After more than 30 years in the security industry, I must confess, I am (sadly) still addicted to FUD. For example, one recent morning I clicked (and tweeted) these cyber headline stories:Augusta University Health Reports Major Data BreachSuperdrug denies data breachHealth Data Breach Victim Tally for 2018 SoarsJudge approves Anthem's $115M data breach settlementIndeed, big data breach stories and other major security incidents that keep offering large doses of fear, uncertainty and doubt (FUD)\u00a0to the world, just keep drawing me back.Despite my best efforts to stay positive about cybersecurity and keep clear of that dangerous, addictive substance, bad news FUD is still winning me over.But\u2026. I\u2019m not the only one, there are plenty of us that are tempted by FUD. In fact, it is my opinion that, despite professing anti-FUD rhetoric, the vast majority of cyber experts have the exact same problem \u2013 even if they don\u2019t know it. Allow me to explain. \u00a0My history with FUDBacking up a bit, I have studied the many dangers of indulging in FUD and have written about it several times before, defining the good, the bad and the ugly of FUD back in 2012. There is little doubt that FUD, when overused, can certainly destroy security careers and harm one\u2019s credibility and hurt the security industry as a whole. Many experts proclaim a critical need to cut the FUD.But like a hungry boy drawn by the smell of freshly baked chocolate-chip cookies on the kitchen table, I\u2019m hopelessly attracted to the juicy details behind big banks being hacked, credit agency employees falling for phishing scams, ransomware bringing down governments, cyber pirates hacking ships, the latest zero-day malware that defeats Microsoft or Google or Apple, big tech companies making stupid online mistakes, cars stolen by hackers' radio transmitters, NSA employees and contractors turning to the dark side and more and more and more.Yes \u2013 my enquiring mind wants to know. \u2026I get excited when a major new data breach hits the top headline of the Wall Street Journal, New York Times, USA Today or the Washington Post. I often see big hacks and other huge cyber problems as opportunities \u2013 not societal ills.When the Target, Equifax, OPM, Yahoo and other data breaches were announced, I devoured the details, surfing the cyberspace for the \u201crest of the story,\u201d hidden secrets, and expert commentary. I share my views on LinkedIn, tweet about various aspects and angles of the security problems, argue with simple fixes and explain how the story fits into historical context.I write about cyber incidents, hacking trends, breach predictions, new technologies like IoT \u2014 and try to connect the never-ending security ramification dots. When bad news surfaces, I ask: What does it all mean? What\u2019s next?I add the best articles to a database of stories regarding vulnerabilities, malware causes, hackers, ransomware, dumb mistakes, best practices and more. I go to data breach \u201ctell all details\u201d sessions at security conferences.But before you laugh and say \u201cbeen there, done that, got the T-shirt,\u201d I have a challenge for you. Do a little soul searching. Are your prone to this too? Really?I think the majority of security pros and hackers that I know act in a similar way \u2013 even if they consider themselves security \u201cenablers.\u201dYes, I even went through major \u201cFUD rehab\u201d more than a decade ago. I became (one of the first) professed security enablers (anti-FUD champions) back in 2006, and tell stories at more recent conferences about my redemption from FUD. You can read about that history here, and how I almost got fired as a CISO before I figured out that I needed to get to a \u201csecure yes\u201d using technology. \u00a0But the problems live on as our global cyber challenges accelerate.Is FUD in our cyber industry DNA? So how did I learn about this hard reality and come back to relook at FUD \u2013 again, right now?Back in February, I was at a Super Bowl party, where I saw a friend that I typically talk to a few times a year in Michigan. He came right up to me and said (in a melancholy tone), \u201cDan, I see your posts on LinkedIn all the time. I love your writing, but I can\u2019t read them anymore.\u201d\u201cWhy?\u201d I slowly responded.\u00a0\u201cI just get too depressed reading about all that negative security news. It\u2019s all problems, hacks, breaches, lawsuits, privacy violations, and worse. No good news. But things can\u2019t be that bad \u2013 since technology is booming.\u201d\u00a0(Side note: At this point someone interrupted us with a game update of a touchdown for one team, and we never finished the conversation.)That exchange stuck in my mind for months \u2013 leading to this article.\u00a0I started asking myself questions: Is FUD in my DNA? Why do I keep going back to these stories?I analyzed my LinkedIn posts, Tweets and other online activities. My weekly blogs were varied, well-rounded and offered cybersolutions, so that didn\u2019t seem to be the top concern. \u00a0But I did notice a more negative trend with my tweets and LinkedIn posts, likes and comments. I did tend to send out multiple posts when a big data breach story broke. These posts received the most attention, likes, comments, responses and dialogue.And it wasn\u2019t just me. Analyzing Brian Krebs and several other well-known security bloggers, I saw even more data breach focus. I wondered if endless descriptions regarding these stories \u2013 and even breaking the news of new data breaches \u2013 hadn\u2019t become a part of how our cyber industry survives and thrives. Don\u2019t people have a right to know? Don\u2019t they have a need to know? \u00a0\u00a0Diagnosis: Why is FUD so addicting? After pondering FUD further, I diagnosed why these negative stories are so popular. Here are a few reasons for FUD growth:Viral attentionEasy to talk about \u2013 everyone is doing itFront and center \u2013 hard data \u2013 facts are factsGets a lot of easy attention in social media (likes, comments, more connections)Keeps you relevant \u2013 for now \u2013 shows need for securityShows that you keep up with news \u2013 even deciphering fake newsQuestions people will ask anyway. Why not beat them to the punch?Play Monday morning QB \u2013Those stupid idiots\u2026 - I would never\u2026 yada, yada, yada\u2026Cyber solutions are hardNeed to understand problems (i.e., think like a hacker) to understand how to build solutionsSolutions often don\u2019t work well or only work for a moment in timeBad actors can go around solutions almost like a roadblockSolutions can make you vulnerable to counterattacks \u00a0\u00a0Stay illusive. Don\u2019t get pinned downViral attention (yes, it's bears repeating)Living with FUDWhile I am convinced that the FUD addiction will be with us for the rest of my life, I also believe that FUD does have role to play in the industry. Here are a few ideas that can help harness the power of FUD:Be aware\u00a0\u2013 Understand your own actions and the natural security pro tendency to \u201cshare the FUD\u201d as described above.Offer cyber solutions\u00a0\u2013 Even when you do share FUD, don\u2019t leave people hanging. Even one cyber hygiene tip (or two) can help. What could have been done to prevent the issue? Use more thoughtful answers when possible.Make FUD an appetizer, not the main course. \u00a0When using FUD in conversations, presentations or as examples, don\u2019t make it the main topic. Provide a balanced cyber diet.Final thought: As this blogger points out, the opposite of FUD is often security apathy. Passionate security pros can struggle when others neglect, ignore or dismiss cyber risks as not being relevant or worth addressing in the enterprise. In those cases, FUD is many times used to defeat the naysayers.But FUD becomes a serious long-term concern when overused. The Chicken Little, yelling FUD too often can burn people out.This \u201cFUD \/ apathy pendulum\u201d can swing back and forth while pragmatic business people look for a reasonable middle ground.\u00a0 One helpful goal is to become (or maintain the role as) the trusted advisor who, even if you are addicted to FUD, offers your business best practice solutions that can help reduce cyber risk in reasonable ways \u2014 without hype.So how about you? Are you ready to cut the FUD \u2013 or not?