Yesterday I put out a post about what I saw as a worthy discussion over cliques and cool kids in infosec. A spirited Twitter discussion followed and -- as often happens on Twitter -- it devolved into a bunch of spitting in the echo chamber.
Someone suggested that by even bringing up the subject I was turning CSO into a gossip rag. One person tastelessly suggested I stake out a nightclub and take pictures of a well-known infosec luminary as he was exiting the building. The same person suggested the issue was irrelevant; that every industry has its cliques and I should focus on something relevant.
I want to set the record straight on a few things.
First, this post was a valuable lesson for me in the complexities of social networking and privacy. I shared a conversation someone started on Facebook without asking them first. I've done this before, seeing things said on the social networks as fair game -- statements made in the public realm. I also thought nothing of it because in the past infosec pros have expressed thanks when I shined a spotlight on an issue they were raising online.
But someone pointed out that Facebook is different from Twitter. When you say something on Facebook, you are speaking to a smaller network of friends. If you aren't connected with the person, you are not seeing their posts. Therefore, some conversations are private. I put a lot of thought into that and the man had a powerful point. I apologize to those who feel I invaded their private space, and I will ask first from now on.
Second, I disagree with those who call this gossip or a non-issue. For the record, I wasn't complaining about cliques. I was letting other people do the talking. Do I think there are cliques in infosec? Sure. You see it in every industry. The word is often maligned, but I don't think it's bad that people choose to exist in certain circles. I communicate with people from the different so-called cliques every day. I consider many of them friends. I think the diversity between different camps is one of the things that makes this such a vibrant community.
Is there name calling in this community? Yes, and there is in every community. When I see name calling, I often speak out against it because I believe we get more done for the greater good when we're civil toward each other. Of course, some see disagreements as name calling, especially if they're being disagreed with. Debating and disagreeing is not the same thing as name calling. Debate makes the community stronger and more aware.
That's why I was attracted to the discussion at the heart of yesterday's post. I thought a lot of reasonable points were coming out. I thought a lot of reasonable points came out of the Twitter discussion, too.
For a community like ours to keep moving forward, we need to periodically review how we talk to each other. We can do it like grown-ups.
Here at CSO we cover a variety of security topics from both technological and cultural perspectives. If you only have one or the other, you're not getting the full picture.
I'm going to continue to write about the public discourse of our community when I see something relevant. If that troubles you, I have a simple solution: Go read another blog.
Thanks for reading and indulging me on this topic.