Security Passion

With one more day of the conference marathon to go I thought at least one post was in order. Across Infosecurity and BSides London I have found…no, I have confirmed that there is huge passion about the trade alive, well and being generously shared by those starting out, those further down the road and those who’ve got there.

Grafters and Believers

I’m not going to specifically out everyone for their stories, but these individuals and their friends will recognise them:

  • A now hugely high profile chap who, in his early security days, started a blog. Despite no real conflict of interest his company issued an ultimatum – stop or go. He carried on and went, because he was passionate about raising security awareness and promoting good practice.
  • The fella who did a full-time job sharing great simple security advice, when he already had a full-time job in a completely other field, plus responsibilities as a single parent.
  • The guy just starting out, so passionate about doing things ethically to safeguard our privacy he’s severely limiting his career prospects. Easy to look from a few years forward and say ethics are very costly things. I personally hope the industry creates a place for him with a living wage before he’s forced to compromise.
  • Another guy who found out he could talk his way into (or out of) anything. That opened up lots of lucrative fast buck making avenues, but instead he’s taken the personal risk of starting his own firm to educate us about people like him. Folk who have the expert means to manipulate us and steal our data, endanger our livelihoods, or put our safety at risk.
  • The chap who’s non-security company failed, leaving him very low. Unable to find other work, he turned to his interest in security. Every day he researched and tried out security techniques. Painfully shy (as a result of the professional knocks taken), but still reaching out to others in the trade for advice, which he took and built on.

Leaders and Supporters

Then there are the folk who help and encourage others. Many very very quietly. Each of the people described above has been spotted for their passion, hard work and genuine love of the trade by fabulous mentors. It’s so, so easy to like the warm and fuzzy thought of helping folk out, but these guys go out of their way to see potential and hard graft rewarded. Including, in various ways, all the volunteers that made BSides possible – THANK YOU!

Creative Problem Solvers

Then there’s the vendor side. I picked the brains of a few and which stood out? The ones who had sent folk to the conference who really got what their product did, were itching to share what was bubbling away in development and naturally talking about the way it met real business needs. That wasn’t limited to the small guys either. Some of the big players also seemed to be getting it right. Perhaps the sales wool was being pulled over my eyes, but I doubt it – I’ve been on the other side of the fence and I’m pretty good at spotting a commission chasing schmooze, however subtle and convincing.

Top of a Small Mountain

I’m lucky enough to have spoken to, met, worked with and worked for a whole bunch of other similar folk and to get a security blogger award tonight was the icing on a cake that’s been baking for a very long time (best new security blog – fantastically pleased). That’s due in large part to a community who stayed open minded when they could have closed protectionist ranks to build a comforting clique.

Go For It (minus the trite)

Wincing waiting for the ‘just go for it and life will be fantastic’ chat? Not gonna do that to you, because changing things that aren’t working is darn tough, so here’s an alternative:

“I know I’m not the only one who would like a change. I’m no expert on this, but if pushed I wouldn’t say “live the dream” “make your own luck” or any other trite bollocks. I’d suggest pausing and taking a step back if work is undermining you, or your confidence in yourself. Think back to the last time you felt valued and engaged. Compare what worked then and think hard about whether you’ve changed, or if the circumstances have. Is what’s happening now acceptable by your personal benchmarks (not the benchmarks of whatever (or whoever) is bringing you down)?

If you’re doing the things that have always worked and what’s happening isn’t acceptable by your yardsticks, maybe find some people who will be completely honest with you and talk about what you really want. You can’t always change things in a hurry, but if your guts say it’s wrong for you and won’t improve any time soon, try and have faith life will throw you a lifeline, or, a life thread or two. In the mean time don’t be afraid of talking to people in person or on social media who do things in a way you like, or are in the kind of jobs you aspire to. Any worth their salt will share advice or point you to others who can help. Those threads of faith and effort will eventually add up to a way to climb out of whatever hole you’ve found yourself in” 

Are Companies Doing Enough To Nurture Effort Freely Offered?

Fair enough the security trade is still struggling to pull itself together into a mature coherent whole. Yes people can get stuck in their own, often technical, silos. Yes we can make stuff as clear as mud, but there is such a huge amount of positive energy to harness. Something firms aren’t doing well at. If companies doing badly want to do better I’ve grown my list of role models in the last couple of days who have great tips. If you know firms who are doing great, perhaps let me know.

P.S. Don’t search for ‘passionate about your job’ images unless you have a high tweeness tolerance level – plumped for fellows jumping off mountains instead.

0 replies »

  1. I’ve been in various industries, but infosec is astonishing. Full of passion and selfless givers. Never seen the likes of it before. In fact, I’m not convinced there is a comparable industry. It’s like a big caring, supportive family.

Leave a Reply