510 Not Extended

I’ve been bad

Engineering doesn’t want to work with me. Hell, we’re not on talking terms. Leadership wants answers that only I can provide, because I pierced the veil, and now, hard questions are being asked. I’ve done bad to be good, and it’s all wrong now. Everything is fucked; long live the fucking.

I cannot count the number of nights my kids have been laid down to sleep without a kiss from me, a wish for sweet dreams. A final touch before they expire to dreamland. I cannot count the days I’ve said, not right now I’m still working. I just need to solve this one last problem for the day, that bleeds into another, into another. I swore I would be the present parent I never had, and yet. I’m the opposite. I’m teaching them my job is more important than them because why? I see their lavish birthdays, christmas celebrations. I see their happiness when they get so many new exciting things, but I also feel how good it is when they finally get a moment with Dad. That raw, real love. And it hurts me.

I’ve been bad.

I stand on many hills. My opinions are very strong across a broad range of topics, and I’m highly technical. I’m a general specialist across the entire infosec range from network engineering to web application pen testing, and I can likely right a textbook on applied application security at this point. But at what cost? I will never get back the hours I spent in the office while my only born son took his first steps, or said his first words. I’ll never build the trust with my stepdaughter required for when the first boyfriend breaks her heart. I won’t remember the early days of their childhoods because I wasn’t there. This industry required my attention more than my life.

DEADBEEFAGAIN

This isn’t a post for pity. This is a post of realization. A moment of clarity, even. I’ve been given invaluable insight into myself as of late, and I am committed to change. There are some unchangeable truths, and there are some lies that need correcting. As part of this universal gift, I intend on giving back to that which I’ve gained so much. These are some immediate thoughts, and lessons.

The past is unchangeable

I have found roughly 2/3s of the ways to fuck up standing up an appsec program. I’ve been directly responsible for about 1/3 of those. Diplomacy matters. Hubris is deadly. And, I should’ve known, SDEs don’t like anyone playing in their sandbox. They don’t even want anyone looking in the general direction of their sandbox. I thought I learned my mistake but it’s become abundantly clear my personal injury around being an outcast simply by changing to “the other side,” bleeds deep into my communication – and I need to change that. Shit happens, best you can do is make ammends, pay reparations, and move forward.

I have to accept that up until even this evening, this choice of industry has stolen my children’s father. No. Their father gave himself to this industry. It’s a story as old as Capitalism itself – absentee fatherism. There is a lot of cognitive dissonance in that statement, and when I look in the mirror, considering my own upbringing.

Best intentions with personal effort without adequate support throughout an organization can be interpreted as malicious compliance in the best of times. Had I known what was going to perspire over the past two years, I would’ve changed my attitude on the outset. You cannot change the past.

The present is now

The universe works in mysterious ways, and a confluence of factors lead to moments that breed growth. My time in this space is growing to a close. At least in the capacity I’ve been functioning in. As part of growth, a human moves through stages of development, proficiency, mastery, then into the cycle again. While I’ve been engaging in personal growth opportunities, an individual of late has brought light to my being that I’ve not witnessed in some time. The challenge, the truth, the judgement is something I don’t need; my hubris nods.

I am working on myself, and how I present myself to the world. I’ve spent decades in the dark, in the terminal. A ghost in the machine, per se. However, that need not be the case as I’m learning, and in fact, I might actually offer value instead of letting this… industry consume me like a virus. I can be an immunoresponse, and I should give back to the community. I can give back to software developers, open source maintainers, and the inexperienced. If cyber benefits? Cool. If not? Get fucked.

Things are changing, per usual, and this focus on AI is reckless. Tonedeaf leadership dictating that individuals will be evaluated on their use of AI during performance reviews is self defeating. Your best talent will not leverage AI the same way your worst does. The quality of work produced will be wildly different, all the way down to the minutes of revision per iteration. Forcing this down your people’s throats because of your own fear signals a massive uncertainty in your vision – you don’t trust your own value to the market. :facepalm:

The future is inevitable

I have a head full of brains, and am trying to find a voice to make sense of it all. I need to change this relationship; it’s not working. It’s you, and me. And regardless what LinkedIn says, I think a lot of you, like me, feel this way. I should’ve set stronger boundaries. You shouldn’t have been so thirsty. We both fucked up. This isn’t working. No, there will not be goodbye sex. I’m not going away. I’m changing where I stand, and how we interact.

There are some major conferences coming up – I’m missing the two biggies – but I will be speaking. I will be airing grievances. And I will be offering solutions for every appsec soldier that’s drinking themselves to death, giving up their lives, for a thankless, tonedeaf CEO somewhere else. We might have to sit silent next week, and the week after. But, sometime soon…

I’ll stand up and say “I told you so.” The reason for that comment will be either a good thing, or a bad thing. It’s up to someone else to figure that out between then and now. #appsecsux