Security Professionals Must Communicate with their Peers!
Cyber security is hard, pure and simple. Security practitioners must be technical geniuses, brilliant social influencers, crisis response experts, and futuristic seers on order to gain discernible traction. In most cases, the cyber security profession is a difficult path to follow with very little in the way of established direction and fraught with pitfalls and dead-ends. Although peers and those who have come before us possess a wealth of knowledge, it is difficult to extract and synthesize into something meaningful to individual and immediate contexts.
This does not need to be the case. Every security professional should contribute to the common-good through meaningful communication with peers. Sensitive or embarrassing information need not be exposed, as simple conversations provide not only important knowledge, but can establish a lifeline for future questions and challenges. To elevate the collective effectiveness, we must share our experiences and openly collaborate in order to maximize our knowledge and direct our proficiencies across all our peers. We do not compete with each other, rather we fight against a common set of enemies.
Unfortunately, in the past we instinctively shied away from talking about security incidents, failures, and for some odd reason, even our successes. Probably from the fear it may be short lived. Nobody likes talking about missteps, but those are the origins of tremendous learning opportunities. We all can share properly sanitized experiences, methods, and tribal knowledge.
Even worse, the bad guys are talking to each other. They have been for years. They share what works against our defenses and even actively help one another. It is time for security professionals to do the same.
Below is a video of my opening presentation at the Intel IT Experts Tour, where I briefly discuss why we must all work together.