@jerry there are 5 communities:
1. NatSec - okay with hacking citizens
2. CorpSec - Cisco threatening security researchers
3. JournoSec - protecting journalists and sources (from NatSec, usually)
4. NonprofitSec - protecting non-profits
5. no budget sec - protecting grandma
an elusive 6th community is the Defensive Security gold supporters Discord server
@rl_dane Chris Krebs was the head of CISA, appointed by Trump back in his first term. CISA is/was responsible for election security. After the 2020 election debacle, Krebs stated, in stark contradiction of Trumpās assertions, that the election was the most secure ever and there was no evidence of fraud or hacking. Krebs since resigned and went to work for a private company.
Trump recently signed an executive order stripping Krebs of his security clearance, along with any āassociatesā of his, including his employer, and also directed the Dept of Justice to open an investigation into Krebsā activities.
Thereās been a lot of unmet expectations that the infosec industry would rally around Krebs and his employer who are being very unfairly targeted, and that hasnāt happened.
Most people in the infosec community individually, at least those that arenāt raging Trumpers, are well behind Krebs but that hasnāt made any difference in the situation.
Uuuuuuuugh. š¤¦āāļø
Its time in Hunan history to end rhe difference between industry and community. Monarchs in industry are as counter productive, unfree and the source of enshittificatio, as in politics.
Community is humanity. Mutual respect is human.
Let's end monarchy everywhere.
I do not endorse any ai and this was just a one off prompt before coffee, it does mostly align with my views - there may be other ai models that get it more right/appropriate
ChatGPT said:
That quoteā"I think the Chris Krebs situation really underscores that the 'infosec industry' and the 'infosec community' are very different things."āis a sharp and relevant commentary, and it's worth unpacking both the content and the context deeply. Letās break it down and expand on its implications.
š Understanding the Quote
At its core, this quote draws a distinction between two overlapping but often philosophically different groups:
The Infosec Industry
Comprises companies, government agencies, vendors, consultants, MSSPs, enterprise security departments, and commercial stakeholders.
Motivated by profit, regulation, compliance, sales, branding, and political/organizational agendas.
Often tightly aligned with broader corporate or governmental interests.
The Infosec Community
Includes independent researchers, hackers, open-source contributors, hobbyists, educators, defenders, and passionate technologists.
Motivated more by curiosity, ethics, public interest, transparency, and empowerment.
Culture tends to be skeptical of power structures and highly values technical integrity and openness.
š§ Who Is Chris Krebs and What Was "The Situation"?
Chris Krebs was the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) under DHS. He was well-regarded for:
Promoting election security.
Publicly debunking disinformation during the 2020 U.S. presidential election.
Running the āRumor Controlā site to counter conspiracy theories.
The āsituationā refers to his firing by President Trump in November 2020 after Krebs asserted that the 2020 election was the "most secure in American history"āwhich contradicted false claims of widespread fraud.
āļø How It Underscores the Industry vs. Community Divide
Political Fallout vs. Technical Truth
Industry angle: Krebs, as a federal official, was operating in a political space. Despite presenting facts, he was removed for going against the political narrative.
Community view: The infosec community broadly supported Krebs because he stood by technical evidence and truth, even at personal cost.
Career Risk vs. Community Respect
The industry often punishes dissentāeven when itās based on factsāif it challenges authority.
The community rewards those who act with integrity, even if it costs them their job.
Messaging Control vs. Grassroots Transparency
Industry often tries to manage the narrative and limit exposure.
Community thrives on exposure, publication, full disclosure, and pushing uncomfortable truths into the light.
š§© Deeper Themes and Implications
Ethics vs. Profit: The Krebs episode shows how ethical security decisions can clash with political or economic interests.
Top-Down vs. Bottom-Up: Industry is hierarchical and risk-averse; the community is decentralized and tends to speak truth to power.
Cultural Clashes: The divide explains why some community figures struggle to thrive in the corporate or government sector, and vice versa.
š Modern Relevance
This dynamic still plays out today:
Whistleblowers in cybersecurity.
Researchers threatened with legal action for full disclosure.
Tech companies pressuring employees to downplay findings that might hurt profits.
Community pushback against vendor lock-in, DRM, surveillance capitalism, and misinformation.
ā Verification
Yes, the statement holds up under scrutiny. It is valid both factually and thematically, and is supported by:
The public timeline of Krebsās actions.
Reactions from infosec professionals across Twitter, DEF CON, and Reddit.
The lasting community respect Krebs has earned despite leaving government.
š TL;DR Summary
The quote is a well-observed reflection on how Chris Krebsās principled stance in a politically charged environment highlights the gap between:
An infosec industry that operates within bureaucratic or profit-driven frameworks, and
An infosec community that values transparency, truth, and ethical hackingāeven when itās inconvenient or dangerous.
Very Hairy Jerry
Risotto Bias
Wendy Nather
Homewreckin Carnival Girl
R.L. Dane 
šµ 
gary
Martin Boller 
Martin Seeger
Speed demon šŖšŗ š³š“šŗš¦
PĆ³g mo Joan š³ļøāšš³ļøāā§ļøš·
BrianKrebs
Vickie Gray š
Kevin Russell