Some of you asked why I don’t write as much as I used to. Partial answer: My real job and a lot of family business leave me with less time and motivation to do so.
But there’s something else, and it’s had a bigger impact.
Mood music:
The squabbling on social media has gotten so childish that it’s not worth commenting on anymore. This is especially true in infosec.
My job used to be writing about the security community and its research. Now I’m part of the security community, working and writing alongside researchers. Instead of hearing and writing about the challenges of incident management and compliance, I’m living it. No complaints there; it’s what I wanted.
It’s made me realize that it’s more important to keep learning and doing the work than to opine about every instance where my peers get their underwear in a twist. People once used social media to build up the security community. Now they’re using it to tear vast segments of it down. I see more bickering about tactics and positions than discussion about how we can do better. You’re either right or you suck.
For example:
- Someone says they don’t like getting hugs at conferences. The people that do like hugs take offense.
- Someone makes an off-color joke. The ensuing conversation revolves around people’s triggers being set off. Then people with those triggers get pissed on for having triggers in the first place.
- Someone takes a position that’s unpopular. A cabal of naysayers question that person’s right to exist.
Now people are denouncing the whole idea of a security community. They’re suggesting the industry and community are two different things. The community, they say, is a collection of cliques — the so-called cool kids and posers — whereas the industry is where all the grownups are.
Like most things in life, it’s hardly that simple.
The problem isn’t that people pine for the idea of a community. It’s that too many people lack understanding of what a community is.
Communities are a mix of people with different beliefs. They’re places where people can come together for the greater good while still arguing about smaller things. Real communities are not offense- or trigger-free zones.
Infosec isn’t unique, either. These communities exist in many professions, and people behave in them much the way they behave in the infosec community.
I could write a post suggesting people stop being so ridiculous. I could suggest some of us stop getting so offended about everything. And before this year, I probably would have.
Right now, though, I have more important things to do.
It’s not that I’m personally offended by it all. I just don’t have time for it anymore. The challenges we face are big, and the squabbles make us small.
I like “the community” best when everyone is trying to help each other. When I first got started in this field, I did an internship with PaulDotCom, now Paul’s Security Weekly. I looked at Paul, Larry, Jack, John, Carlos and the rest of the crew and was intimidated. I’d heard of “security rock stars” and assumed these guys would be it. They’d be arrogant and looking to knock me around. Nothing could have been farther from the truth. Every single one of them was awesome. Every single one was helpful, always looking to make me better, give me opportunity to grow and help me get to where I wanted to be. I also see that in other parts of the community too. It is why I enjoy giving presentations at conferences and brown bag lunches. I love helping people, I love showing what I know, I love listening to others in what they know so I can learn more. To me, this is when the infosec community is at its best. This is what I love to be a part of. It’s what makes the infosec community great. If there’s anything I can do at this point to pay back what Paul’s crew did for me by helping someone else, I can’t wait to do that and I’m all for it.
Once you spend a few more years in the trenches, you may find that you believe the statement below, taken from your post. It amazes me how people’s views change after a decade steady in the trenches (internal positions, not vendor or consultant or contractor – and more than 1 company).
I have never observed the “community” as being anything that resembles the INFOSEC industry and definitely nothing that speaks for it. – even pre-twitter…
They’re suggesting the industry and community are two different things. The community, they say, is a collection of cliques — the so-called cool kids and posers — whereas the industry is where all the grownups are.
Some people are now professionals/grown ups but still maintain community ties. They’re not mutually exclusive.
People should stop interacting with/amplifying the messages of small minds. When did we lose our ability to just ignore annoying, shitty people?