I recently attended BSides Austin 2017, an information security conference. It is a wonderful conference! I greeted friends and met some great people. It was difficult to choose which presentations to attend there were so many interesting ones. I wanted to go to all of them! I also went to the Fire Marshall Talks, named for a memorable talk one year where the number of occupants were more than the fire marshall thought safe for the room size. Anyone who wants to speak can talk for ten minutes on any information security topic.
One of the talks this year dismayed me; the speaker spent his 10 minutes talking about all the “Security Rockstars” in the audience and how they refused to help him.
Since he did not give specific instances, I am not really sure what that meant to him. I looked around the room and saw many people I knew, security people who were passionate about sharing with the security community through presentations or classes, online blogs and videos, and even mentoring. While I saw people who were notable contributors to InfoSec, I did not identify a single person I would call a “Security Rockstar.”
In spite of being a woman in security and information technology (over 20 years), I have rarely experienced a situation where someone would not help me. In fact, people have gone out of their way to give me assistance when I asked for it. Austin is that kind of place! Before I ask, I try everything I can think of and I have a focused question so I do not waste the person’s time. I attend conferences, such as BSides and LASCON, and meetings put on by OWASP, ISSA, and InfraGard to keep my skills current, learn about things I do not know, and to network. I often go to the weekly OWASP study sessions, which has given me some excellent ways to hone my skills. There are many opportunities for assistance if someone looks for them and is willing to put in some work.
I also contribute as much as I can. If I cannot help you, I will tell you that. If I know someone who knows more about your question, I will point you in their direction. I write this blog. I provide mentoring to anyone who wants to become a security professional. I think it is important because I believe that helping people work towards their goals helps the entire security community. But I cannot do the work for you. I will answer your question or point you toward resources I know about. What you do with them is up to you.
For instance, I met the speaker—a student on the brink of starting on his career—the evening before. I gave him my card, asked if he was looking for mentoring, told him about my blog, and said I would value his opinion about it. I have yet to hear from him.
To anyone who has run into an unhelpful person, I suggest you consider why the person asked may not be able to help:
- It might be a temporary problem—they might be available at another time. For instance, if they have just given a presentation, they might need decompression time.
- They might be worried about a personal problem: a lost client or position, money troubles, a work situation, or a family or pet illness or death.
- They meant to help at a later time, but could not because they had no method of contact. Carry business cards or exchange email addresses.
- Information security encompasses a wide range of skills and knowledge bases. The question asked could be outside their expertise, and they are too embarrassed to say so.
- The question might be too general. If they tell you LMGTFY (“Let me Google that for you”), it means they believe you can figure it out yourself. Maybe you can clarify the question to better explain where you are stumped.
Of course, they really could be a Rockstar.
Also consider what you have to offer in exchange. One of the few times I have experienced a situation where someone would not help me was at a position where I was doing security assessments. One of my coworkers had a difficult time with reports. He copied and pasted sections from other reports to speed up the reporting process. I often read his reports to fix discrepancies, incomplete sentences and missing words, as well as spelling and grammar issues. One time he forgot to change the IP addresses to match the client’s. When I had a problem with the scanning software, I expected his help. But since he did not value my help with his reports; he said that I should figure it out myself. I was not asking for him to fix it (I was at a client site in another state) although I would have appreciated any suggestions he could give me. I thought I should at least have a contact with the software company so that I could put in a trouble ticket, but he—the administrator of the software—would not even give me that. Our boss finally made him give me the ability to turn in a trouble ticket.
While I did figure out a temporary solution (it was a software issue), it made for a very tense evening. I eventually left the company with great relief. I loved the work, but the company culture did not suit me.
I once read an article about how a bad situation can be a gift, because it can make you see that you need to change something—attitude, positions, relationships. Furthermore, Rockstars who will not help someone are their own worst enemies because everyone needs help sometimes. Their karma will catch up to them! Shake your head, send them a blessing, and find someone who will help you.
Remember to be grateful when someone does help you. They do not owe it to you.
But I am not a rock star! I do not want to be a rock star. I am merely someone doing a job to the best of my ability to help make the world a safer, more secure place.
Like this:
Like Loading...
Intentional Privacy 