Wednesday, 15 August 2007

Fame and misfortune

My fame is spreading quicker than expected, and not particularly in the way I would have liked. Richard Stiennon called me an old man a couple of days ago. I only picked it up because Alan Shimel made a reference to it. And even then he called me Ron. :)

I guess I should be happy to be referenced by Richard and Alan at all, but the fact is, I'm not so old. I'm 31. Rothman's far older than me, and Alan, not to mention Stiennon himself. Ah, so he said I "sound like" an old man. Perhaps I should take that as a compliment coming from an old man of security like him?

OK, I've been in security a long time, and my post the other day about where security is heading may have been rambling, but that's because I really have no idea what's happening at present! It certainly wasn't a complaint as Richard seems to imply. It was a request for feedback if anything, a postulation of several hypotheses for some extra scientific input from field scientists, you guys. My thinking at the moment is that whilst there is an element of convergence, there is also massive divergence, and that's being caused by vendors (like myself and Richard).

When he says I'm tired of my own industry, yes I suppose I am. That's very specific though, "my own industry" is very much tied to vendors, network security, and the marketing bullshit that comes out of that area. It's been very much device orientated. I'm tired of FUD, I'm tired of compliance being confused with technical specifications. I'm tired of the same mistakes being made over and over again. Yes I can be short-tempered with people who I find ignorant, who repeat misquoted statements as fact ("70% of attacks are internal"), but if someone crosses or questions me, I have all the patience in the world. I like questions, and I like answers, but if somethings going nowhere, I want to kick it and get it moving.

There's far too much criticism and one-upmanship going on at the moment. Maybe the old guard is feeling threatened. I'm not a guru, I don't want to be. I'm no expert, I'm a trained professional, like all of you. We need more of a community, like Michael S's (I'm not attempting that surname) Security Catalyst Community for example, where everyone is equal, and encouraged to share. If someone says something incorrect, we teach, we don't criticise.

I never thought I could avoid rudeness through blogging, but I didn't expect it from here.

No comments: