A decade ago, I wrote a White Paper that 10x’d my credibility an open source community that I was otherwise unknown in.
Crazy part? I wasn’t an expert on the subject (but I became one in the process).
Here’s the backstory of the Drupal PCI Compliance White Paper /1
Crazy part? I wasn’t an expert on the subject (but I became one in the process).
Here’s the backstory of the Drupal PCI Compliance White Paper /1
Preface.
This is not a humblebrag. It's a pattern that basically anyone can follow to achieve a similar result.
Tech changes fast, and this creates knowledge gaps. Find a particularly hard and expensive gap, and you can become a valuable resource in a community. /2
This is not a humblebrag. It's a pattern that basically anyone can follow to achieve a similar result.
Tech changes fast, and this creates knowledge gaps. Find a particularly hard and expensive gap, and you can become a valuable resource in a community. /2
Step 1. Identifying a Hard, Expensive Problem
Or in my case, a hard problem found me.
After an uptick of sales, a client received a phone call from their credit card processor that our PCI compliance was being audited. My first question “So what is PCI compliance?” /3
Or in my case, a hard problem found me.
After an uptick of sales, a client received a phone call from their credit card processor that our PCI compliance was being audited. My first question “So what is PCI compliance?” /3
We were screwed. They threatened to refund 100% of our customers if we didn’t comply in 60 days.. This could have killed the business.
So an expensive problem was identified… and I was stressed AF as I barely solved it in the allotted time. /4
So an expensive problem was identified… and I was stressed AF as I barely solved it in the allotted time. /4
Step 2. Verify Others Have This Problem
There were ~50,000 Drupal eCommerce sites at the time. Yet no Google results gave clear guidance on how to achieve compliance.
This was a costly legal requirement that most people were ignoring, so I knew there should be demand. /5
There were ~50,000 Drupal eCommerce sites at the time. Yet no Google results gave clear guidance on how to achieve compliance.
This was a costly legal requirement that most people were ignoring, so I knew there should be demand. /5
Step 3. Float a Minimal Viable Post
With no expertise on the subject, I put together a proposal that someone (i.e. me) fix the situation. However, knowing that I was ill equipped, I needed help to justify the 100+ hours to research and put together. soundpostmedia.com/article/lets-t… /6
With no expertise on the subject, I put together a proposal that someone (i.e. me) fix the situation. However, knowing that I was ill equipped, I needed help to justify the 100+ hours to research and put together. soundpostmedia.com/article/lets-t… /6
The post clearly struck a cord. Dozens of well-known people in the community commented. Some offered financial and/or technical support. So I knew I hit resonance AND could see this through to completion. /7
Step 4. Enlist Experts
In addition to just the time commitment, I needed to make sure this was accurate and credible. I had no security experience, so I needed help. I also knew they’d be busy, so I had to offer to do all the heavy lifting. I just needed them to check my work /8
In addition to just the time commitment, I needed to make sure this was accurate and credible. I had no security experience, so I needed help. I also knew they’d be busy, so I had to offer to do all the heavy lifting. I just needed them to check my work /8
This was huge. Their names (while they did maybe 5% of the work reviewing) would give the paper the necessary legitimacy to get accepted and distributed. It worked. Greg and Ned accepted and became coauthors. /9
BTW. Just because their net contribution time was low, the value of having them review it was massive. Without it, I would have never felt comfortable shipping it and advocate others to use. /10
Step 5. Publish and Promote
Once it was done, we didn't just hit publish and call it a day. I worked hard to track down all the key people in the Drupal eCommerce space and ask them to review and link to it. The goal was to reach all 50,000 websites. /11
Once it was done, we didn't just hit publish and call it a day. I worked hard to track down all the key people in the Drupal eCommerce space and ask them to review and link to it. The goal was to reach all 50,000 websites. /11
While I initially hit resistance, eventually it worked. The paper was linked to from the various project pages and the Drupal security team. It became the defacto resource to send people to. /12
My goal was not to win business, but I started to get a significant amount of inbound inquiries from customers as well as event organizers to present on the topic. /13
And while I never actually become a PCI compliance Qualified Security Assessor (QSA), I had a depth of knowledge that could get many people 80-90% of the way on picking a solution that reduced their needs by 90-99%. /14
Step 6. Unexpected Benefits
Long after the paper was published, I ended up being invited on the Drupal Security team. My company also won a signficant amount of eCommerce business simply because they knew their was an internal subject matter expert. /15
Long after the paper was published, I ended up being invited on the Drupal Security team. My company also won a signficant amount of eCommerce business simply because they knew their was an internal subject matter expert. /15
I'll wrap this up to say... what seemed like an incredibly daunting problem ended up opening an opportunity to solve a community wide problem. And while I wasn't qualified, I galvanized support and made it happen. The result was helpful to the community and myself. /16
Given how fast and complicated the tech space can be, there are tons of opportunities (big and small) to tackle a gnarly problem, share the result, and benefit from being the leader to make it happen /fin
• • •
Missing some Tweet in this thread? You can try to
force a refresh
