I like Scot “Krypt3ia” Terban. The security researcher has a crotchety communication method I enjoy, and I read his posts a lot. I especially enjoy when he goes after security vendors for FUD (fear, uncertainty and doubt).
So when he released his annual Krampus List — a naughty list for the security community — I read it and laughed a lot.
But as I read through it, I found some of it mean spirited. By the end I found myself in a familiar quandary: How could I laugh and be disgusted at the same time? My brain has always been a mass of contradictions, and this is just another example.
There’s a razor-thin line between good-natured jabs and outright venom. From my perspective, picking on Boris Sverdlick because he “took his third job in two years and moved his family across the country for the third time” was a good-natured ribbing. He has switched jobs a lot and there’s nothing wrong with that. You gotta go where your heart takes you. But when his adventures are chronicled on Facebook, his friends — myself included — like to pick on him, as good friends often do. He gives as good as he gets.
Picking on Kelly Lum (@aloria) for narcissistic drama and a lack of contributing to the community? That was pretty shitty. Sure, her posts can be dramatic, but the same can be said about most of us. Hell, my posts have been all about family deaths and unfinished family business all year. I’m sure some of you don’t like it, but that’s what has been on my mind and you’re welcome to unfriend me any time. Kelly has been open and honest about dealing with mental illness. She’s done her day job well despite all that and has set a good example for the rest of us. Whine all you want about her not contributing to the community. In my book, the example she sets is a big contribution.
But there are bigger problems with Scot’s list:
- It’s made up of anonymous submissions. It’s easy to rip on someone when nobody knows who you are: You don’t have to back your comments up. You don’t have to worry about being attacked in kind. That’s awfully convenient — and cowardly.
- People who make the comments almost certainly spread their own drama. The worst hypocrisy is the kind where the hypocrite doesn’t show their face.
- People love to bitch about “a lack of contribution” to the security community. I find that odd, because if you’re doing your job well, you are contributing to the community.
- Terban endorses all the comments. Though it’s made up of anonymous submissions, Terban collects them and distributes them, essentially endorsing the mudslinging. When a lot of people are criticized for talking shit and spreading drama, Terban is spraying bullets inside a glass house.
Infosec is hard. The people it attracts can be difficult to work with, myself included. Since we’re connected to each other by Facebook and Twitter, we’re exposed to each other’s personal drama. None of us are perfect. We all have different ways of contributing to the community, and what’s useless to one person is valuable to another.
Laugh all you like at the Krampus List. But if you don’t see some of yourself in there, you might be part of the problem.