Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

The difference between curmudgeon and curmudgeon.

I’ve read with interest both sides of the “curmudgeon” debate, and while I understand the arguments on both sides, I don’t think that it’s about seniority or caring.  It’s about maturity, which is a very different beast.

In my more than 25 years in the industry, I’ve seen the attitude promulgated that if you’re smart and have skillz, it’s okay to be an asshole.  That it’s somehow okay to hurl insults under the guise of “educating” someone and that they should be grateful for it.  That caring about something gives you permission to display your bad temper for all to see, because you’ll make up for it by doing something really cool.

As far as I’m concerned, nothing could be further from the truth.  There are plenty of egotists in the industry who think they’re entitled to a free pass on manners, and when I’m hiring, I steer clear of them, because there are just as many genius-level hackers who can also manage to behave themselves and work cooperatively with others without starting brawls.  The supply really isn’t that small that we have to take whatever we can get, and we don’t have to beg at someone’s feet for knowledge, because that knowledge is freely shared without a price tag by others in the community.

As examples, I’d like to call out a couple by name:  Jack Daniel, for example, who certainly merits the seniority and knowledge labels, and it’s clear that he cares deeply about security and has one of the most realistic outlooks out there.  He is also one of the nicest guys I know, even under pressure that would turn anyone else into a puddle of rage.  He’s a curmudgeon par excellence who also manages to act like a grown-up.  (Plus, he has the epic beard, so he’s carrying a full set of credentials in the industry.)  Nobody would call Jayson Street a n00b or naïve, and yet he also tries to help wherever he can without being a jerk about it.  There are many more like them; and these are the ones who can point out ugly truths without being ugly about it themselves.  As a result, they garner respect from all areas of the community.

There is absolutely no need to sully enlightenment, integrity, openness and honesty by adding rage (and let’s call it what it really is:  a temper tantrum).  Every honorable goal that security professionals have – be it research, defense, development or education – can be achieved without stomping on fellow humans in the process.  Age does not confer the right to bully others under the guise of “educating” them; nor does any level of experience or knowledge.  No matter how much you’ve contributed to the state of security (or think you’ve contributed – watch that ego again), you still don’t get a pass on any bad behavior, and your lack of social skills is not a badge of honor.  Every industry has its members whose actions make the rest look bad, but at least we shouldn’t be glorifying them.  We have better options right in front of us.

Posted by shrdlu on Friday, May 27, 2011
(1) CommentsPermalink