Sometimes it's really hard to be nice to someone. This is especially true if you think they're not very smart. Respect is a two way street though. If you think someone's an idiot, they probably think you're an idiot. You're both going to end up right once it's all over though.
As an industry we overestimate how much people know about security, which I think is the root of our problem.
I was talking to a peer of mine one day and was complaining about someone not understanding what I thought was an obvious security concept (I don't recall the details anymore, but it's irrelevant). She then said to me words I will never forget "I think you overestimate how much everyone else knows about security".
That statement changed my life. It's why I'm writing this blog now.
I've been paying attention to security for longer than I can remember. It's been at least 20 years, probably more. I was a teenager back when I started this journey. It's easy sometimes to think someone should just know something, it's all so obvious! When they don't, we of course decide they're dumb and we stop respecting them. I remember in my younger days being just brutal to people who didn't know something I did. It was all quite silly really.
The next time there's a clear misunderstanding, here's what you need to do. Stop talking and listen first. See what they're saying. Do they sort of get it? Do they not get it at all? Are they making up nonsense? Listening is easy and you can always start to think about donuts if you get bored. I won't lie, some people are just giant bags of gas, most aren't though.
Now, once you start to understand the other person, try to speak their language. Use words they understand. Terms like buffer overflow, XSS, remote code execution, DoS, APT, these don't matter to most people. They're all "security bugs". We'll talk about language in the future, but for now, just be patient. Your patience will be worth more than anything else you do. Remember that everyone knows something you don't, so while they need your help for security, you need their help for something else, even if you don't know what that is yet.
Some people won't deserve your respect, I'm not suggesting we become whipping posts, but the majority of people you should probably pay attention to. Just slow down long enough to talk to them properly. You'll be amazed what you'll learn.
Join the conversation, hit me up on twitter, I'm @joshbressers
No comments:
Post a Comment
All comments welcome!