• United States



Do infosec tweeps talk too much?

Oct 26, 20113 mins
Data and Information Security

A friend in the security industry took issue with my suggestion that it’s good for people who don’t see eye to eye to keep talking. It’s better to do, he says.

But can we really do our jobs effectively with just one or the other? I don’t think so.

Some background: Yesterday I wrote a post about security debates forging unlikely friendships and how it demonstrates the power of constant communication.

A flurry of discussion followed on Twitter. At some point Chris Hoff, a friend and, in my opinion, an industry heavyweight, weighed in with this:

@Beaker: “What this industry needs is less talk, more do. Just saying’ ;)”

To that I replied:

@BillBrenner70: “Sometimes, gotta talk before you do. Otherwise you’ll do it wrong.”

To that, Hoff said:

@Beaker: “So 20 years of talking … good enough? Meh.”

I understand his point. There is an extreme in this industry where some do indeed confuse talking about good security with actually making it happen.

But there’s another extreme where some security practitioners just want to go into the office and “do” — spending their days away from the Twittersphere and the higher ups. They prefer to review code, monitor firewall settings, patch systems and study their dashboards without having to talk to anyone.

We need people like that, with the laser-like focus on the cold details. But we also need the talkers, the ones who question the conventional wisdom and dive into the heated discussions.

It’s amusing and maybe a bit ironic that a couple @Beaker tweets prompted me to write this post. One of the reasons I respect Hoff so much is that to me, he’s a good mix of talker and doer. He spends long hours in the corporate weeds pushing the needle forward. But he’s also an effective talker. He’s probably the most prolific twitterer out there, he regularly travels to conferences to give talks and he’s a disciplined blogger.

That’s what I think we need more of: Practitioners who can strike the right balance between talking and doing. Those who can pull it off become the leaders of this industry.

There are plenty of people who fall into that category: Akamai security chief Andy Ellis and Liquidmatrix head honcho Dave Lewis come to mind.

Keep doing. But don’t stop talking, otherwise, as I said yesterday, you might start doing it wrong.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!