Edit: Despite almost qualifying as a senior citizen, my award-winning friend Thom Langford agreed to write me a guest post (seeing as he writes guests posts for everyone else). I did not impose any conditions except that the topic be relevant and not self-serving in the slightest.
I found myself writing an article that I didn’t have the time or inclination to write the other day; it actually came out well and was commented upon by a number of people in a favorable light, so I hope it was of some value to its audience. However the difficulty was that I wrote it in exchange (albeit in jest) for someone to support my nomination for an upcoming award.
“Immoral!” I hear you cry. “Unethical!” you wail. Well, I disagree because I was carrying out an activity for a friend who I know and trust, an activity that I regularly do for free elsewhere, and to be honest I think he would have voted for me anyway.
But it made me think about the sheer volume of information security writing that I see out there from the various bloggers, pundits and professionals. These are not journalists who are paid to write every day, but people often in high level positions who are not time rich but are still able to produce volumes of words that would put Salman Rushdie to shame. How do we ensure that our nominated spokespeople are true to their ethical commitments?
We should question the motives and therefore the content of such work; was it written to someone else’s agenda in exchange for something else such as a free dinner or even votes Was it actually written by them in the first place, or even has it been presented as researched act when actually it was just a small idea that came to them as they sat on the toilet reading Dilbert?
Many of us, myself included, will eagerly await the next blog or article from someone as it gives me an opportunity to learn in an unbiased and open manner. I can see the inner workings of an organization, or the prevailing attitudes amongst the rockstars of the industry, and apply them (or not) to my own industry outlook. But if these opinions are being formed elsewhere, or influenced by vendors seeking sales the benefits gained from that article are skewed and devalued. What if the writer simply wanted to artificially raise their profile to secure more votes for a nomination for instance?
I certainly won’t name names here, but I would urge all of you to read between the lines, look for patterns where vendors and other third parties may be present, make up your own minds and vote with your browsers.
(Pretty sure I didn’t mention I am up for an award, which you can vote on here.)
*NOTE: Thom Langford wrote this article entirely of his own volition and was not encouraged to do so in order to secure more votes for the award he is nominated for. He is a staunch supporter of the ethics and morals of the Information Security industry.
Javvad Malik 