Jonas VestbergJan 15, 2023
John Strand

I wanted to take a few moments and apologize to many of my former students.

In the past I said the industry needs people who look at security as a vocation and an avocation.

I was wrong.

Have a life outside of this industry.

Have hobbies that have nothing to do with your computer.

Get outside.

The problems of the industry are not problems of people not working hard enough.

They are not problems of people not being "hard core" enough.

They are problems of education and resource prioritization.

I was wrong.

I am sorry.

Stop breaking yourself on rocks for people who don't really care if you break yourself on rocks.

Jan 14, 2023 at 8:14pmWeb
Show threadburritosec  Jan 14, 2023
@strandjs "Don't light yourself on fire to keep everyone else warm" was the adage relayed to me. Thanks for speaking out about this, John. Moreover, cheers for admitting that your perception was wrong in a public forum. Much respect.
Show threadtr3ndki11Jan 14, 2023
@strandjs I love the sentiment behind this. When my vocation and avocation overlap too much, I end up with tunnel vision and stuck in and endless loop.
Show threadkalmnJan 14, 2023
@strandjs You got it. Looking at seed catalogs now.
Show threadRiceJan 15, 2023

@kalmn @strandjs glad it's not just me that hits the gardening scene when the day to day tips me over the edge!

Hello I am Ry and I am a gardening-oholic.

Show threadJohnny Jan 15, 2023
@ryancee
@kalmn @strandjs
I suck at making time to take care of my garden, but following because of it now XD
Show threadCarpeDiemT3ch Jan 15, 2023

@kalmn @strandjs one of faves is gardening too

I get to spend time outside and see things grow

I’m not always the best at remembering to tend it, but I do really enjoy it

It’s so important to remember to do other things and not just spend time on infosec. When our career is also a passion it’s important to have other things too

Show threadboringsoylatteJan 16, 2023
@kalmn which ones? Baker Creek Whole Seed Catalog? I get lost in that one for hours.
Show threadArdentArchivistJan 14, 2023
@strandjs
Well said.
Show threadSamuelJohnsonJan 15, 2023

@strandjs Your bad planning is not my emergency?

Yes. Have the T-shirt.

Show threadAnant Shrivastava aka anantshriJan 15, 2023

@strandjs Very valid point i raised something simmilar recently https://slides.anantshri.info/9fcZMH/keynote-my-2-paisas-on-infosec-world

My 2paisa's on your thoughts are
1. Its something everyone in the system needs to get. (not just new joiners, recruiting / interviewing person also needs to get this)
2. We all need to change our lenses from what extra you did questions or show us your free work questions.
3. Be realistic about job requirement. you want the team full of best malware reverser to ultimately look at if this bitcoin scam email real or not.
4. all of us need to understand like you are requesting people to have hobbies we now have people with hobbies and they should not be looked down upon.

Keynote: My 2 Paisa’s on Infosec World by Anant Shrivastava

I have delved into my experiance so far and tried to summon my internal thought leader and speak to all sections of infosec industries

Show threadAnant Shrivastava aka anantshriJan 15, 2023

@strandjs Very valid point i raised something simmilar recently https://slides.anantshri.info/9fcZMH/keynote-my-2-paisas-on-infosec-world

My 2paisa's on your thoughts are
1. Its something everyone in the system needs to get. (not just new joiners, recruiting / interviewing person also needs to get this)
2. We all need to change our lenses from what extra you did questions or show us your free work questions.
3. Be realistic about job requirement. you want the team full of best malware reverser to ultimately look at if this bitcoin scam email real or not.
4. all of us need to understand like you are requesting people to have hobbies we now have people with hobbies and they should not be looked down upon.

Keynote: My 2 Paisa’s on Infosec World by Anant Shrivastava

I have delved into my experiance so far and tried to summon my internal thought leader and speak to all sections of infosec industries

Show threadThe DoctorJan 15, 2023
@strandjs Break yourself in rocks for years, get laid off anyway.
Show threadAdrian SanabriaJan 15, 2023

@strandjs warms my heart to see you doing this

I often tell folks, "we still have no idea what we're doing, we're figuring it out as we go and doing our best"

The mistakes are inevitable. The most important bit is to share and learn from those mistakes!

I've also shifted on the advice I give mentees and folks trying to break into this industry. Part of it is just that the industry has been evolving in ways I couldn't have anticipated. The other part is just constantly collecting data: listening to folks and their experiences. Adjusting.

❤️

Show threadRiceJan 15, 2023

@sawaba @strandjs Adrian - another brilliant way of telling people how it is.

That's one of the things that I tell the tech crew I look after when I hear the 'i am not sure if I am right for this job, not sure what I should be doing in this situation'

I just look them in the eye, ask them if after 32 years of doing this do they think I know what I am doing.

If they say yes, I tell them they are wrong. Everyday is a learning experience and no one knows what trainwreck of "fun" is coming in soon.

I just dig up the old but classic line: I may look like I know I have a handle on everything, just like a duck gracefully gliding here and there. Underneath the water line that poor ducks legs are paddling like hell trying to go in the right direction. That's my day 😁

Too much emphasis is put on people, new and old, to do the 'right' thing all the time, everytime and that should be changed to do your best all the time, if it's correct, well done but what did you learn. Nothing.

Do stuff wrong occasionally, see how much more you get out of it.

Like I said, here I am 32 years in.....still cocking things up and learning!

Show threadCurt WilsonJan 15, 2023
@sawaba @strandjs right on, Adrian. I resonate with your perspective and I’ve also modified my position when talking with very young folks who are super enthusiastic and ready to pay dues. I suggest that work life balance is vital and while it may not feel like it now, to consider integrating it from the start. I realize it may be easier said than done, but in todays day and age, many employees are less interested in being crapped on.
Show threadAdrian SanabriaJan 16, 2023

@CurtWilson @strandjs Something important someone told me once (or maybe I read it somewhere) was that you need to be careful of the standard you set when you join a company

It's natural to want to impress everyone and go above and beyond, but that level of productivity probably isn't sustainable. If you don't set boundaries and say no when they're crossed (I'm terrible at this, I want to say yes to everything), you can be setting yourself up for a burnout situation.

Show threadghost_shitJan 15, 2023
@strandjs May I borrow this and apply it to the film industry?
Show threadMichelle (she/her)  🇵🇷Jan 15, 2023
@strandjs
Show threadDeerphneJan 15, 2023
@strandjs @thor This also for the entertainment industry. 🍵🫖💚🌱🌿
Show threadDon MeltonJan 15, 2023
@strandjs This. 💯
Show threadPrinceOfDenmarkJan 15, 2023
@strandjs This is a message to applaud - and you’re not the only one who has changed perspectives over the past few years.
This applies in so many fields, too. (Looking at you, #healthcare.)
Show threadSeva 🇺🇦Jan 15, 2023
Я 10 лет назад: надо вьебывать как в последний раз, каждый должен выдавать максимум и быть крутым! Я сейчас: только отдохнувшие и сбалансированные люди могут быть креативными и продуктивными, а не бегать как дураки по кругу решая корнеркейсы и выдуманные самим себе проблемы
Show threadSeva 🇺🇦Jan 15, 2023
Это не означает что надо расслабляться и позволять себе быть самоуверенным болваном. Это значит что поиск и удержание баланса — супер важная часть жизни, которую не стоит недооценивать.
Show threadEdbroJan 15, 2023
@strandjs @hacks4pancakes well said, work life is a marathon, not a sprint.
Show threadJeremy is a Confused DevOpsJan 15, 2023
@strandjs It took me years to learn this lesson. It turns out that when I lifted my shoulder from the grindstone I became both better at my job and better at prioritising my effort.
Show threadDominicJan 15, 2023
@strandjs what changed your mind about this?
Show threadJohn StrandJan 15, 2023

@barometz

Tech debt.

FAA, Southwest, <Insert breach of the day here>, lots of pen tests...

So many of the issues we face today are because the people in charge look at IT, security (and many other things) as cost centers that need to be minimized.

And to be honest, that is their job.

But, I get tired seeing and hearing about IT systems from the 2000's and even the late 90's running critical infrastructure. This also is represented in less severe ways in security. No budget for proper testing. Getting the product out the door is all that matters. Not investing in the education of their people. The list goes on.....

The point is this. The industry is spreading. We are not all progressing at the same rate. There will be first world IT, third world IT and developing IT infrastructures.

Your goal as an IT pro, a human and infosec pro should be two fold. First, be the best you can be at your job within the 8ish hours that your employer buys your time. Second, find a good company that believes in the importance of their IT infrastructure and security teams and invests accordingly.

Find a good home.

Stay there.

Show threadmsgbiJan 15, 2023
@strandjs @charles_ex
Show threadBinary Large OctopusJan 15, 2023
@strandjs As someone working in this industry I can so much relate to this and just like to strongly back up the call for a life outside of work.
Show threadHollieKJan 15, 2023
@strandjs I think that may be true for a lot of industries: the problems are not that people aren't working hard enough, and you're encouraged to break yourself on rocks for people who really don't care if you break yourself on rocks.
Show threadWilla  Jan 15, 2023
@strandjs @agent0x0 💯 I learned this way too late. Finally embracing life away from keyboard but the damage has already been done.
Show threadFRWessling ✅🌴🍍Jan 15, 2023

@strandjs true it is easier said than done. For me, I found my path for something that I hold to be far more critical and in many ways sacred then helping organizations who don't care to try to care.
Do I still care about that, absolutely and I still give it my best because that's just who I am and I would not be being me if I didn't at least do what I believe to be the right thing.

I have found a thing that truly cares that you care for it, and it is slightly important continued life on this planet; if we maintain the soil it will maintain us and all other life that help to maintain us if we continue to abuse and extract from it it will leave us as it has been doing. So, I have found my personal technology reprieve in helping to understand refilled and restore soil and the microbiology within it that allows dirt to become soil which supports all life on this planet.

Show threadQueen of AnxietyJan 15, 2023
@strandjs I wish I could convince one of my fellow managers of this on the coding side of things. Coding in your free time is fine if you like it, but it’s not proof of ability. I certainly cannot do it, because I use that part of my brain during my 8 hours and have to let it recharge by doing other things. (Of course this assumes I have the ability to begin with…) :)
Show threadራስ ባሪያው Rass BariawJan 15, 2023
@strandjs 🏆💐🚀💥
Show threaddarthfrostyJan 15, 2023
@strandjs Your advice isn’t necessarily bad for those who have found cybersecurity to be their favorite thing. I advise all of my early tenure folks to strive in their early career to find their passion, and to not be afraid if that turns out not to be in alignment with what I need as their manager. As the saying goes, “build your career around what you love, and then you’ll never ‘work’ another day in your life.” But that’s synergistic for me as a leader too. If I find people who see InfoSec as an avocation, they can’t help but be great at it, and with less mental stress even if the effort they put in is actually greater. That said, I also see it as part of my job to find different opportunities (outside of InfoSec if necessary) for those of my people who realize InfoSec isn’t their passion. Not all enterprises support that.
Show threadlj·rkJan 15, 2023
@strandjs Well, you were not wrong... the industry needs those people direly. Doesn't mean we should give them that 0:-)
Show threadQueJan 15, 2023
@strandjs #hugops we make this better.
Show threadMartin Boller     Jan 15, 2023
@strandjs https://youtu.be/6FOUqQt3Kg0
Aretha Franklin - Respect [1967] (Aretha's Original Version)

YouTube
Show threadPrincess UnikittyJan 15, 2023
@strandjs I'm in tech (not sec) but I feel this sentiment right now.
Show threadFrank VehafricJan 15, 2023
@strandjs True for every industry, every job, every country, at all times. The world is being killed by people who are going over and above, people who are trying to be great, people who believe that success is what you get from hard work.
Show threadxendistarJan 15, 2023
@strandjs I saw this and went to reply only to see that many like see this as a mantra for all areas of working. Being made redundant 4 years ago after being on call 24\7 I decided that I would stay in IT but only work 9 to 5 and not let work encroach on my non worktime. I have really enjoyed the last 4 years, life has been great, work has been great....that was until last Thursday, I am to be redundant once again because the Indian is cheaper to employee than the brit, yep it sucks.
Show threadjustin fergusonJan 15, 2023
@strandjs There's a reason I don't identify as an infosec person anymore, despite 20 years of AppSec work. Burnout in infosec is real, and it'll kill you if you don't protect yourself from it. (I didn't.)
Show threadDeastromJan 15, 2023
@strandjs
This is why I have BJJ in my life. 100% recommend
Show threadJulian JungJan 15, 2023
@strandjs This is wonderfully said and also shows great humility. The essence of a wise teacher.
Show threadInfoSecUSAJan 15, 2023
@strandjs agreed!
Show threadLesley Carhart Jan 15, 2023
@strandjs I have learned as a mentor and manager to be extremely wary of people who don’t have genuine cares or hobbies outside Computer, especially younger students, because they are the ones most likely to rapidly burn out, get sick, and lose interest. It’s good to care about maintaining your knowledge of cybersecurity because that takes a lot of work, but that has to be balanced out.
Show threadJim MahonyJan 15, 2023
@hacks4pancakes @strandjs
Yes to what you both said. Seeing you both on calls these past couple years we can actually see your interests. You do stuff outside the industry. Whether it be in barns with cows or sword fighting!
Me, I have kids to keep my mind occupied when not at work, and I fly fish and play guitar
Show threadJohnny Jan 15, 2023
@strandjs
Annoying that you've been wrong on something is the most humane thing someone can do, on my book. I already looked up to you, for "sucking at capitalism" and other stuff like that.
I'm really happy to read something like this. Keep being awesome, mate!
Show threadRmogullJan 15, 2023
@strandjs @jerry Its okay to be passionate. It’s also okay to leave at 5 and take your vacations. The choice is yours but whatever you choose, don’t neglect your mental health and don’t expect the machine to not be a machine. The wheel turns forever.
Show threadhapbtJan 15, 2023
@Rmogull @strandjs @jerry I’m leaving at 4:55 fuck the system
Show threadricky 💜🍄🎶Jan 15, 2023

@strandjs appreciate you boss, you're one of the few I really look up to in this industry.

I do my best to keep work at work, especially dfir related work. it's too much to overtake my life, and I'd rather talk about things I enjoy with industry colleagues than work most times.

it's just a balance imo.

Show threadFabianJan 15, 2023
@strandjs yes, the markets value time-to-market and more features. Security is desired but not the sole factor to choose a product over another. InfoSec will always be busy due to this market reality.
Show threadDROP\ TABLE Hacker of EarthseaJan 15, 2023
@strandjs this is why the good guys loose, for the no life's are the attackers
Show threadOrigin WildcloakJan 15, 2023

@strandjs a recent mantra i’ve been repeating is “all technical problems are social problems” and this fits as an example.

thanks for sharing

Show threadCurt WilsonJan 15, 2023
@strandjs being eaten alive isn’t wise. Finding a healthy balance and employment that is sustainable and humane is vitally important. Thank you for sharing your reflection and updating your point of view on this crucial matter. Let’s not strive to live to work - work should enhance our lives and others lives while sustaining us and ideally our communities.
Show threadIamWahlJan 15, 2023

@strandjs

“Stop breaking yourself on rocks for people who don't really care if you break yourself on rocks.”

☝️☝️☝️☝️☝️ #TrueThis 👆👆👆👆👆

Show threadBadass Britt Jan 15, 2023
@strandjs that last sentence is it. Hit the nail on the head. So much truth.
Show threadJohn ChidgeyJan 15, 2023
@strandjs Don’t be too hard on yourself John. We were all young once and I get it. #NotAFormerStudentButIGetIt
Show thread0ne.ca11ed.patJan 15, 2023
@strandjs Thanks for this. Don’t get too hard on yourself. Everyone moves at different paces and motivation. Some move the same in months that take others years. We are all built differently. Realizing tomorrow will be there is key. There is always another day to pickup the load and take it a little bit further. One step at a time is ok!