A clear, factual timeline tracing the evolution of cybersecurity organizations, certifications, and communities — including the founding of SDSUG, Arizona’s first cybersecurity network.

---

SDSUG Archive Document — Document No. 2 (2026)
Prepared by: Hunter Storm (https://hunterstorm.com), President, SDSUG
Version 1.0 — April 4, 2026

---

Cybersecurity did not emerge fully formed. It grew through decades of organizations, certifications, conferences, and practitioner communities — each contributing to the discipline we know today. This page provides a structured, editable timeline of major milestones in global, national, and Arizona cybersecurity history. It is intentionally incomplete and designed for ongoing contribution by practitioners, historians, and long‑time community members.

---

Setting the Record Straight About SDSUG

SDSUG was founded on September 25, 2001, at a time when the term user group was widely used for any recurring technical community. That naming choice reflected the language of the era — not the scale, structure, or impact of what SDSUG actually became.

Although SDSUG carried the “user group” label, it was never just a user group in the modern sense. From its earliest years, SDSUG functioned as:

• Arizona’s first cybersecurity community
• Arizona’s first cybersecurity conference
• Arizona’s first cybersecurity network
• A practitioner‑focused, vendor‑neutral educational institution
• A regional hub for professional development and CPE‑earning events

Founder Leo J. Hauguel organized full‑day events at Rio Salado College, that drew hundreds of attendees, offered Continuing Professional Education (CPE) credits, and ran multiple simultaneous breakout sessions. These were structured, well‑run, and widely respected — long before Arizona had any formal cybersecurity conferences or professional associations operating at that scale. Although Leo referred to them as “user group meetings,” they were full conferences with formal check‑in, professional association partnerships, and vendor sponsorships.

In practice, SDSUG was a multi‑room, multi‑speaker, all‑day conference series in everything but name. It could easily have been called the Sonoran Desert Cybersecurity Conference, but Leo chose to preserve the social, community‑first spirit of the group.

SDSUG’s name reflects its origin moment. Its function reflects something much larger.

This page preserves that history and places SDSUG in its proper context within the broader evolution of cybersecurity communities.

---

How to Use This Timeline

This timeline is a living document. Dates marked TBD are placeholders for future verification. Volunteers are encouraged to help confirm founding years, early events, and local community histories — especially for Arizona organizations whose records predate modern archiving practices.

The goal is not to create an exhaustive list, but to provide a clear, authoritative scaffold that can grow as more information becomes available.

---

Historical Timeline

(All dates marked TBD are intentionally left blank for ongoing verification.)

Year	Entity / Event	Type	Scope / Location	Notes
1958	MITRE Corporation	Organization	US	Federally funded R&D center; foundational to security and systems engineering.
1969	ISACA (originally EDPAA)	Organization	Global (US‑founded)	Governance, audit, and security association.
1978	CISA	Certification	Global	One of the earliest major audit/security certifications.
1979	National Computer Security Conference	Conference	US (Maryland)	Widely cited as one of the first major dedicated computer security conferences.
1984	ISSA	Organization	Global	Professional association for information security.
1989	(ISC)²	Organization	Global	Nonprofit cert body; steward of CISSP.
1989	SANS Institute	Organization	Global (US‑founded)	Major training and research organization.
1990	FIRST (Forum of Incident Response and Security Teams)	Organization	Global	Early global CSIRT coordination body.
1994	CISSP	Certification	Global	Broad, vendor‑neutral infosec certification.
1996	InfraGard (pilot → national)	Organization	US	FBI + private sector partnership; exact AZ date TBD.
2001 — Sept 9	OWASP Foundation	Organization	Global	Open Web Application Security Project.
2001 — Sept 25	SDSUG founded	Community / Network	Arizona	First cybersecurity community in Arizona. First cybersecurity network in Arizona. First cybersecurity conference in Arizona in all but name. First recurring cybersecurity conference in Arizona.
2002	CISM	Certification	Global	Management‑focused security certification.
2002	Security+	Certification	Global	Vendor‑neutral baseline security certification.
2003	CEH	Certification	Global	Ethical hacking certification.
2004	ENISA	Organization	EU	European cybersecurity agency.
2006	OSCP	Certification	Global	Hands‑on penetration testing certification.
2008	Cloud Security Alliance (CSA)	Organization	Global	Cloud security best‑practices body.
TBD	ISSA Phoenix Chapter	Local Chapter	Arizona	Volunteers will confirm founding year.
TBD	InfraGard Arizona Members Alliance	Local Chapter	Arizona	Volunteers will confirm founding year.
TBD	OWASP Phoenix	Local Chapter	Arizona	Volunteers will confirm founding year.
2012	CactusCon	Conference	Arizona (Mesa)	First large recurring hacker/cybersecurity conference in AZ.
TBD	Interface Conference (first national date)	Conference	US	Volunteers will confirm.
TBD	Interface Conference (first Arizona date)	Conference	Arizona	Volunteers will confirm.
TBD	Phoenix 2600 / DC480 / EVSec / SWCSF	Local Groups	Arizona	Each group’s founding year to be documented by organizers.

---

What SDSUG Was — and Was Not

What SDSUG Was

SDSUG, founded on September 25, 2001, was Arizona’s first cybersecurity community, first cybersecurity network, and the first recurring, practitioner‑driven educational environment dedicated to information security in the state.

Although it carried the name “user group,” SDSUG operated at a scale and level of professionalism far beyond what that term suggests today. In practice, SDSUG functioned as:

• A regional cybersecurity network connecting practitioners across Arizona
• A professional development hub offering CPE‑eligible sessions
• A multi‑track educational event series with simultaneous breakout rooms
• A vendor‑neutral, community‑governed learning environment
• A precursor to modern cybersecurity conferences in Arizona
• A stable, recurring institution long before the Valley had formalized security associations or events

Founder Leo chose the term user group because it was the common language of the early 2000s — not because it accurately described the scale or impact of what he built. SDSUG’s activities, attendance, and structure align far more closely with:

• a professional association,
• a community conference series, or
• a regional cybersecurity consortium

than with a casual meetup.

SDSUG’s name reflects its era. Its function reflects its significance.

What SDSUG Was Not

To preserve historical accuracy, it’s equally important to clarify what SDSUG was not:

• Not a hobbyist meetup SDSUG was structured, educational, and professionally oriented from the beginning.
• Not a vendor‑driven event It was community‑led, practitioner‑focused, and intentionally neutral.
• Not a small gathering Events regularly drew hundreds of attendees and required multiple rooms at Rio Salado College.
• Not an informal discussion group SDSUG delivered scheduled sessions, breakout tracks, and CPE‑eligible content.
• Not a latecomer to Arizona’s cybersecurity scene It was the first recurring cybersecurity community in the state — predating many local chapters, conferences, and associations that would come later.

This distinction matters because SDSUG’s early work helped establish the foundation for Arizona’s modern cybersecurity ecosystem. The terminology of the time may have been modest, but the impact was not.

---

Volunteer Instructions Block

Help Us Complete Arizona’s Cybersecurity History

This timeline is a living historical record. Many early cybersecurity communities, chapters, and events in Arizona predate modern archiving practices, and their founding dates were never formally documented online. We are now working to preserve that history accurately and respectfully.

If you were involved in any Arizona cybersecurity organization, conference, meetup, or professional group — or if you have access to:

• old newsletters
• event programs
• chapter charters
• photos
• meeting notes
• archived websites
• personal recollections

—we invite you to contribute.

---

How to Contribute

1. Review the timeline and look for entries marked TBD.
2. Share any verified dates you can confirm from personal records or organizational archives.
3. Provide source details when possible (e.g., “newsletter from 2004,” “chapter charter,” “email announcement”).
4. Send materials or corrections to the SDSUG leadership team for review and inclusion.
5. If you’re interested in helping long‑term, consider joining the SDSUG Historical Working Group once it forms.

---

Why Your Contribution Matters

Arizona’s cybersecurity history is practitioner‑built. If we don’t preserve it now, it risks being lost.

Your knowledge helps ensure that the people, communities, and events that shaped this ecosystem are remembered accurately — and that future generations understand the lineage they’re inheriting.

---

CALL FOR CONTRIBUTIONS

If you were part of any Arizona cybersecurity community, conference, or organization — or if you have archival materials, newsletters, photos, or firsthand knowledge — we invite you to help fill in the missing dates. Your contributions ensure that the history of Arizona’s cybersecurity ecosystem is preserved accurately and respectfully. You can choose to have public attribution for your contribution, or we can publish it anonymously according to your preference. Contact SDSUG.

---

---

---

---

Last Updated: April 2026