Folks in the Information Security (InfoSec) circles are getting old. It is evident from the last few years and seeing those we know, in some capacity, passing on. For many of us still here, we find ourselves battling a world of conditions ranging from the relatively simple high blood pressure, to the more complicated like diabetes. That doesn’t even speak to the separate issues like so many in our field getting late-life diagnoses for ADHD or finding out they are on the autism spectrum. It’s brutal being alive right now.
When one of us finally succumbs to our issues and passed on, we obviously cannot know or care what happens after. Those who are left behind deal with the aftermath. It seemingly doesn’t matter how well loved or respected you are either, there are people that tend to come out of the woodwork to offer their opinions, post-mortem, good or bad.
Some in InfoSec are celebrities of sorts. We won’t quibble over semantics as to if it is deserved or not, that is irrelevant here. Primarily because it doesn’t matter how famous someone is, or is not. Despite the industry being big, most social circles overlap heavily no matter how small and give us a reminder of Bacon’s Law. We just tend to collectively note what happens after a big name passes. Anyway…
The point of this post is that when someone passes, there is the expected outpour of emotions, positive thoughts, fond memories, and some rumination. Unfortunately, doesn’t take long for that rumination to turn fairly dirty. Earlier this year a highly respected InfoSec professional, personality, and friend to many passed. It was a day before supposed “fact” circulated that she took her life. Why? Probably because she was bravely open and honest about her issues as she pushed for more awareness of the issues. In return, some were quick to jump to the “fact” that she “took her own life” when the real fact was, she did not.
Tonight, we learned that Kevin Mitnick passed days ago. Kevin was definitely a character in our industry and perhaps one of the most polarizing in a long while. He had history and tenure that many will never appreciate. Tenure? Sure… the history that he had? Not a chance. He was a pioneer in many ways, many of which he likely hated until the end of his life. Almost five years in jail, without bail? It was a first in our legal system, and all on the back of something we laugh at as to how stupid it was. A judge was convinced into believing he could whistle nuclear launch codes into a payphone.
If someone very widely respected passed and within a day faced bullshit rumors, I can only imagine what we will see about Kevin. He was loved by some, hated by some, and the rest were in the middle to varying degrees. In the past years there were accusations of plagiarism and fraud, but a surprising lack of any real evidence or definitive blogs outlining that.
Some day I will pass, and I too will fall in that category. Some like me, some hate me, many know my name at the least. I’ve done good, I have done wrong; not an angel and not a demon. When I am dead I can’t care what anyone thinks of me, but I can think in advance of death, what that means to me. As a pessimist and someone who has exposed charlatans in our industry, I can appreciate the dual-sentiment I will enjoy.
So here’s my point.
When someone passes and you have strong opinions, by that I mean negative ones, consider it before you share it. Why are you doing it?
Are you wronged and you finally get to have your shot at them, uncontested? Are you wronged, but meticulous in documenting how much harm they caused? Are you a petty asshole just looking to lash out even if you were the bigger asshole in some argument? Now that you have answered the ‘why’, consider what your expected outcome is. And this may be an unpopular opinion…
Will it do any good? The obvious answer is “no”, it will just contribute to the drama and cesspool that our industry largely is. The less obvious answer is “yes”, it might expose someone after they pass for a lot of wrong-doing that the public did not know about. Even then? You better bring your receipts and have your house in order. Cross and dot the various letters, spellcheck, run it by your lawyer, and have several proof-readers. That’s just common sense and courtesy, living or not.
If someone did such amazing wrong while they lived and the evidence never saw the light of day for whatever reason, I understand. It happens all the time. But no rumors, no conjecture, no conspiracy theories, and most especially… no regurgitating a world of unfounded rumors. If you are going to speak ill of the dead, just do it for cause, and one that goes beyond simple shit-talking the recently deceased.
[Disclaimer: 1) This was written w/o any editing after the fact, just fixed typos as I went along, so bear with obvious mistakes please. 2) I knew Kevin from the late 90’s when I was on his defense team and formally met him while he was detained in L.A. County Jail. 3) Despite that, we were never close then, and definitely not the last 20 years. We maybe talked every two or three years, very briefly. 4) Over the last few years, several people Tweeted or emailed saying he should be on the Attrition.org Errata pages, but never provided a shred of reasoning for it. 5) This blog is not about Kevin beyond him being one of the more high-profile InfoSec people that have passed lately. I am not taking any side; this is a purely neutral piece more on the back of the several that passed before him along with what I suspect we will see about him in the coming weeks.]