Recently, when I’ve written features for Infosecurity, I’ve found myself desperate to digress from the third-person tense and indulge in sharing my thoughts on the subject at hand. Of course, one of the benefits of being the editor is getting to handpick my own articles, so it is no wonder I find myself utterly immersed in each feature I write. I pick issues that I believe really matter and topics that I’m curious and passionate about. Another perk is having page seven to indulge my personal musings on said topics.
This Q4 issue’s cover story is no exception. When I chose to write about the rise of the ‘infosec celeb,’ I had no idea it would inspire such an outpouring from industry. Dozens rushed to share their thoughts, often expressing condemnation of the term, while others were keen to name drop those they consider infosec ‘rock stars.’ Notably, almost everyone had an (overwhelmingly negative) opinion on the role of social media and the explosion of infosec notoriety.
When I posted on Twitter about this upcoming feature, I had a flood of messages on the topic; interestingly, many were from people who, if I did believe in the phenomenon of ‘infosec celebrity’ myself, I would classify as such. Even more remarkably, many of these ‘infosec celebs’ were getting in touch to denounce the concept entirely.
My personal take on the topic is definitely a shade of gray. I believe that role models are exceptionally important in all walks of life, and that’s undoubtedly true of industries plagued by a severe skills gap. It’s vital that those looking to enter the sector, those on the first rung of their career ladder and even those seasoned professionals looking to evolve into a new role or discipline have people to look up to.
There’s a difference between role model and celebrity, though, and perhaps this is where our beloved industry is going wrong. The Oxford Dictionary defines a role model as “a person that people admire and try to copy.” Admittedly, this could quite easily also be the definition of celebrity in 2021. However, according to The Oxford Dictionary, the official definition of celebrity is “a famous person.”
Based on these literal definitions, it is doubtful that even the most well-known personalities in our industry would qualify as a celebrity outside of our sector bubble. I tested this on a few of my close friends, all of whom I consider to be both worldly and intelligent. I presented a few names I consider the most recognizable in the industry, and unsurprisingly, blank stares were the result. In fact, the only two names that garnered any recognition were John McAfee (more a result of familiarity with the consumer anti-virus product, as opposed to the man himself, although tabloid headlines have made this murky) and Dr Sue Black (thanks to her Desert Island Discs episode).
Alyssa Miller encapsulated this perfectly when she told me, “Even the most notable among us are largely unknown in mainstream society. It’s a unique perspective that I think social media allows us to forget.”
Social media gives everyone a voice, and tragically, those who shout loudest often come out on top. Controversy can equate to a larger audience, which in turn can lead to an illusion of infosec ‘fame.’ This is a hollow and flawed barometer of substance, skill or qualification, though, and one that will inevitably come unstuck.
Sadly, it is true of many millennials that celebrity or notoriety are notions put on a pedestal. Playing devil’s advocate then, if the information security industry advertises some of its better-known professionals as ‘infosec rock stars,’ will that serve to encourage new talent into the industry? Perhaps it will, but will it be the right talent? The industry needs – and deserves – people who strive to deliver excellence with a passion for making a difference. It does not need those who seek a high follower count in pursuit of perhaps unobtainable fame.
Jack Daniel said it beautifully when he told me, “thinking a mouse click means anything more than a mouse click isn’t really healthy.” No truer words have been spoken.
I previously wrote that my take on this topic is a shade of gray, but perhaps it’s a little less ambiguous than that. I’m all for role models in the industry; in fact, I think they are an absolute necessity. If that sometimes teeters into the dizzy heights of ‘infosec celebrity,’ then so be it, as long as that status has been earned through substance, skill, excellence and meaningful contribution.
To me, the ‘rock stars’ in this industry are those who have advanced our industry into a stronger, better position, those who have contributed to the meaningful impact that this incredible sector has had and those who are kind. Supporting each other, rather than this distasteful obsession with self-promotion and self-advancement, is vital in setting apart the true rock stars in my eyes. I’ve taken this opportunity to share some pictures of myself with some of the people who meet this criteria.
So here’s my plea: share the spotlight and encourage your peers to stand on the shoulders of giants…