• United States



Can CSOs Learn Anything from the Response to the Kathy Sierra Incident?

Apr 03, 20073 mins
CareersIdentity Management SolutionsIT Leadership

  Over the past few weeks, it seems that everyone online has an opinion about the recent Kathy Sierra incident. Whether you’re for BBC’s appeal for a new blogging code of conduct or not, I think the reaction from bloggers is very interesting. CSOs should take note.

 There are hundreds of blogs about the Kathy Sierra incident. If you want to learn more about what actually happened, a Google search on “Kathy Sierra death threats”  will yield almost half a million results that you can examine.

 The BBC is leading the charge for a new blogging code of conduct.

One interesting blog is called “Hate, Threats, and the Culture of Love.” 

The has created a model Bloggers’ Code of Ethics, with such items as: “Be Honest and Fair, Minimize Harm and Be Accountable.”  Bloggers should also admit mistakes and correct them promptly.

Of course, a large number of bloggers think this is lunacy, such as Duncan Riley. He calls this effort,  “Stupidity Personified.”

But whichever side you’re on, I think there are several questions raised that CSOs can take away from this debate.

 Question #1 – Why can’t we get the same level of interest and debate going around other areas of online ethical behavior? Why can’t we build a healthy online security culture at our companies and governments? Is it that death threats finally cross the line? Clearly these threats are horrible and illegal, but so are many of the other behaviors which are rampant online.

 Question #2 – Why stop at a blogging code of conduct? There is a wide list of ethical issues with current online behaviors – which are discussed in several of my previous blogs.   

Why not have a code of conduct for other areas beyond blogging? Why did this one situation – a death threat – lead to new calls for a blogging code of conduct? For example, there is racially-charged hate language used in response to blogs all over the internet without the same level of response. The ethical list from goes even further.

 These are just a few questions, but there are many more which could be asked. I don’t have clear answers, but somehow CSOs need to figure out how to turn this situation from “lemons to lemonade.” Perhaps some good can come from this yet.  

 One suggestion: talk about it with your staff. Why do they think this incident struck such a world-wide appeal for a blogging code of conduct from some people? Why are others so against it? Any thoughts?


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author