[Infowarrior] - rant: 7 Ways That I Can Tell That the Security Industry Bores Me

Richard Forno rforno at infowarrior.org
Mon Sep 20 06:47:36 CDT 2010 

Amen, brother!!  -rick


Mon Sep 20 06:13:29 CDT 2010
Lyger

One of the questions I'm occasionally asked is how long I've been "in security". I guess the answer really depends on your definition of "in security"; I've had a job title of "Security X" or have been employed by a "security vendor" since early 2004, but much like the way other people get involved in security, there were security-related duties in previous positions as early as 2000 and a general interest in the field since about 1998. Those duties and the general interest doesn't necessarily qualify as "in security" time, but I like to think it was a good start. It never hurts to get your feet wet and get some basic experience when choosing a career path, especially one that is considered to be somewhat specialized.

Well, over ten years have gone by and the landscape has changed somewhat. Security is a hot topic, much more mainstream than it was several years ago, and has never been a more interesting and exciting field, right? Just like your definition of "in security", that probably depends on your definition of "interesting and exciting" too. Sure, there's "cyber-whatever" now, flavor-of-the-week exploits, the marriage of compliance and security, and dozens of other topics that keep Twitter and RSS feeds humming at all hours of the day and night, but for all of that there's still the debate over vulnerability disclosure, whining about how "Vendor X is still [insert whatever they're still doing here]" and overall whining about the general suckiness of the industry as a whole. To be honest about it, I've come to realize over the last couple of years that *all* of the topics listed above are, well, boring to me. This isn't to say that those topics in and of themselves are inherently boring, or even that the security industry as a whole has nothing of interest to anyone, but to *me* the industry has become the equivalent of a company party that goes... on... forever. You're there and it's supposed to be fun at first, but then you end up hearing the same old rehashed stories from the same people you would rather avoid in the hallways, and just about the time you find the exit and start heading for it, someone stops you to ask if you heard the latest about [insert "hot topic" here] and what you think about it. Again, that's just my take. Other metaphors may work better for you (or not at all), so like the old saying goes, YMMV.

Before I go on with how I finally realized that the security industry bores me, I'll address what will possibly be some reader feedback saying "if it bores you or if you don't like it, why don't you just quit?". There's actually a good reason why (besides the obvious need to eat and have shelter): I don't *want* it to be boring. I'd like to be around when something that is interesting *to me* happens, but nothing has in quite a while. Keep in mind that I'd rather not see some sort of cyber-armeggedon happen in my quest for something unique and fun, but anything has to be better than a rehash of any topic that has been popular over the last ten years. Anything. Being bored is, well, boring. There were some warning signs; if you recognize any of these, maybe we're in the same boat.

[...]

http://attrition.org/security/rants/bored/

More information about the Infowarrior mailing list