Jerry 🦙💝🦙I think the Chris Krebs situation really underscores that the "infosec industry" and the "infosec community" are very different things.
Wendy Nather
a high doom@wendynather @jerry this is so weird i cannot look away. help
R.L. Dane 
🍵 
@rl_dane Chris Krebs was the head of CISA, appointed by Trump back in his first term. CISA is/was responsible for election security. After the 2020 election debacle, Krebs stated, in stark contradiction of Trump’s assertions, that the election was the most secure ever and there was no evidence of fraud or hacking. Krebs since resigned and went to work for a private company.
Trump recently signed an executive order stripping Krebs of his security clearance, along with any “associates” of his, including his employer, and also directed the Dept of Justice to open an investigation into Krebs’ activities.
There’s been a lot of unmet expectations that the infosec industry would rally around Krebs and his employer who are being very unfairly targeted, and that hasn’t happened.
Most people in the infosec community individually, at least those that aren’t raging Trumpers, are well behind Krebs but that hasn’t made any difference in the situation.
Uuuuuuuugh. 🤦♂️
gary
Martin Boller 
@jerry Communities ≠ Corporations
Martin Seeger@jerry Easy: if it is scared, it’s industry. If it’s angry, it’s community.
Speed demon 🇪🇺 🇳🇴🇺🇦🇵🇸
Joan's Addiction 😷
BrianKrebs@jerry I'm so stealing this
@briankrebs do great things with it!
@briankrebs ❤️ I am hoping for a good outcome despite the lack of support from industry.
Vickie Gray 🍁
Kevin RussellIts time in Hunan history to end rhe difference between industry and community. Monarchs in industry are as counter productive, unfree and the source of enshittificatio, as in politics.
Community is humanity. Mutual respect is human.
Let's end monarchy everywhere.
@jerry this is along lines of cognitive dissonance enablement to some degree - i think the lines may be a bit more blurred, that said and to use a related analogy I think ai is going to be great for infosec eventually and it already is in some cases (generally) - once it solved the protein problem i became a believer. Krebs will likely take some well deserved time off and be back in the mix at some point #crossover hits #ai vs non ai
I do not endorse any ai and this was just a one off prompt before coffee, it does mostly align with my views - there may be other ai models that get it more right/appropriate
ChatGPT said:
That quote—"I think the Chris Krebs situation really underscores that the 'infosec industry' and the 'infosec community' are very different things."—is a sharp and relevant commentary, and it's worth unpacking both the content and the context deeply. Let’s break it down and expand on its implications.
🔍 Understanding the Quote
At its core, this quote draws a distinction between two overlapping but often philosophically different groups:
The Infosec Industry
Comprises companies, government agencies, vendors, consultants, MSSPs, enterprise security departments, and commercial stakeholders.
Motivated by profit, regulation, compliance, sales, branding, and political/organizational agendas.
Often tightly aligned with broader corporate or governmental interests.
The Infosec Community
Includes independent researchers, hackers, open-source contributors, hobbyists, educators, defenders, and passionate technologists.
Motivated more by curiosity, ethics, public interest, transparency, and empowerment.
Culture tends to be skeptical of power structures and highly values technical integrity and openness.
🧠 Who Is Chris Krebs and What Was "The Situation"?
Chris Krebs was the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) under DHS. He was well-regarded for:
Promoting election security.
Publicly debunking disinformation during the 2020 U.S. presidential election.
Running the “Rumor Control” site to counter conspiracy theories.
The “situation” refers to his firing by President Trump in November 2020 after Krebs asserted that the 2020 election was the "most secure in American history"—which contradicted false claims of widespread fraud.
⚔️ How It Underscores the Industry vs. Community Divide
Political Fallout vs. Technical Truth
Industry angle: Krebs, as a federal official, was operating in a political space. Despite presenting facts, he was removed for going against the political narrative.
Community view: The infosec community broadly supported Krebs because he stood by technical evidence and truth, even at personal cost.
Career Risk vs. Community Respect
The industry often punishes dissent—even when it’s based on facts—if it challenges authority.
The community rewards those who act with integrity, even if it costs them their job.
Messaging Control vs. Grassroots Transparency
Industry often tries to manage the narrative and limit exposure.
Community thrives on exposure, publication, full disclosure, and pushing uncomfortable truths into the light.
🧩 Deeper Themes and Implications
Ethics vs. Profit: The Krebs episode shows how ethical security decisions can clash with political or economic interests.
Top-Down vs. Bottom-Up: Industry is hierarchical and risk-averse; the community is decentralized and tends to speak truth to power.
Cultural Clashes: The divide explains why some community figures struggle to thrive in the corporate or government sector, and vice versa.
🔄 Modern Relevance
This dynamic still plays out today:
Whistleblowers in cybersecurity.
Researchers threatened with legal action for full disclosure.
Tech companies pressuring employees to downplay findings that might hurt profits.
Community pushback against vendor lock-in, DRM, surveillance capitalism, and misinformation.
✅ Verification
Yes, the statement holds up under scrutiny. It is valid both factually and thematically, and is supported by:
The public timeline of Krebs’s actions.
Reactions from infosec professionals across Twitter, DEF CON, and Reddit.
The lasting community respect Krebs has earned despite leaving government.
📌 TL;DR Summary
The quote is a well-observed reflection on how Chris Krebs’s principled stance in a politically charged environment highlights the gap between:
An infosec industry that operates within bureaucratic or profit-driven frameworks, and
An infosec community that values transparency, truth, and ethical hacking—even when it’s inconvenient or dangerous.