We have a problem. It is a big problem. We want maturity. Maturity of the security scene. Mature security postures. All while we tend to be immature gits. This is a big problem.
Over the last week there was yet another big to do in our community, and a few more minor ones. Lets start off though by defining our community. The infosec community at large is not a be all end all, in fact as Jack Daniel mentioned in a twitter thread
I’ve given this a lot of thought and I have long used “communities”, plural. I think of us as more in the nations/tribes/clans/families model, but with the profound complication of significant overlap in some areas.
— Jack Daniel (@jack_daniel) February 13, 2018
Jack is of course correct. We have splinters, as large groups usually do, back down to more manageable sizes. Each of us in many different groups. Some are maturing faster than others, some are not.
I bring this up because even with different groups, we still tend to have an overall gang mentality. We pile on something we do not like until we beat it to death. Sometimes, like Trevor, it was meant to be in fun. Sometimes, Like with the case of a company slamming a security researcher, we go too far. There is a line that we should not be stepping over if we are mature. Complain about stuff, yes, but to what degree? A company issues an apology, fires the offending employee and wants to go on with what it does. Do we punish the rest of that companies employees by constantly berating them? Do they make a decent tool that we could use, but now won’t because of a mistake? When do we stop complaining and berating? When do we start acting mature? You know being mature gets you more respect than throwing an ongoing temper tantrum, and that is something parents try to teach their children at a young age. We want to be taken seriously, and we should be, but it is harder to do that when we act like over privileged spoiled brats, and we do act like that at times.
Now back to the statement by Jack. There are people, like Jack, or Lesley (@hacks4pancakes) and may others who we look to as leaders. They are respected by many if not all of our sub communities, and see this issue. Some of the sub communities take this to heart and others do not. We need all of the communities to start thinking more maturely, start using more honey than bitters to get our points across, and stop with the gang mentality. We want to be taken seriously, but we can’t even take ourselves seriously. Look at the “rockstars” that slam people for getting certs. Look at how we slam each other for thinking differently, for having opinions that do not agree with our own. Do we act mature and discuss or do we berate?
It is not easy to change, we know that because we are trying to change corporate cultures to being more secure. We have a chance right now to show them that we accept change, and change ourselves and our attitudes to something more mature. The choice is in each one of our hands.