Some of you asked why I don’t write as much as I used to. Partial answer: My real job and a lot of family business leave me with less time and motivation to do so.

But there’s something else, and it’s had a bigger impact:

The squabbling on social media has gotten so childish that it’s not worth commenting on anymore. This is especially true in infosec. The latest example came out of DEF CON, where people talked past each other over the issue of whether women should be serving drinks during a game of Hacker Jeopardy. Other past examples include the following:

  • Someone says they don’t like getting hugs at conferences. The people that do like hugs take offense.
  • Someone makes an off-color joke. The ensuing conversation revolves around people’s triggers being set off. People with those triggers get pissed on for having triggers in the first place.
  • Someone takes a position that’s unpopular. A cabal of naysayers question that person’s right to exist.

My job used to be writing about the security community and its research. Now I’m part of the security community, working and writing alongside researchers, product managers, marketers and sales people. Instead of hearing and writing about the challenges of encryption, incident management and compliance, I’m living it. No complaints there; it’s what I wanted.

It’s made me realize that it’s more important to keep learning and doing the work than to opine about every instance where my peers get their underwear in a twist. People once used social media to build up the security community. Now they’re using it to tear vast segments of it down. I see more bickering about tactics and positions than discussion about how we can do better.

You’re either right or you suck.

Some have denounced the whole idea of a security community. They’re suggesting the industry and community are two different things. The community, they say, is a collection of cliques — the so-called cool kids and posers — whereas the industry is where all the grownups are.

Like most things in life, it’s hardly that simple.

The problem isn’t that people pine for the idea of a community. It’s that too many people lack understanding of what a community is.

Communities are a mix of people with different beliefs. They’re places where people can come together for the greater good while still arguing about smaller things. Real communities are not offense- or trigger-free zones.

Infosec isn’t unique, either. These communities exist in many professions, and people behave in them much the way they behave in the infosec community.

I could write a post suggesting people stop being so ridiculous. I could suggest some of us stop getting so offended about everything. And before this year, I probably would have.

Right now, though, I have more important things to do.

It’s not that I’m personally offended by it all. I just don’t have time for it anymore. The challenges we face are big, and the squabbles make us small.


  1. Lots of good points. But I believe there is a history of there being far more community related drama vs. folks in the industry as many industry folks are not active in/on social media. Also, the cliques do exist. Harvest the speaker names from the last decade of cons and b-sides events if you don’t believe they exist. Lots of same old people / same old stuff going on at cons. Also, community seems to own cons for the most part and they seem to be thin on corporate Infosec stuff and heavy on hacking and idealism.

Leave a Reply

Your email address will not be published. Required fields are marked *