Feelings! Nothing but feelings!
At BSides San Francisco, I met David Sparks, whose blog post on 25 security professionals admit their mistakes [link to http://www.tripwire.com/state-of-security/it-security-data-protection/25-information-security-blunders/ no longer works] I commented on here. And in the department of putting my money where my mouth is, I talked him through the story on camera. The video is here: “Security Guru Tells Tale of How His Blog Became a Botnet Server ” [link to http://www.tripwire.com/state-of-security/it-security-data-protection/%20security-guru-tells-tale-of-how-his-blog-became-a-botnet-server/ no longer works]
It felt weird. It really did. I’m glad I did it. I want to continue to be able to talk about owning up to mistakes, and a big part of that is how we feel about talking about it. It’s all to easy to talk about something else, and not learn from it.
On which, kudos to Chris Hoff for talking about his story in “A Funny Thing Happened On My Way To Malware Removal….” Kudos to Jeremiah Grossman for owning up to being “Terrified” before getting on stage. And kudos to Bill Brenner for writing his OCD Diaries.
Despite our aspirations, we’re not computers. We’re not fully rational beings. We’re collections of tiny advantages collected in an expressed genome. We are products of our experiences through life. Pretending it’s all about the technology hasn’t worked.
I’m eager to learn from my mistakes and share the lessons, but I don’t always see those lessons myself. So sharing the stories and learning from each other will give us advantages, let us become products of not only our experiences, but those of others, and drive our ability to make information security a lot more fun.
Seeing more than the technology is one of the key themes that Andrew and I wrote about in the New School, and I think it deserves more attention.
We’re not going to be all about feelings here, but we’re going to talk more about the human side of security.
Hey Adam,
The video helped me question what I need to do to protect not only the servers we run but also desktop environments. Am new to security and frankly have yet to find a mentor who will take me under their wing to part with their knowledge, Am willing to put in the effort and hard work but often resort to hours of endless mining of the web to find an answer but your video definitely helps. As a favour, would you mind if I dropped you emails on things I am not clear on as long as you don’t see them being stupid questions?