In almost any endeavor, success usually comes with
additional responsibility. For example,
a promotion into a management or executive position comes with the additional
responsibilities associated with that position.
It should be analogous in the security profession. I’m not sure why, but we tend to make for
ourselves “rock stars” or “celebrities” within our profession. Sometimes these individuals push us and challenge
us to think differently about solving problems, provide us with guidance and
wisdom based on their knowledge and experiences, and/or use their influence for the
greater good. We usually examine their
words closely and pay intimate attention to those words, as we should.
Unfortunately, sometimes that is not the case. There are some “famous” people within the security
community who seem to care more about self-promotion and elite status than they
do about advancing the state of the art, educating people, or influencing
others in the security profession. It
might be helpful for the overall security community if we sent a message that
sounded something like: “It’s not all about you”.
I myself have a modest following. Nonetheless, I believe that even one reader
of my materials puts upon me tremendous responsibility. I have always tried to educate, provide
insight, and offer practical suggestions that can be implemented operationally. I can only hope that I am living up to
expectations. The feedback I have
received from some members of the security community regarding blog postings,
articles in various publications, SecurityWeek pieces, and the pieces in Wired
Information Insights indicates that there are many in the community who would
agree with my perspective and appreciate what I am trying to do. It is certainly not an easy task, and I am
well aware of that.
If someone finds that he or she has attained “rock star”
status, it should bring with it a tremendous amount of responsibility. That responsibility is to the very security
community that made someone a “rock star”.
With celebrity status comes tremendous potential to influence and advance
the state of security. To me, not taking
advantage of that potential is a missed opportunity that hurts the community as
a whole. Really, it’s not about any of
us – it’s about advancing the state of the security profession one day at a
time.
No comments:
Post a Comment