I'm working with Drupal for about 10 years.
I always had that feeling to once when my knowledge reaches a certain level, I will have to start to give back to the community. It started about a year ago, when my attention turned to security researching, dedicatedly to look for drupal related vulnerabilities.
First to see what we have internally, I've spent some time to audit our main product and found some very minor issues, that because in that time we still didn't have a clear procedure to evaluate and further follow-up, just got reported to teams. Unfortunately, because of lack of internal procedures, most of them just hanged around without proper priority and business support.
In the meantime with my coworkers, we started to evaluate how the drupal security advisories could be more clear for our needs and we created some proof of concepts until we arrived to NextEuropa Security Risk Metrics. With this we got the theoretical background, also started to discuss the possible actions that we should take if a risk reaches a high criticality.
Also progressively issues got fixed from my audit, like in this pull request.
Parallel with this in-house activity I felt it is worth to trying to take a bigger look around the Drupal community, how it works there, how a security issue should be reported to the dedicated team and overall how is it possible to start to work closely with them. My first application to join the Drupal Security Team got some feedbacks, the best one arrived from the team lead, Michael Hess, who challenged me to find unreleased vulnerabilities in stable drupal contributed solutions. This challenge allowed me to learn about the procedures, improving overall security of contribs from outside of the team and slowly the first advisories started to be announced.
When I'm writing these lines, I'm already over of 16 drupal security advisories, reporting and helped them to be pushed out. And in this February I've become a Provisional Member of the Drupal Security Team. All of these advisories, from the less critical to the most one taught me a lot about how communication works in open source, how many colorful individuals spend their time in so many different ways to contribute back to the community as much as they can.
All the hidden stories, all the night-long chats that I had with people from all over the world showed me the value of my work as a drupalist. Because this value is about being a supporter to others: listen to their questions, share my thoughts about their work and one of the most important: respect them as human being. We are all the same, working with small websites or with giant platforms - we all know: the small blue drop matters, Drupal matters and its way of contribution.
A few days ago my contribution reached 50 credits in different drupal projects: core, contribs, full project applications, security advisories and so on.
I can't describe how proud I was because of these first steps.
I'm not an active twitter user, still a screenshot from my phone, showing my drupal.org profile with the credits got tweeted.
By now it got over 10 retweets and 38 likes.
I'm not able to write down how great I feel now.
I can't say enough thanks to all my mentors, all my drupal friends who helped me on this way.
But the journey has just begun!
So many things are still out there and I have to finish my post now to answer comments in issue queues!
Cheers and see you around!