and then starting to the devils in the details. I want to start building my own little Kanban board and kind of mapping out my journey and seeing what I and others might want to start exploring education wise next.
Clyde Seepersad (15:33)
Yeah, and that’s exactly what we’re hoping to happen, right? This is going to be a publicly available royalty free resource sponsored by OpenSSF and the LF. We want everybody to use it. We want companies, we want education providers to use it. And importantly, we want this to be an ongoing effort. So, you we’ve had a ton of people volunteer their time and expertise to get to V1. We’re very much intending to have this be an ongoing effort where we’re constantly reviewing this, you know.
At least twice a year stepping back and saying, is this still right? Because the one thing that we know is true is yesterday’s threats are not tomorrow’s threats, right? So we cannot have these be static. We have to constantly be asking ourselves, is this still relevant? Is there something else that we need to add? Because that’s the only way that you can really, if we’re trying to get people to think holistically about the security implications up and down the food chain, we have to help them keep track of stuff as it evolves. And so I think one of the beauties of doing this collaboratively is we do have the ability and the intention to continue revving, right? Just like any release schedule, right? That the 2026 version is gonna go look different and the second half of 2025 version might look different.
CRob (16:50)
Excellent. Well, let’s move on to the rapid fire part of the conversation. All right. I got a couple of wacky questions. I just want your first answer right out of the gate. What’s your favorite open source mascot?
Clyde Seepersad (17:06)
You know, it’s still Tux. It’s just, you know, I’ve got a dozen of them on my desk and it’s an oldie but a goodie.
CRob (17:19)
Excellent. Good, good, Spicier mild food.
Clyde Seepersad (17:23)
I grew up in the Caribbean, so definitely spicy.
CRob (17:30)
Ooh, that’s spicy. Excellent. What’s your favorite adult beverage?
Clyde Seepersad (17:34)
Rum and Coke.
CRob (17:35)
Classic. I love that as well. So as we wrap up here, what advice might you offer someone that’s just getting into, whether it’s open source development or cybersecurity, how can you help them start their journeys?
Clyde Seepersad (17:50)
You know, the key thing I say to folks anymore is that the world has really changed. Even when I started my career, you could pick a spot and say, I wanted to be an X. I wanted to be a database person. I wanted to be a Cisco switch person. I wanted to be an Oracle person. Because we used to have these long runways of technology staying pretty stable.
And that’s just not true anymore. I think everybody should be coming into tech and even those of us who’ve been in it should be thinking about it as an ongoing journey of lifelong learning. You’ve got to stay on your toes. The thing that made you successful three years ago probably is not going to be the thing that makes you successful this year. And so committing to this idea that it’s your responsibility to figure out the things you’re passionate about and learn them and implement them and stay on this sort of continuous journey.
That’s going to be what the foreseeable future looks like, is all of us just cross-skilling, up-skilling, feeling like we’re always slightly behind, but making that commitment to our own learning and development.
CRob (18:58)
I like to learn something new every day. And finally, what call to action do you want to give the community right now? What actions can people take to help make the world a little bit better place?
Clyde Seepersad (19:09)
Yeah, I would say for everybody who touches a tech stack, step back and start inventorying where do you think in your day-to-day job you could do one thing better that would narrow or close a security gap. We all have goals and the targets we’re trying to meet and we’re on the treadmill. Take a moment to step back.
Get off the goals treadmill. Try to find one thing, one thing that you can do better that helps narrow the surface, the attack surface, and find a way to make that happen.
CRob (19:52)
Excellent. Well, thank you. Sage advice learned over your journey. Thank you, Clyde, for coming today and sharing about the IT skills matrix and about LF education.
Clyde Seepersad (20:03)
Thanks so much for having me, CRob
CRob (20: 05)
Cheers
Outro Music (20:05)
Like what you’re hearing. Be sure to subscribe to What’s in the SOSS on Spotify, Apple Podcasts, antennapod, pocketcast or wherever you get your podcasts. There’s a lot going on with the OpenSSF and many ways to stay on top of it all. Check out the newsletter for open source news, upcoming events and other happenings. Go to openssf.org/newsletter to subscribe. Connect with us on LinkedIn for the most up-to-date OpenSSF news and insight and be a part of the OpenSSF community at openssf.org/getinvolved. Thanks for listening and we’ll talk to you next time on What’s in the SOSS.
