Yeah so…

…maybe you’re smarter, or have been in infosec longer, or perhaps you had someone help you along. Those are all really great things to have. What they are not is a license to lord it over everyone else or use it as a personal ego trip.

There are a lot of great people in this industry. There are ones that are trying to help people like myself get to where they want to be because it’s better for the industry as a whole. If you are not helping others learn you are part of the problem. There are those who help by creating blog posts on how to use tools or provide targets for those of us trying to learn to use the tools. Those are the people who are the “rockstars” of this industry. Not the ones that discovered the latest 0-day du jour.

Jayson Street made a comment when we were hanging out before Thotcon that hit the nail on the head. There are people out there who say “I broke it. You’re welcome.” They don’t care if anyone can fix it, they don’t care if anyone else learned from it. They are just there to beat their chest and inflate their own ego. That’s not helping anyone.

There are quite a few people out there that want to help others out and want to answer questions or give advice. Unfortunately those are also the ones that are often berated and put down because someone disagrees with their thoughts or feels they are only talk. Bringing attention to security is what we need and what we want. If we can get more people to care about security our job will be that much easier.

Will I ever be the top pen-tester in the world? No. Will I ever be on the cover of a magazine for how brilliant I am? Probably not. The reason I want to take this road is because I want to make the company I’m working for just a little bit wiser on what their risks are, so they have the knowledge to make a decision. It’s not a grandiose goal and I will probably never get rich off of it, but I’ll love going to work and I’ll do my best to help out those that come to me for knowledge and advice.

So to the @jaysonstreet @elizmmartin @ben0xa @securityninja @jwgoerlich @coolacid and @davienthemoose of the world, thank you for your insight and encouragement from a guy trying to start anew in this arena.

3 thoughts on “Yeah so…”

  1. That’s what this industry is really about; helping others. Why would we put ourselves through dealing with InfoSec if at the core we didn’t want to help? Great post Scott!


  2. Wolfgang turned me towards this blog post and I have to say I couldn’t have said it better myself. I think that line of thinking is the cornerstone of our industry and exactly just what sets us apart from most other industries that I have experienced. The willingness by *most* to help someone who is a “n00b” or just getting their footing in this industry is amazing, even the so called “Rock Stars” that I have met have been more than willing to share their experiences and help if you ask.

    This is a great industry full of amazing people. I hope to contribute in anyway I can.

    BTW very much looking forward to your talk at BSidesDetroit!


  3. YES. That list of people you put at the end, if I could have 1 of them for every 1000 manchildren in InfoSec, I would be a happy happy man.

    I’m an Ops guy. I build things. And I have to keep them working regardless of what developer, company, or demon built them. Breaking them and walking away helps no one, because at the end of the day they still need to work. Build more, break less.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s