In the infosec world, social networking is at its best when real issues are debated. Yesterday, my friend Gal Shpantzer contributed to that effort when he asked his Facebook connections: "What do y'all think of cliques and cool kids in infosec blackballing people for not being clique-y enough, or not being in the right clique?"
A good question. I hope Gal doesn't mind me rummaging through his page. But the feedback he got is worth sharing here. With that, here's a look at some of the responses he got:
Nicolle Neulist: I lose professional respect for people who carry themselves that way on social media.
Dan Tentler: It's childish, stupid, and naive. It's something I wish would either quietly die and go away, or conversely explode massively with colorful flames and shrieks of agony.
Chris Schmidt: In my experience (and thankfully I have only had to deal with that situation once professionally) the choice was given -- get over your ansgty high school (expletive) or get out. No talent is worth that much drama in a professional environment.
Daniel Kennedy: The issue with the community is that there is a community -- conferences staffed with the same grandstanding clowns who contributed one significant thing years ago, and for some reason are then asked back to dash together a presentation the night before year after year when they lost substance and relevance long ago.
There are those that remain relevant over time, but many more who simply pin whatever they claimed to have done years ago (growing bigger by the year in their stories) on their chest and then proceed to start talking about things they don't really understand. And make sure to cop an air of undeserved arrogance alongside it, because without it, no one will buy what you're selling...and get some hack journalist to add you to the 'most influential something or other of blah' because that strengthens the illusion.
Tom Liston: I would answer your question, but... well... you just don't hang with the right people...
Bob Gourley: There are a lot of issues in this community. a much bigger one, in my opinion, is the issue of charlatans. I'm the first to tell you I'm the wrong guy to call to do forensics on your computer or to lead an incident response. But I know world-class best people to call for that. And I also know people who pose and pretend they can do that. And that is just one example. There are so many aspects of this community and so many specializations that we also have to watch for someone who is good in one thing asserting they are good in another.
Where do I stand on this? I pretty much agree with everything Daniel Kennedy said. But that's just me. ;-)