This weekend I had an interesting conversation with my friend Suzanne Kryder. She’s a mindfulness expert and co-founder of a radio show called “Peace Talks.” She was giving me some feedback on my Shmoocon presentation and she said, “I’m really noticing the violence inherent in computer malware.” Her comment stopped me cold, because as a proponent of non-violence, I never actually made such a direct, clear connection in my mind. As we continued the discussion, I realized how strongly the subject was resonating with me. As someone with a past history of being emotionally tone deaf, I now expend great effort in cultivating respect and compassion when interacting with the user community and my fellow IT professionals. It isn’t always easy for me and I fail about 50% of the time, but the short interaction I had with Suzanne gave me a fresh outlook on my profession.
I started to consider how the security industry might be reshaped if we approached it as peace advocates instead of cops. If in defending our enterprises and governments, we didn’t also seek to disempower others. I realized that the current trend is very similar to a Cyber Cold War with malware and DoS attacks being used instead of bombs, with governments installing virtual walls as opposed to brick ones around their citizenry. Last year, when I was offered a position with a company that did work for the DoD, I sought the advice of a friend, a former member of the military who had become a counselor and supporter of non-violent communication methods. He was a West Point graduate and had been in the Pentagon when it was hit on 9/11. I was concerned that by taking the job, I might inadvertently be contributing to the escalation of violence. I’ll never forget what he told me, that the mindset in that realm is to cause harm to an enemy. He asked me if I could live with that. Ultimately, I turned down the job, because I thought the line would become too fuzzy for me. Now, after a weekend of watching security conference presentations about breaking and defending systems, I’m considering how much of what I do in my professional life is still inadvertently aggressive.
In closing, I’d like to emphasize that this isn’t a criticism of those who have selflessly dedicated themselves to serving in the armed forces or law enforcement. In fact, I have both in my family and I have nothing but respect for those who have chosen that difficult path. It’s more of a contemplation on how I can personally make my professional words and actions consistent with the moral fabric of my life. I believe this is the only way I can avoid the despair and discouragement, aka burnout, I perceive in many of my colleagues in the security field.