Cybersecurity's Court of Public Opinion

A few thoughts on welcomeness, empathy, and treatment of one another in the cybersecurity community.
Cybersecurity's Court of Public Opinion

This was not the weekly article I was planning to write. I had a potential legal dispute last week that needed to be addressed immediately. I'll leave it at that because I don't want to implicate the other party. As a result, this publication will have a different name as soon as I can settle on one.

The legal portion of the dispute was my fault. I take full responsibility. It was an honest mistake. It shoudn't have happened. I apologize for any confusion I have caused in the few weeks I've been writing.

The tone of the dispute wasn't. It was a discouraging conversation with a relatively prominent individual in cybersecurity. I'm sharing a few thoughts about the situation only because the conversation goes against my fundamental beliefs about how we should behave towards one another in the cybersecurity community.

What was said isn't how we should be treating one another, regardless of fault or other justifications. Notably: Disparaging each other's writing. Ridiculing the size of a person's audience. Reporting them as copycats. Threatening public shaming. Taking legal action. Behavior like this is disappointing, particularly when it's coming from people in positions of authority.

I debated whether or not to say anything. I could have changed the name of the publication without many people noticing — it's an early stage project. There were too many things on my heart for me to say nothing at all. I have chosen to withhold the full conversation. Sharing the exact details isn't constructive. The point I'm trying to make isn't specifically about me or this situation.

This isn't "poor me" — I'll be fine. I'll call the publication something else. DNS changes and redirects work. Bigger picture, I'm fortunate to have great clients and mentors, a network of peers, and enough financial stability. I'm also afforded all of the (undeserved) privileges that come with being a white, college-educated male. I know other people in the industry who have been treated far worse than this — I’ve seen it first hand.

Here's what bothers me: other people in the same situation may not have been okay. They could have put their life savings or growing reputation on the line to start a writing project like this. They could have had their confidence completely crushed, their work erased before they had a chance to grow. What happened to me could have happened anyone who wanted to try their hand and start something new.

Cybersecurity is in the global spotlight right now — often not in a good way. People are depending on us to protect them. We need all the talent, creativity, and help we can get. We've talked a lot as a community about removing barriers and judgment. About being welcoming and kind to one another. About putting an end to gatekeeping.

People want to join us, but they need support. They need to feel welcome. They need our help to grow and develop, especially when they're starting something new. They need us to show empathy when they make mistakes — we all do.

My hope is that we can continue making progress towards becoming a more welcoming, collaborative, and empathetic community of cybersecurity professionals. We have to be better. I know a lot of us are. This is a reminder we still have work to do. Myself included.

If you're subscribed to the email newsletter, you'll be the first to know about the new brand after that. I'll be spending more time writing on Twitter while this situation is being sorted out. Finally, if you have creative brand ideas, I’d love to hear them.

Maybe someday I will have written something good, gained a large following, and built a brand to call my own. Until then, I can promise that none of you are a "headache" to me. Your contributions matter, no matter how much or little you've written, how many followers you have, or who you know. I respect and value you as a person working in the industry alongside me.

You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Strategy of Security.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.