We humans just can’t help ourselves sometimes.
Like clockwork — within minutes of an announcement of a security incident, breach, or other bad news the flood of comments and hot takes pours out like an open fire hydrant in July. Now, look here, I can appreciate that some of you are trying to provide analysis but the vast majority of your takes are ill-informed, poorly communicated, and frankly make you look silly. About half the time I find myself asking “Did they even bother looking at the details of the thing, before offering an opinion?”
I don’t think I’m alone in feeling like we could use a little less ill-informed verbal vomit in the trade publications, blogs, and social media. So with that in mind, here are 3 simple rules I suggest we all use before we post, provide a quote, or jump in front of a camera.
- Take a minute to inform yourself first — I can’t believe I’m writing this but for the love of all that is good, please read before you speak. If it’s an article you’re commenting on — read it first. I don’t mean skim it. I also don’t mean read the ‘summary’ that social media platforms give you. I mean, read the ******* article, top to bottom, carefully. Then go read another. And a few more. I say this as someone who was once hot-headed and prone to jumping in with in opinion before being fully informed. Age has taught me that I was being stupid. I have since learned my lesson. Just don’t be “that person”, ok? Incidents are very rarely black and white, and there are often 3 sides to every story. Make sure you read the majority opinon, the dissent, and the fringes. If you’re brave, read the comments section too. Understand that trade publications and “news” outlets write for clicks, so they tend to, how do I put this nicely, “sensationalize” things for dramatic appeal. Think about those people living through the moment, and ask yourself if your take will be informative, or if you’re doing it to join in the feeding frenzy at someone else’s expense. Speaking of which…
- Practice empathy (“don’t be an asshole”)— This is difficult for many of the people in cyber security — maybe because we’re just broken, or not wired for it, but we suck at empathy. Remember kids, the thing you’re dying to get your comments published on may be someone’s very, very bad day. 9 out of 10 times you’re making comments about the victim of an unfortunate situation, or even a crime. I’ve learned that being an asshole may get you some air time, but at the end of the day you’re still an asshole. A great reason to take the time and practice empathy is that you never know when you’ll be the next dumpster fire everyone is talking about. I’ve read comments where someone takes a shot at a breached company for, as an example, not being fully patched only to end up in the news in the same week for the exact same thing. Whoops. Don’t be an asshole, I can’t stress that enough.
- Ask yourself how this hot-take will age — Have you ever accidentally read some hot-take that someone posted, quoted, or published and thought to yourself “Well, that aged poorly”? I suggest you always think of that moment when you’re posting something about a developing current event. So many times the information that’s available in that moment will write one narrative, and you’ll be asked to comment on that narrative. But keep in mind that developing situations often change many times before they’re clear… so the worst-case for you is that something you say ages poorly and you once again, look stupid. I can think of no better illustration (outside of cyber, even) than most of the media outlets that commented on the hospital in Gaza that was blown to smithereens. Allegedly. A terrorist organization claimed Israel’s IDF hit the hospital with a missile and killed “thousands” of innocent civilians. News programs and writers fell all over each other to be the first out there to criticize the horrible thing the IDF had done. Well, it turns out, as often is the case, that the terrorists (Hamas) who put out the information were…lying. When the truth came out a day or so later, the evidence was crystal clear that Hamas had a rocket mis-fire and they hit their own people, and they killed some. But the damage wasn’t even remotely close to the original narrative, and certainly Israel wasn’t to blame. Some newspapers and programs had to walk back their stories. Some silently changed their articles or narratives. Don’t do this. It shatters your credibility, if you care about this sort of thing. Consider how the event will develop, where we are in the fact-finding journey, and how much we know collectively right now. Understand that “those who know, can’t talk, and those who don’t know, can’t shut up” is a real thing. Again, don’t be one of those people.
There you have it. Three very simple rules that could not only save your reputation, but maybe your career.
If you care about that sort of thing.
