Working in digital security in the civil society sphere for the past decade, I have seen a few different changes in the way digital security interventions are implemented for at-risk actors in countries of the global majority. When I first started working in this field, a common approach to training civil society was to fly in experts from a foreign country, often the US or Europe, to lead trainings. Also referred to as parachute or helicopter interventions, this approach had many inconveniences, among them a lack of awareness of the local context and language, elevated risk for the expert and the local beneficiaries, and high costs of travel and accommodation, to name a few. Train and providing localized materials to local actors is one of the biggest paradigm shifts I’ve seen and overall has proven effective in building a global community of digital security practitioners.  

While this strategy has proven effective, as a global digital security community, we have reached an impasse. In many countries we have many digital security practitioners with years of experience conducting more basic interventions, such as introductory trainings or organizational security audits.  However, as the digital threats facing civil society actors are becoming more complex, these same practitioners are struggling to find opportunities to increase their skills and knowledge so they are equipped to help their communities effectively address them. These increasingly specialized technical skills, which can range from malware analysis to sophisticated censorship circumvention, are once again largely held by foreign organizations based in North America or Western Europe. And we now find ourselves in the same situation as a decade ago: Crucial digital security skills and knowledge sought by civil society worldwide are held by a few practitioners, most not members of the Global Majority. Solving this problem is one of the reasons that I joined the GIF project.   


Though we are facing a new version of an old problem, the old solution won’t help us this time around. Now we face new challenges that require a new approach: 

  • Many skills are held outside our community: Unlike in previous years, where the required knowledge lived within the Internet freedom and civil society community but was not geographically dispersed, at present advanced, technical skills are largely held within private sector companies and very specialized organizations.  
  • Learning new skills takes time, which most of us don’t have: Many specialized topics require many hours of training and staying up to speed with new research and approaches. Local practitioners often do not have the bandwidth or resources (time or financial) to devote to these endeavors. 
  • In person and remote learning barriers: On one hand, in-person training is expensive and requires a lot of travel and logistics. On the other, online training introduces barriers to communication and usually affects the quality of the covered content. 

With this in mind, we at the Greater Internet Freedom project, leveraging the experience of our Internews colleagues,  our partners, and the broader Internet freedom community, are taking the following approach to address the issue of creating more specialized local capacity: 

Our way of doing it 

1) Identifying what trainings are needed: The most important consideration when designing an approach to support local actors is to ask them what their needs are and where they want to grow as digital security practitioners. The answers might vary depending on the region, specific threat landscape, and partner interests; however, global trends can help identify topics that might be interesting to explore for as many regions and partners as possible. For instance, computer forensics is a topic that most practitioners I work with want to learn more about.  

2) Locate expertise: Once we have a clear idea of the topics our partners want us to cover, the next step is to identify and engage organizations, consultants, materials, and other resources to cover these learning needs. One learning is that this step probably requires more creative approaches because sometimes the relevant specialists are overbooked, have funding restrictions, operate outside the civil society sphere, or have the expertise but not the availability or confidence to share it. 

3) Organize capacity-building efforts: Through conversations with the digital security practitioners in the GIF Consortium (see step 1 above), we developed these learning opportunities for 2024: 

  • A nine-session training series on technical internet disruption monitoring, including shutdowns and targeted technical censorship 
  • A training series on mobile forensics applied to consensual analysis of potentially compromised devices. 
  • A session on phishing campaign investigations.  
  • A four-part online guide on analysis of malicious documents

4) Provide mentorship to implement new learnings: In some cases, the practitioners we work with do not feel immediately comfortable applying their new knowledge in support they are providing in their community, in these cases we help them test their new skills or answer any lingering questions, including providing additional learning resources. 

5) Organize spaces to share skills and use cases: In my time on GIF, I’ve seen the value of creating collaboration spaces, where practitioners can share knowledge or seek advice as they implement their new skills.  

The result and the future 

The overall goal of this approach is to support civil society globally, and especially digital security practitioners from the global majority to own more digital security processes and knowledge within their communities, incorporating specialized knowledge and skills that until now has resided mainly with international organizations, usually far away (geographically and situationally) from the local context.  

Moving forward, we encourage others projects to incorporate capacity-building efforts on specialized topics for local actors. As a community, we must support the actors closest to the communities facing increased digital security threats to be able to respond effectively. This requires providing the resources and equipment needed to conduct activities employing these new abilities and skills. GIF is working to create spaces for knowledge sharing and skill building. Such spaces for digital security practitioners to get up to date with new trends, tools, technologies, and threats are crucial. The ability to counter increasingly specialized digital security threats depends on our capacity as a community to acquire, share, and apply the relevant skills to not only react appropriately to these threats but also help our communities take a defensive approach to avoid being affected in the first place.