Tonight on InfoSec Twitter, this gem was making the rounds:
Hello cybersecurity and election security people,
I sometimes embed your tweets in the Cybersecurity 202 newsletter. Some of you have a habit of swearing right in the middle of an otherwise deeply insightful tweet that I’d like to use. Please consider not doing this.
Best,
JoeIdentity redacted.
As tempting as it is to just senselessly dunk on the guy, in the spirit of fairness, let’s list the things he did right:
- His tweet was politely worded.
It’s something? He could’ve been another Karen, after all!
What Joe got wrong with this tweet is just the latest example of a widespread issue in and around the security community–especially on social media and content aggregator websites.
The structure of the problem goes like this:
- Someone: “Here’s some content I made and decided to share for free.”
- Person: “Your use of {profanity, cringe-inducing puns, work-safe furry art} (select one) prohibits me from using your content to further my own career goals. You should change what you’re doing.”
It’s a problem I’ve personally been on the receiving end of. A lot. I even wrote a post about this before, although that focused specifically on the anti-furry sentiment. Unfortunately, this problem is bigger than being repulsed by cute depictions of anthropomorphic animals (which, when sincerely held, are often thinly-veiled dog-whistles for homophobia).
Superficial Professionalism Can Fuck Right Off!
(Art by Khia.)
I totally sympathize with information security professionals who desire to be taken seriously by their business colleagues. That’s why sometimes you’ll see them don a three-piece suit, style their hair like every other corporate drone, and adopt meaningless corporate jargon as if any of it makes sense. You’re doing what you have to do to put food on your table and pay your bills. You’re not a problem.
The problem happens when this desire to appear professional leaks outside of the self and gets projected onto one’s peers.
“Knock it off, guys! You’re making it harder for me to blend in with these soulless wretches–I mean, the finance department!”
How about “No”?
Information Security Is More Than Just a Vocation
I’ve lost count of the hackers I’ve met over the years–white hat hackers, to be clear–who hack for the sheer fun and joy of it, rather than out of obligation to their corporate masters.
Information security–and all of its sub-disciplines, including cryptography–can simultaneously be a very serious and respectable professional discipline, and a hobby for nerds to enjoy.
The sheer entitlement of expecting people who are just having fun with their own skills and experience to change what they’re doing because you stand to benefit from them changing their behavior is similar to another egocentric demand we hear a lot: The cry for “responsible” disclosure.
Weirdness Yields Greatness
The strength of the information security community (read: not the industry, the community) is our diversity.
Pop quiz! What do a gothic enby (and the Bay Area’s only hacker), the woman who leads cryptography at a FAANG company, the man who discovered the BEAST and CRIME attacks against TLS, several of the most brilliant trans folks you’ll ever meet, an Italian immigrant, the co-inventor of the Whirlpool hash function, the Egyptian “father of SSL” mathematician, and some gay dude with a fursona who writes blog posts about software security for fun all have in common?
Sure, we all work in cryptography, but our demographics are all over the place.
This is a feature, not a bug.
https://twitter.com/BoozyBadger/status/1314383740999737344
If people who are sharing great content–be it on Twitter or on their personal blog–do something that prevents you from sharing their content with your coworkers, the problem isn’t us.
No, the real problem is your coworkers and bosses, and the unquestioned culture of anal-retentive diversity-choking bullshit that pervades business everywhere.
https://twitter.com/DrDeeGlaze/status/1308149586100322304
Remember, security industry:
Homogeneity leads to blind spots
If I find a zero-day in your product and want to share it alongside a dancing GIF of my fursona, that’s my prerogative. If you choose to ignore it because of the artistic expression, that’s entirely your choice to make, and your problem to deal with.
In closing, I’d like to offer a simple solution to the mess many technologists, managers, journalists, and even senior vice presidents find themselves in; wherein they can’t readily be more accepting of profanity or quirky interests that are prone to superficial, knee-jerk judgments:
Question it.
Ask yourself “Why?” Ask your team “Why?” Ask your boss “Why?” and keep asking until everyone runs out of canned responses to your questions.
Aversion stems from one of two places:
- Fear of negative consequences
- Severe reverence towards tradition, even at the expense of innovation
But it’s very easy to confuse these two. You might think you’re avoiding a negative consequence when in reality you’re acting in service of the altar of tradition. Knock that shit out!
Tradition is what humans do when they’re out of ideas. “We don’t know how to be better, and we’ve always done it this way, so we’ll just keep doing what works.” Fuck tradition.
Art by @loviesophiee
Honorable Mentions
If you’re worried about looking bad, here are some notable entities that have shared my work since I started this blog in April 2020:
https://twitter.com/EFF/status/1307037184780832769
A Google RFC for AES-GCM in OpenTitan cites one of my blog posts.
There are probably others, but it’s late and I need sleep.
https://soatok.blog/2020/10/08/vanity-vendors-and-vulnerabilities/
#professionalism #Technology #Twitter #vanity
Sometimes my blog posts end up on social link-sharing websites with a technology focus, such as Lobste.rs or Hacker News.On a good day, this presents an opportunity to share one’s writing with a larger audience and, more importantly, solicit a wider variety of feedback from one’s peers.
However, sometimes you end up with feedback like this, or this:
Apparently my fursona is ugly, and therefore I’m supposed to respect some random person’s preferences and suppress my identity online.
I’m no stranger to gatekeeping in online communities, internet trolls, or bullying in general. This isn’t my first rodeo, and it won’t be my last.
These kinds of comments exist to send a message not just to me, but to anyone else who’s furry or overtly LGBTQIA+: You’re weird and therefore not welcome here.
Of course, the moderators rarely share their views.
https://twitter.com/pushcx/status/1281207233020379137
Because of their toxic nature, there is only one appropriate response to these kinds of comments: Loud and persistent spite.
So here’s some more art I’ve commissioned or been gifted of my fursona over the years that I haven’t yet worked into a blog post:
Art by kazetheblaze
Art by leeohfox
Art by Diffuse MooseIf you hate furries so much, you will be appalled to learn that factoids about my fursona species have landed in LibreSSL’s source code (decoded).
Never underestimate furries, because we make the Internets go.
I will never let these kind of comments discourage me from being open about my hobbies, interests, or personality. And neither should anyone else.
If you don’t like my blog posts because I’m a furry but still find the technical content interesting, know now and forever more that, when you try to push me or anyone else out for being different, I will only increase the fucking thing.
Header art created by @loviesophiee and inspired by floccinaucinihilipilification.
https://soatok.blog/2020/07/09/a-word-on-anti-furry-sentiments-in-the-tech-community/
#antiFurryBullying #cyberculture #furry #HackerNews #LobsteRs #Reddit