This is really an issue for my security blog, but this week’s blow-up over alleged mismanagement of Security B-Sides connects with me on a personal level best expressed here.
Mood music:
http://youtu.be/KIb-6oaCTPU
A couple days ago, a Security Errata article appeared detailing financial mismanagement of the Security B-Sides events. It singled out Mike Dahn, one of BSides’ founders, for mismanaging things and lying about it. Dahn published a response in his blog yesterday.
I’ll let the security community chew over who is right and who is wrong. I’ve had my say in the security blog here and here.
I just want to make a few personal observations here.
First, I’ve read Security Errata and Attrition.org for a long time and trust these guys. They do their homework and serve a critical role in the security community: Keeping the rest of us honest. When I saw their article about Dahn, I wasn’t happy for two reasons:
1. I consider Dahn a friend.
2. The folks who write the Security Errata material have an ironclad reputation and when they point a finger, it’s hard to dismiss.
This is one of those cases where you want to believe both sides. But you can’t really take both sides when someone suggests financial mismanagement, can you? And yet I’m going to try anyway.
I think the truth here lies in the middle. Security B-Sides got really popular really fast. I can’t keep up with financial and legal administravia on my best days. If I were one of the B-Sides founders, I probably would have had all the finances screwed up midway through the first day. But then that’s why I don’t get involved with planning these things.
Still, given the freakish growth of B-Sides, it’s not difficult to see how things could go haywire even if you’re a master at finances and legal documentation.
That’s the problem with anything run by humans. Humans are flawed to the core, and so is everything they touch. The hope is that somewhere in all the screwing up, you get something good that benefits a lot of people. In this case, I think Security B-Sides has been good for a lot of us. It has offered the security community fresh perspective in an industry where conferences offer too much bling and not enough substance. I’ve forged relationships at BSides events that have helped me do my job better. That’s for certain.
In this story, I’m not interested in where the blame belongs. I just want those involved to come clean and explain the steps they are taking to fix what needs fixing.
Whatever happens going forward, just try to remember:
We all fuck up, all the time.
Maybe our failure is in mismanaged funds.
Or maybe it’s an addiction we can’t shake that’s destroying everything good about our lives.
Or maybe we just have a habit of thinking we’re better than the next guy when we know nothing about the next guy’s situation.
You know my faults. I’ve covered them in this blog at length in an effort to show that I’ve learned from my mistakes and that there’s a better life to be had if you simply own your weaknesses and face them down. As you’ve seen, despite my progress, I still make mistakes on a regular basis.
None of us are damaged beyond repair.
Neither are our works.
That includes BSides.
