Security (CAN BE) an ART not a SCIENCE
Tuesday, January 26, 2010 at 9:44AM This is far from a new idea, however it’s not something that is easily provable. So I had an idea this morning. I posed the following question on Twitter:
You know what I got in return? a resounding “No” from everyone. (well I had one outlier but, who doesn’t when you are trying to apply science to prove art) I challenge you to name another non-artistic career that people are so passionate about that they would stay in it even if they won the lottery.
Here are a few that I would like to highlight:
This was a somewhat surprising outcome. See a trend? Most people wanted to quit their jobs, and start their own infosec company. Why is this? Is it just “The American Dream” or is it because they are unhappy with the current people in leadership? Or is it simply the fact that they are hindered from actually pursuing and learning hacking/security at work? The world may never know, but I do implore firms to look at the retention rate of their _actual_ talent. (No, I don’t buy into the No Infosec Peep left behind bull).
There is a rumor that Google has a practice. 2 hours a day, you (an employee of Google) are REQUIRED to work on a project of your own, that is in no way indebted or owned by Google, even after completion. I can imagine the above answers would change if that were the case where they worked. If their employers fostered learning.
As a result of Infosec / Hacking being an art, do we have our premadonas? Of course. But do we also have our Van Gogh's and Michelangelo's? Definitely.
But, time for a bit of a reality check:
Ya, you have NO idea what you would really do with millions of instant cash. I think the number is some 80% of lottery winners go BANKRUPT in the first 10 years. This is because you, and EVERYONE you have ANY connection to, goes absolutely crazy. To the point that there are lottery winner support groups.
However, the fact that people say it now, shows that they at least have the passion for the art. (or are just fronting)
Here some honest answers to even out the tide:
In conclusion, I believe that hacking is a science, until passion adds the artistic fire to the mix. At least that’s what I think, draw your own conclusions.
(That’s another thing I love about this field, you are constantly challenged to draw your own conclusions, to think, to learn, to improve, to be… better)
Reader Comments (13)
You know, he says hookers and blow, but what he really means is steak and beer.
@soapturtle - Yay! Steak & Beer Millions, here I come! <3
"Steak and beer" all the way to the old peoples home.
Plus muck about with GPU clusters for a few years...
Ferrari with more horsepower or GPU cluster with more PMK/s....?
I disagree. Money is not everyones motivation. Doctors would not necicarly stop saving lives if they won the lottery. Yes cut down the hours and have more holidays but stop working, I doubt it. The people who work in infosec are (in general) the people who enjoy what they do and would do it as a hobby if not employed in the industry.
My 10 cents,
@Prydie
i fully agree with the title that infosec is an art (we actually paint the exploits from what we imagine) but somehow it's a science in a sense that we make a lot of assumptions in our work
I think if you win $100Mil+ your life will becomes "investment oriented". You will have to manage your money, you will have to invest such as: building new homes, then try to sell or to rent them, stock investments, maybe a new company ..... Each rent is a generator of chaos ( pets who damage the carpet, house maintenance, and so forth). If you planning to start a company, you should be aware that you must take care to public relationship, to taxes, to costumers ecc.... I don't think you'll have enough time to make research and to be what you are right now. In fact each scientist before making money was a great scientist, after running a company and making money..... everybody becomes business man....
i'd keep working but attend way more cons and take way more days off.
Going to have to agree with Andrew. Those of us who work in infosec usually like what we do and would do it no matter what. It's my job and my hobby and I love it. Great post by the way!
@simoniTdummy
Just to clarify my response - if you say you keep doing it for a LIVING, you are probably either naive or lying. Money DOES change you - it opens up new possibilities that you literally cannot fathom right now. Does this mean everything about you changes? Of course not. You probably still have an interest in the area, maybe you go to Defcon for the hell of it, but you are damn sure not going to trudge to work every day in some horrid cubicle. Or have a consulting client making demands of your time. You would travel the world, seed new companies with angel funds, start your OWN con, write a book, lounge on the beach in Greece, whatever. What you would almost certainly NOT do is sit under the fluorescent lights staring at a monitor all day. Because if you did, you would be missing out on one hell of a good life.
With money like that i would still be in info sec just doing it without the hassle of worrying about bills and paying of debts. I would be more focused on projects the i want to work on not was told to work on by a boss.
Money can be liberating to a hacker if your end goal is knowledge and skills, not money.
This was a good experiment, I think for the most part people will become a bit more specialized in the area of interest that is of most important to them, as oppose to just taking any infosec job because you have to pay the bill.
I also would still be going into and doing infosec, both on my own time and terms, but also as a job. The extra money would definitely allow me to be more ballsy with who I waste my time with job/client-wise, however.
I wouldn't want to spend a ton of time managing my money and investments. There are people far more qualified at that then me, and I'd afford to pay them for such services (quite similar to how we provide security services!).
I might even say I'd believe moreso in the work harder/play harder mentality, just because money wouldn't necessarily be a worry. That might mean I take nice vacations to Greece and lounge on the beach, but I still enjoy toiling in the hell cubes in pursuit of security.
I wouldn't keep my current job I would instead take the money and split it into three parts. 1 part to play with now 1 part to invest in different things to pay off later and help retire on and the last part to build my own small company with a stable enough foundation it will hold together for at least the rest of my working lifetime.