vext

vext

Hacker. Nerd. InfoSec pro. Armchair lawyer. Certifiable. Breaks things to rebuild them better. Understands opex decisions, but resents them. Bleeds purple.

On identity, tribe, and infosec

6 minute read

I’ve been thinking lately about “the infosec community” because of some things I’ve read from folks on Twitter. Unlike my “DMs to myself,” posts, I’m not going to single out any specific tweets, here, because that isn’t the point of this post. The point of this post is to talk about “the infosec community.” Of course, to begin with, it’s something of a misnomer; there is no single infosec community. We are a community of communities. There are specialties. There are niches. There are different kinds of infosec professionals. Some are rock stars. Some are nine-to-fivers. Some write amazing tools that change testing almost overnight. Some never write a line of code, but still manage to provide their clients value in security assessments. Some professionals are red, some are blue, and some are purple. Some “professionals” aren’t very professional at all. Infosec (or cybersec, or netsec, or whatever you want to call it) is an umbrella term for a whole slew of vocations, and there is no simple way to sum up what we mean when we refer to “the infosec community.”

This, of course, is only part of the story, because every community is made up of people. Big companies, especially, often forget the more important part of their “human resources” is the human part. Infosec is a microcosm of every other part of humanity. Some of these people are politically left-leaning, some lean to the right, and some don’t fit cleanly in either extreme bucket and find themselves more to the middle. Some have lighter skin, some darker. Some believe in one god, others believe in a different one (or more), and others still no deity at all. Some are men, some are women, and some are non-binary. We are all people. We have identities, and most of us have a natural tendency toward tribalism in some form or other. We seek our “in group” that we can identify with, that we can feel is safely “us” as opposed to “them.” Traditionally, this has taken the form of spending significant amounts of time with a given group in order to belong. Social media has changed this profoundly. We can join groups quickly. We can identify with groups quickly.

There is nothing wrong with belonging to a group, or to many groups. It’s healthy to be involved with other people, to be exposed to differing points of view, other ways of thinking. To do otherwise is to be a hermit, or to operate in an echo chamber full of self-inflating ideas. It is good to have a sense of belonging, to know there are people who care about you and that there is help when you need it. From time to time we all need it. Sometimes we go through something truly challenging, that shakes us to our core, and having friendly ears to listen or shoulders to lean - or cry - on can be a literal life line. Sometimes we get so fed up with some challenge in our life that we need to vent it out to someone who can offer a compassionate ear. Sometimes we just have a “meh” day and like to waste some time with friends over a beer or a show or a video game. This is what community - any community, be it friends, family, colleagues, or a mix of these - is for.

Sometimes, though, we get mixed up. We get so wrapped up in the sense of belonging to a community that we forget the fact that we’re all individuals. That we all have lives and stories and experiences. We all have worth. We aren’t merely members of a community. We are members of a community, and we are individuals. We all bring something unique to the communities we are a part of. We define the communities, not the other way around. Sometimes we forget this. We can get so wrapped up in the goings-on of the community that we identify as that, rather than with it. It’s an important distinction. Words have meaning. They shape the way we form our own thoughts, and they shape the way others form thoughts about us, and what we say. “Hi, I’m vext, I’m a pentester,” is a different statement from “Hi, I’m vext, I do pentests.”

Why does this kind of nuance matter? Because sometimes we get lost in the groups we identify with. Sometimes we get carried away, and things get unhealthy, for us and for the groups. There are, I’m sure, groups that deliberately seek to bring this about, aiming to prey on the vulnerable and take advantage of them. To indoctrinate. Far more common, I’m sure, it happens all on its own, without the need for any shepherding. Whatever the cause, I’ve seen a lot of it. I’ve seen the vitriol that people hurl at each other, when they are standing up for their tribe against the other. I’ve seen it in political discussions, in matters of vocation, in matters of gender and race, of rockstars and those behind the scenes, of usses and thems.

Platforms like Twitter make it all too easy to fire off an angry message - short and without the room for any real nuance, thanks to character limits - without taking the time to think about it, first. There is no pause, no space for reflection on what impact the message might have. What repercussions may arise as a result. People re-tweet and like things that they find important, and the algorithms in the background filter and rank and display the things we are most likely to respond to. We might only see part of the story - maybe because we only follow one of the people involved, and Twitter only shows us that person’s tweets, out of context, or because somebody in the conversation is blocked, rendering them silent and deaf to the situation being discussed. It’s like some bizarrely choreographed, amplified version of high-school gossip, and it all too often becomes toxic. Sometimes the toxicity is from those perceived as oppressors, and sometimes it’s from those who consider themselves the oppressed. Sometimes there are real repercussions. Sometimes people get upset. Sometimes people lose their jobs. Sometimes people take their own life.

Social media is a tool, and like any other it can be used for good or bad. The purpose of it should be to communicate with others. To start conversations. To share ideas. To seek the truth and find ways to improve the things we care about. It’s ok to disagree, but civility is important. Trolls and arguments may be entertaining, but they don’t change minds. Conversations are the only way to actually communicate with those who disagree with us. If every encounter devolves into name-calling, ostracizing, and tantrums, we are all wasting a lot of time, effort and attention.

Another aspect of this post is a mea culpa, of sorts; while everything I have described above relates to witnessing the conversations of others, I am not immune to this issue. I’ve tweeted things that would have been better left untweeted (untwatten? untwote?). I intend to improve, in that regard. For my part, I intend to be more thoughtful, before I send a tweet; to consider my words, and what their result might be. I’m not afraid to offend someone, but neither do I want to cause undue harm, or be an irredeemable asshole. For my part, I will think before I tweet. I invite you to join me. May we have more meaningful conversations, and fewer clickbait flame wars, together.

Updated:

You May Also Enjoy

The Ways I Use Mind Maps

11 minute read

Not so long ago, a friend and colleague of mine inspired me to start using mind maps. Since then, I’ve incorporated mind maps into various workflows wherever...

DMs to myself 4

7 minute read

Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...