Aug 26 2013
It’s amazing to look back and realize that it’s been a decade since I started blogging. My life has changed so much since that I sat down and wrote that first “Hello World” blog post. There was no way I could know what direction my life would take once I wrote that first post, but I knew I needed to write it. It turned out to be one of the most influential decisions in my life, not far behind asking my lovely wife to marry me and deciding to have kids.
Why did I start blogging on August 14th, 2003, I had a web site that I’d manually updated for nearly a year, adding stories I found to a page by manually editing the HTML code in a text editor and uploading it to my ISP via FTP. My role at the time was administering a small cluster of IDS servers and once I’d been through the bulk of the previous night’s alerts, I had a lot of spare time on my hands to fill. There weren’t the millions of blogs we have now, and there were only a handful of security bloggers, though it was Richard Bejtlich who initially inspired me the most. Bruce Schneier wasn’t blogging at that time; he had already written his first book, he was writing articles and the blogging came later. There are a number of other security bloggers from that era who are still around, but those are the two who first got me into thinking I might try my hand at writing. It was, and still remains a hobby, but one that shall have a central role in my life for as long as I can maintain it.
Those first few [hundred] blog posts were horrible. I was just linking to news stories I thought were interesting with a few lines of commentary, not adding much as far as opinion at the beginning. That slowly changed and now people are more than used to me voicing my opinion, sometimes at great length. Slowly, very slowly, I learned to think more clearly, communicate with greater clarity and expound upon the thoughts I had bouncing around in my head about security. The first time I felt like I was actively adding to the conversation and getting the news out was the dust up between Michael Lynn and Cisco over a presentation he was giving at Black Hat. I have now written well over 2000 blog posts consisting of over half a million words. That’s a lot of time spent on a hobby, by anyone’s standards
And that was the main reason I wanted to start writing and blogging; I had a lot of book learning on security, I’d been active in the field for about 5 years and I knew the difference between a SYN and an ACK, but I couldn’t figure out much of the ideas that had led to the security technologies I was dealing with on a daily basis. Not the tech itself, but the philosophy that had led people to design the tech. I had ideas that I wanted to test and solidify by putting word to digital paper, organizing my thoughts in a way that I hoped others could understand. And I wanted to have those thoughts challenged by people smarter than me, in the hopes that I’d learn to be a better security professional. And, for the most part, it’s worked out well for me.
I’ve been challenged a lot on my writing, but more importantly, it’s given me an opportunity to speak out on numerous issues, from government voting, to privacy to PCI. There have been a few things I’ve held back on, but for the most part I’ve spoken my mind, consequences be damned. I’ve had to pay the consequences several times, but those have been mercifully few and far between. They’ve been painful, but I’ve survived and ended up better for the experience each time.
I’ve had a number of successes and failures that I can attribute to the blog (and later the Network Security Podcast with Rich Mogull and Zach Lanier). I had the opportunity to write for Computerworld for a year; having an editor made me a much better writer than I’d been before. I also had an opportunity to do video blogging, which did not go nearly as well. I’ve failed at several roles in security during that time, sometimes because the role and team was wrong, sometimes because I was just in the wrong place at the wrong time. And at least once because I let my ego get the better of me. I’ve gone through periods where I wrote several times each day and other periods where months have passed between posts. And I’ve complained about burnout so many times even I got tired of talking about it, though that’s gone through cyclic changes as well.
A lot has changed for me in the last 10 years. I’ve had half a dozen jobs in that time, only one of which lasted for more than two years. My role as Akamai’s Security Advocate (recent title change) is nearly at the two year point and I don’t see myself changing companies any time soon, so if I can just survive a few more weeks, I’ll have another role to add to that list. I am in the process of starting a new role within Akamai, concentrating on Europe instead of America with a smattering of trips to other regions, but I like my role and the team of awesome people I get to work with.
As I look back at the decade, one of the things that stands out the most to me is my discussion of privacy matters and the crossroads the US and the whole international community finds ourselves at. I’ve spent a lot of time drawing attention to the issues around government destruction of personal privacy, to the point where even I was beginning to question if I hadn’t gone over the paranoid edge. But what Edward Snowden has revealed about the intelligence organizations of the US and the stories that continue to surface about the erosion of any semblance of privacy concerning digital communications of any type scare the sense out of me. I went from thinking maybe I was too paranoid to realizing I hadn’t been paranoid enough overnight! Captain Privacy needed to ride again, but there was no way he could tackle the problems that exist in the world right now.
I hope I can still write a blog in another 10 years without worrying if my post will have the NSA or the local police knocking at my door, looking for a ‘terrorist’. I said “I wasn’t paranoid enough.” once, I doubt I’ll be that naive ever again.