There has been a lot of talk about the “echo chamber” of information security lately, mostly inside the echo chamber- about how we need to get outside of the echo chamber.
(image credit: Hugh MacLeod’s Gaping Void)
Likewise, there has been a debate about the “preaching to the choir” aspect of many security conferences. This really makes me worry about what kind of churches you people go to.
If we’re going to play with these metaphors- I do not have a problem with the comfort of the echo chamber, nor do I think there is a problem with preaching to the choir. We deserve to have fun occasionally, share information with people we know, build the relationships that help us do our jobs and get through our crises, and all the other things we do at gathering places- both physical and virtual.
The problem is when we never leave these enclaves. We need to share what we learn. We need to get our teeth kicked in by the realities of the real world, business needs, people’s priorities and biases. Then retreat to our little cliques, recharge, and repeat.
Face it, if it was easy, most of us wouldn’t do it. There is something a bit off about the “infosec” mind, and that’s OK.