New Age INFOSEC
Yesterday’s Source Boston keynote started bubbling up in Twitter like swamp gas releasing soundbites that were reminiscent to new age babble on how we as a community are bad communicators. While I agree that many in the community at large are bad at communicating anything other than self interest (i.e. con deadheads) I would have to say that there are many many more of us with day jobs who can communicate and do.
The fact of the matter is that if you are a con deadhead then perhaps Justine Aitel is talking to you, which she did coincidentally at a conference! Gross generalities make my eye twitch and so do new age koans about such a complex issue as information security. So I would like to address the snippets that came out yesterday in my usual style of bilious and yet hopefully thought provoking responses.
The first slide in the roster actually struck me as something I have been saying for quite a while but in this re-telling it’s much softer. I have been calling bullshit on the con deadheads for a while now but I guess it’s finally getting traction. The truth of the matter is that if you are just speaking at conferences all the time what the fuck are you really doing? You speak to the same crowds and often times of late you present the same god damned things. What is the fucking point?
So yes I agree with you Justine on this but I think you could be more blunt. If all you do is go from con to con partying and giving the same talks then you sir or madam are committing cyber douchery. It’s just that simple.
We develop secret knowledge and power? Holy what the fuck does that even mean? If this is the case then we are all collectively Dr. Evil at worst or Bloefeld at the best? We also suck at listening because we are evil geniuses? What the fuck does this even mean? Look we are technical people and we speak in technical language which often times seems like magic to the people who do not comprehend the rudiments of technology never mind some of its most complex theory and implementation.
We also suck at listening? Really? All of us? Gross generality much? Look there are two sides to the equation here and sure some of us in the community may not listen well. For that matter we may not listen at all except to our own base drum of LOOK AT ME! LOOK AT ME! but please, we aren’t the only problem here when it comes to the security problems of today. You are over simplifying things just a bit in a time when we need more complex and nuanced thought on the matter. The corker here is that all of this is being transmitted by soundbite by Twitter of all things.
Uh what? Are you going to tell me that Hitler wasn’t a great communicator? Have you seen those old movies of his speeches? I am in no way saying he was a huggybear but HOLY WTF are you on a roll with generalities and useless new age speech. So once again you see us as great technical masters of the universe and yet we are all portrayed as somewhere on the far end of the spectrum on the DSMV for Aspergers? Look, we may have great technical abilities in some cases. In others we may be just useless twats. Let’s not put this into axis of evil territory or paint us all with the same inept brush of bad communicators or sufferers of Aspergers here.
Oh here we go.. We need to be vulnerable to grow. Thanks Dr. Phil. How about instead we just be more self aware and able to comprehend the social surroundings we are in. Understand the system to work the system. Better yet how about you understand the system and the players to come to the place where you accept that nothing you do really matters unless the people WHO PAY YOU are willing to make changes or LISTEN to you. It has nothing to do with being soft or vulnerable and this kind of shit is just as bad as the polar opposite of “Real men don’t eat quiche”
No no no NO. The word CYBER is a mystical amulet that the masses use to infer some vague notion of all things magic and incomprehensible! This is not something we should promote whatsoever. It’s perpetuation should stop and you just crossed the Rubicon on this. This really burns me and that this idea was even floated makes my blood boil. You say you want to communicate but you are willing to compromise with the word CYBER instead of using real language to convey the complexities we deal with? Good God this is one of the most idiotic statements I have seen of late!
I agree.. Much of society at large has no idea what we do. Do you really want to know why this is true? Have you ever tried to explain to them why it’s important and how it works? Even in small words? You get the glazed eyes and they begin musing on what Kim Kardashian is doing. THEY DON’T CARE TO UNDERSTAND! Still you want to call it CYBER and use general terms in an attempt to dumb it down so they get it? I am saying to you right here and right now that they won’t care and they won’t get it. It’s all fucking CYBER APT CLOUD MAGIC to them all.
So as an industry we are too self involved and unable to listen to the people we are tasked with protecting… Hmmm… Ok sure. We are a calamity of derp as an industry that has been riddled with FUD and sales buzzwords. We also have a populace of attention seekers with a real penchant for TNT Dramallama flogging. We wallow in our soup of “Ain’t I cool” and look at me look at me! It’s true. However, that is not the whole community and this is yet another generality that borders on the new age derpy.
I also would say just what is it we need to listen to? Listen to the companies and players who have agenda’s that make bad choices in the face of being told that they are vulnerable? Listen to the people who say that the work is too hard and that out of hand deny anything you say is relevant or important? Some actually put on a show and say they will fix things or change their ways but really, how many times have we seen that and then seen nothing change? Listening is just fine but the crux of the matter today is that you tell the client what is wrong and then say “You can fix this or you can accept the risk on this”
You don’t need to be a great communicator here or all new age fuzzy because the fact of the matter is that people will make decisions based on their own needs and desires and not the truth. What this community (and the one I speak of are the con deadheads) needs to do is grow up. Spend less time lauding their own ingenuity and grok a bit more on other things in the world. Perhaps there are a mass of Aspergers sufferers at these cons but that is no reason to paint the whole community of security with the same brush. I communicate just fine and I have come to accept the fact that all I can really do is present the information, the risks, and recommendations. It is up to the client to decide whether or not it is in their own interests to do anything about them. I just get them to sign off on the risks of not doing so and my job is done.
Enough of the new age fuckery…