In almost any endeavor, success usually comes with additional responsibility. For example, a promotion into a management or executive position comes with the additional responsibilities associated with that position. It should be analogous in the security profession. I’m not sure why, but we tend to make for ourselves “rock stars” or “celebrities” within our profession. Sometimes these individuals push us and challenge us to think differently about solving problems, provide us with guidance and wisdom based on their knowledge and experiences, and/or use their influence for the greater good. We usually examine their words closely and pay intimate attention to those words, as we should.
Unfortunately, sometimes that is not the case. There are some “famous” people within the security community who seem to care more about self-promotion and elite status than they do about advancing the state of the art, educating people, or influencing others in the security profession. It might be helpful for the overall security community if we sent a message that sounded something like: “It’s not all about you”.
I myself have a modest following. Nonetheless, I believe that even one reader of my materials puts upon me tremendous responsibility. I have always tried to educate, provide insight, and offer practical suggestions that can be implemented operationally. I can only hope that I am living up to expectations. The feedback I have received from some members of the security community regarding blog postings, articles in various publications, SecurityWeek pieces, and the pieces in Wired Information Insights indicates that there are many in the community who would agree with my perspective and appreciate what I am trying to do. It is certainly not an easy task, and I am well aware of that.
If someone finds that he or she has attained “rock star” status, it should bring with it a tremendous amount of responsibility. That responsibility is to the very security community that made someone a “rock star”. With celebrity status comes tremendous potential to influence and advance the state of security. To me, not taking advantage of that potential is a missed opportunity that hurts the community as a whole. Really, it’s not about any of us – it’s about advancing the state of the security profession one day at a time.