There’s a lot you can learn about a person just by the way they present themselves online – whether that is in a positive or negative light is really up to the individual posting the content. Several of my followers have questioned why I choose to part company with Peerlyst, and here’s why. Firstly, let’s understand the word “community”. Taken literally, it’s something like the below
“The condition of sharing or having certain attitudes and interests in common.”
Anyone calling themselves a community should abide by this basic description at all times. Especially the part “having certain attitudes”. It’s this very part of the description that is capable of destroying a community much faster than it takes to create one in the first place. It was always my dream and wish to give something back to the industry that adopted me at the age of 16 as a school leaver, and I promised myself that once I reached a plateau in my career, I would start giving something back in order to help others.
This initial drive began in 2016 when I started writing articles for Peerlyst. The very first article I donated to the community here detailed the most common types of compromise, and what to look out for. Fairly soon, I was contacted and asked if I’d consider making this a featured resource that their community could use as a learning tool. Happily, I agreed, and began donating regular articles from my own blog for the benefit of their community. As a side point, there are several authors who write similar content for others, but it’s typically for a fee, or a mention in a larger community in order to promote that individual. This isn’t how I work. I’ve never chased glory – I get my satisfaction from those who read my articles, and engage in active discussion relating to the content.
I always expected questions and dialogue arising from my articles. In most cases, the exchange of opinions, questions, and content in general made for a pleasant experience. Inspired by this interest in my work, I began work on a piece entitled “Think you can spot a hacker ? Think again”. Now, not every piece of creative writing inspires everyone, and I completely understand that. However, opinion can easily be divided when a specific response is used, and counter effective if the response hasn’t been well thought out before clicking that submit button. Written content often suffers from the same central ailment in the fact that it rarely conveys tone or emotion. When you read something someone else has written, it’s impossible to gauge body language or tone of voice. For this reason, diplomacy and a careful selection of words is often a good idea (also known as think before you post), as is reading your input before submitting it. Often, the first response to something isn’t always the best one, and you’ll find yourself effectively sanitising content before you submit after renewing it.
Sadly, this doesn’t seem to apply to all individuals. The response I received from one particular individual was a little less than polite (if you consider the acronym GYHOOYA appropriate in any conversation, you should stop reading now) to say the least. Clearly, I’d made the “fatal” mistake of aligning hackers to criminals – a definition clearly shared by most thesauruses – yet not fully understood (so it seems by the Peerlyst community) or accepted. Before I knew it, I was effectively being lynched and burned at the stake by peasants angrily revolting. Consider common sentences as
- “…..I’ve been hacked”
- “…..hackers steal personal information”
- “…..hackers leaked usernames and passwords”
- “…..hackers take website offline”
- “…..[insert random celebrity here] has intimate photos hacked and placed online”
Shall I go on ? Granted, the term “hacker” does lend itself somewhat to images of people sitting in front of computers wearing black leather gloves and hoodies. This image was created by the media to promote awareness, but for valid reason. Somehow, attempting to draw a parallel between a hacker and a business man or woman in a suit doesn’t work as well (although this perhaps it’s a fitting description for state sponsored hackers – more on that coming soon) if you are trying to portray a particular image. The comments left on this particular article were less than professional (see previous acronym for details), and before I knew it, others were queuing up to provide their input. I won’t go into explicit detail as that’s not what this article is about, but let’s just say that the responses were nothing short of conjecture. At this point, I decided to raise this as an issue with Peerlyst.
The response I got back alluded to me “hurting the community”. Fair enough, but I didn’t agree with this response. Eventually, I was effectively “bullied” into changing the post to “criminal hacker”, and placing a paragraph at the top of the article denoting the difference between those who hack for research, and those who hack for criminal gain. My immediate question here is this:
Does a thief steal for research ? No. A thief steals for financial and / or material gain.
It’s all about perception I suppose, but you can’t take a word that is associated primarily with criminal activity and expect to be treated like a hero. It’s the same reason as to why the “ISIS Bar And Lounge” located in Cooper’s Row (London) changed its name for reasons fairly obvious to even the untrained eye. Things did quieten down for a while after that incident, but I did stop contributing from that moment forward. Whilst it sounds like an overreaction on my part, I expect if you stop reading at this point, it could be true. However, the story (unfortunately) doesn’t end here. I was not on the receiving end of the diatribe about be unleashed this time, but watched (with a mixture of disgust and disbelief) as this whole scenario unfolded. The focal point of discussion was from this post
Some of the comments left for the author of this post were in my view nothing short of disgusting to say the least. Here’s the opening comment
Those are great academic credentials. Let’s talk about “in the trenches” experience. Were you ever an engineer or specialist hunting threats and vulnerabilities? Run a NESSUS scan? Perform threat mitigation? Get called at 3AM because your network was hacked?What I am seeing is a professional test taker and academic. Perhaps with a photographic memory and tons of charisma? Getting a PhD at an early age and knowing 5 different languages leads me to believe the previous sentence. Where is the actual, bonafide experience?As for your “acting chief information security officer for regulated businesses”, again, where is the actual experience? Anyone can be a CISO including a person with a Music background. Just saying.
There was a comment from the original author of this post, but it has since been removed. It was essentially threatening the author of the above comment with a lawsuit for defamation of character. Unsurprisingly, the response below was then posted
Feel free. I am well known on here. And your lawyer can contact me at the provided address. If you were truly serious, you would offer the proof I am requesting. I will gladly acknowledge your certification and knowledge when the proof is provided. But you have not done so and that is an indication of your true meaning. I doubt your certification as a CISSP and you have done nothing to prove me wrong. The truth is your only defense.
I don’t claim to be an airplane pilot. I could not tell you how to land a 737. Why should you be any exemption to that? You claim to be a cybersecurity expert with a CISSP requiring 4 years of actual experience. Where is it? If you will acknowledge that experience, I will not only accept it, I will endorse you.
Have you “attorney” bring suit against me here in the US (I’ll never travel to Singapore so that doesn’t matter). Have him/her contact me at my stated email address. I will gladly share my physical mailing address for service of process. I’ll encourage service! Let’s go to court. Perhaps I know the laws better than you in the US not to mention cybersecurity.
As for Peerlyst, maybe they will see it fit to remove an individual who is a poser. A fake. A charlatan through her own lack of admissions. If they ask me to be silent on this, I will honour their request. It is their site after all. Guess we will need to wait and see.
Is this really necessary ? Since when did we consider it appropriate to behave like Neanderthals by publicly humiliating someone else, then dragging their reputation through the mud ? This is when a so called community deteriorates to a battlefield, and if the moderators do not make an effort to ring fence “debates” like this, they quickly spiral out of control and dramatically damage what the community set out the build the in the first place. The best way to extinguish this particular situation is to disable the comments for that post. As a moderator, this is one the immediate mechanisms to prevent brand damage. However, this course of action was not taken, and incredibly, the moderators chose to actually engage in the debate. This was not a wise choice, as the participants then started to respond to the interjection and went off track in the process. Mediation is a powerful tool when running a community, but it’s effectiveness is severely impacted when you decide to air dirty laundry in public. Why on earth would you want to engage in a debate with someone when they are clearly trolling someone else ? You’re supposed to actually prevent that from happening in my view. And this is the real reason why I will never write for Peerlyst again. They have knowingly damaged their own community – effectively allowing someone else to poison it’s integrity and standing as a reliable information source. I know of two others who have contacted me since my LinkedIn post detailing that I no longer write for Peerlyst, and expressed the same reasons as mine stated above.
And so, on the 15th of November, I invoked my version of “Article 50”, and decide to leave the Peerlyst community by deactivating my account, and effectively, exercising my Right To Be Forgotten. For those who don’t fully understand the meaning of this, here’s a snippet supplied by the ICO
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
I was contacted by Peerlyst the following day asking why I had deleted my account. I’m not convinced it was the fact that they were genuinely sorry that they had lost a member – but where more concerned that the content I had contributed over time was also deleted as part of the account deactivation procedure. Here’s some of the comments I recieved
“I’m sorry to hear that you decided to leave for this reason. I understand you have your own initiative, which I hope will work well for you. However, removing the content which serves 100,000 monthly readers and 500,000 unique readers is a pity for those who come to Peerlyst to learn”
My response was that all content I had previously provided is posted here at Phenomlab. It’s actually my work, and Peerlyst are no longer permitted to use it. I was also asked if I would leave my account in place so that they could retain the content. This concerns me somewhat, as that would imply the content hasn’t actually been deleted, but “moved off the site to somewhere else”. I have asked for Peerlyst to confirm that the data has been removed – so far, there has not been any response. I guess they have until May 2018 to delete it from the GDPR standpoint in order be in full compliance.
The other comment I received was
“So sad to see you deactivated your account. You used to believe in the mission of sharing everything to help people improve!?”
My response was “And I still do. Just not for Peerlyst”.
The point I’ll make here is as follows. For a community to succeed it has to have a solid foundation, and a clearly defined policy. There isn’t much to the policy I put together, and it can be found here. Based on what I saw on Peerlyst, the last “rule” is “Don’t be a dick”. Take a look yourself. I personally want to mentor the next generation of InfoSec professionals, not get into a pathetic “shit slinging” match that yields no real benefit whatsoever. I’ve also been contacted by one of the moderators – evidently, Peerlsyt’s CEO wants to have a call with her to discuss this. Too little, too late, I’m afraid. The damage is done. I don’t want an apology as one isn’t needed. I don’t want a discussion as nothing will change. In reality, I refuse to associate my name or any of my content with a so-called community that is effectively endorsing one of the worst online experiences we have to date – trolling.