Apr 16 2008
I’m on a large number of mailing lists. Before there were blogs, mailing lists were one of the primary ways I received my security-related news and got questions answered. I participated in a fair number of forums too, but preferred mailing lists because the news would come to me rather than needing to go back to a site to see if anyone had responded to me. I still find my forum posts listed in Google from time to time when I do an ego search (I know I’m not the only one who types their own name into Google from time to time just to see what comes up).
One of the things that I find again and again on mailing lists is the one or two line post to a list asking such a general question that almost any answer you give will apply. You know, the sort of thing like “What should I do next in my security career?” or “What’s the next big thing in security?”. Questions that are so vague and pointless that they either get ignored on the list or get answers that have nothing to do with what the person posing the question really wanted to know. This leads to on list arguments about stupid answers or general comments on how useless and clogged up the mailing list is. The more traffic a mailing list sees, the more likely this is to happen. A prime example of this is the CISSP mailing list, which often degenerates into discussions of poutine and the relative merits of Tim Hortons vs Dunkin’ Donuts. It’s a closed list, so I hope I’m not putting my ethical standing as a CISSP at risk by revealing how immature a group of security professionals can be from time to time.
I don’t think it’s bad for a list to get silly or flame up once in a while, but I do think the value of the discussion is directly related to the questions posed on the list. The energy someone puts into explaining the question they’re asking, the time they take to pose it in the clearest possible way is directly linked to the clarity and energy someone will put into answer. If your question is about the next step in your career, take a couple of paragraphs to explain how you got where you are and what it is you want to do next. If you want to know what the next hot technology is, explain what your industry is and what you mind find useful. In addition to giving the other members of the list a specific topic to respond to, it might help you understand your own question better. I’ve always been amazed at how much taking the time to write our my thoughts clarifies my own understanding of a topic.
I like mailing lists as a way to get information and see how a group or industry is thinking. But the worth of a list is directly influenced by the amount of energy people are willing to put into it. When people take the time to formulate the real question they’re asking rather than throwing a general inquiry, the signal to noise ratio of the answers comes way up. Most of the responses on any mailing list come from a small minority of the members, so taking the time to understand who those people are and how they think will directly influence the response.
I’m not writing this in response to a single person or incident on a particular list; vague questions seem to be endemic to mailing lists everywhere, and I know my rant won’t do much to change that. But now I have someplace I can point people to next time they ask a question like “How do I improve the security of my enterprise?”. If you take the time to formulate the question and really specify what it is you hope to get out of the answer, you might be surprised at the quality of the answers you get in response.