[attrition] article: Information Security and Professional Wrestling: "Working" In An Industry

[lyger]

May 21, 2011 19:13:43 CDT
Lyger

Introduction

The worlds of information security and professional wrestling really 
aren't all that different.

<pause>

On the surface, the preceding statement may seems absurd to some, but 
looking at each realm from the perspective of an observer with a decent 
working knowledge of both "industries" can provide several examples of 
parallelism. In general, both center around conflict resolution as an 
end-game. Aiming toward that end, both also provide various levels of 
vulnerability management and incident response that occur during any 
particular situation (also known as an "angle" or "program" in pro 
wrestling parlance) and often involve different levels of drama, strife, 
and of course, entertainment.

As the Internet became more mainstream in the early to mid-1990's, many 
professional wrestling fans who were privy to behind-the-scene knowledge 
congregated on USENET's rec.sport.pro-wrestling (aka RSPW) to discuss 
current and potential storylines, in-ring action, and the politics 
involved with the business side of the industry. Perhaps ironically, RSPW 
was one of the more popular newsgroups during this time even though the 
"typical" professional wrestling fan had (and still has) been stereotyped 
as being of lower-than-average intelligence with a slim chance of being 
able to communicate effectively, especially over a medium like the 
Internet with providers as complex as AOL and Compuserve (*cough*). Much 
like today's Twitter, where information security professionals and 
enthusiasts share news and short bursts of wisdom (or idiocy) in a public 
forum, RSPW subscribers were highly active on a daily basis, and at times 
the conversations mirrored the tone and attitude of professional wrestling 
itself. Over time, some newsgroup posters evolved into personas, emulating 
the "faces" (good guys) and "heels" (bad guys) similar to the protagonists 
and antagonists in professional wrestling itself.

The information security industry has gone through something similar over 
the past several years. As previously mentioned, Twitter has become one of 
the industry's favorite ways for companies, organizations, researchers, 
and enthusiasts to communicate in near real-time about dozens (hundreds?) 
of subtopics on an hourly (per-minute?) basis. The increase in frequency 
of communication has often times led to an almost free-for-all feel to the 
infosec Twitter community, and it's probably not much of a stretch to 
assume that certain social "roles" or personas have either intentionally 
or unintentionally been assumed by some security professionals, whether as 
an accurate reflection of their true personalities, an extension of their 
personalities into exaggerated personas, or flat-out (again, to use a 
professional wrestling term) "gimmicks" to increase their popularity 
(certainly @attritionorg has been known to intentionally add some flair to 
their tweets).

[...]