Apr 14 2011
I fell a bit guilty sometimes when I look at my own blog. When I started blogging oh-so-many years ago, I’d blog at least daily, often two to three times a day depending on the time I had and what interesting stories I could find as the day went by. Also depending on what my workload was, which was fairly light when I started, since monitoring an IDS really isn’t that hard once you’ve got things properly tuned. The blog was a new toy that I wanted to play with as much as I could and there were a lot of ideas I wanted to explore back then. But the shine has long since worn off of the toy.
Fast forward to now and I often go a week or more without a new blog post. Sometimes the only post for the week is a link to the podcast, and some weeks even that doesn’t happen due to travel schedules. So I’ll look at the site and feel bad because nothing’s been written, try to come up with anything and either walk away because I can’t come up with an idea or write something I don’t publish because, honestly, I sometimes write a pile of steaming crud that I don’t think should be inflicted on anyone. These have some value, because they clear my mind a little, but you shouldn’t have to read them.
But the biggest problem I have with writing is that some days I feel like I only have one subject to write on, which is, you guessed it, PCI. It’s an important subject, I have a fair amount of experience in it and I have points that have value and should be shared with the folks who come to the blog. But it feels like I have been having the same conversation for a few years now, and I know that if I’m boring myself with the talk, I have to be boring others with it as well. And if there’s one cardinal sin in writing, it would be boring your reader.
I’m not sure there’s a solution for this problem, or at least not an easy one. PCI is what I do for a living, I’m immersed in it 40-60 hours a week. It’s hard to get out of the mindset of compliance. The PCI requirements haven’t changed significantly in years, despite the fact that 2.0 came out last year. And it’s not going to be changing again for at least three more years. It’s not exciting, it’s not sexy and there’s not a lot of news that’s coming out about PCI. Unless you consider all the breaches that is.
It’s a little depressing to be so one-dimensional, to not have a breadth of subjects to talk about. And even within PCI there are some subjects and events I can’t write about because either my employer is involved, therefore I’m involved indirectly or because I’m involved directly and would be incredibly stupid to make any comment on the situation at all. To be fair, no one I work with has editorial rights on my blog or any say in what I write about here, but I have a healthy sense of self-censorship. I like my employer and am in no hurry to do something that would get me in hot water in a hurry. I figure this is simply a factor of growing up and taking responsibility, not a constraint laid on me by someone else.
I’m not sure there’s a solution at the moment, but I’m open to suggestions. I’ve started to branch out a little in my non-work hobbies; I’ve picked up a bunch of Arduino stuff and I’m working with the kids to learn more about electronics and to brush off some long neglected programming skills. I’m also starting to talk to other security professionals I respect about long term career goals. I often wonder how I got where I am in my career and rather than continuing to trust in the luck that got me here, I’m starting to lay some of the groundwork that will be needed to take me to the next level. You’d be surprised how much good advice you can get if you just take the time to ask for it. But neither of these is really at a point where I can write about it and I’m not sure this blog is the place to talk about Arduino in any case. Career advice, yes, at least once I’ve digested enough of the wisdom folks I’ve been talking to. Which could be a while, since this is something that I’m a little slow in assimilating.
I’m sure I’m not the only one who’s run into this issue. I know from the comments I receive from time to time that I’m not the only one who thinks the blog has become one dimensional. I think the proper term is ‘stuck in a rut’. How have you broken out of your own rut in the past? How have you broadened your skill set or interests so that you’re not a one trick pony? Am I fretting over something that’s a non-issue and should stop whining and go back to writing about PCI and be happy I have something I’m, well, if not an expert, at least experience in? I’m curious how others feel about running into the same problem and would like to hear from you.