Category: Bull Shiitake

Evangelism and Projecting your dislike of religion

Evangelism and Projecting your dislike of religion

Wake up people, you are falling into the same old theistic behavior that we all as evolved sentient beings should eschew, neigh, …loathe. INFOSEC is not a religion and YOU are not the FUCKING POPE ok?

That’s a quote from Krypt3ia on his blog entitled “Infosec is not a religion”. He says this in his rant about the use of the term “evangelist” in security.

Krypt3ia is even nice enough to define the term for us. Now I know Krypt3ia is smart enough to know that a term can be used creatively so that it does not fall into the traditional use of the term. But his obvious hatred of religion (displayed by the quote above) doesn’t allow him to get around this, and it is unfortunate.

Is the term overused? Yes, I think it is. That is why I chose the title “Advocate” instead (thanks to Michael Santarcangelo for the help with the title). Has it turned into a buzzword or sorts? Maybe. But should people who have the title of evangelist be ashamed somehow? No, they shouldn’t. Should people who “take” that title for themselves be ashamed? No. It might be a little corny to take it for yourself, but it is not something to be ashamed of.

If someone is using the term “improperly to suit your needs of being center stage and telling everyone from the fucking mount what “they” should be doing” as Krypt3ia says, then why is he throwing his bile against only this term? Plenty of people put themselves forward as experts who are far from it, and they don’t always call themselves evangelists. Plenty of people want center stage (I’m not immune to that, and I’m pretty sure Krypt3ia is not immune either if his diatribes are any indication).

This is really just a case of projection. Krypt3ia doesn’t like religion, and he can’t stand to see the term used so much. It irritates him, so he blows up (he does that a lot, which is part of his charm). And while my use of the term “psychological projection” is not an exact fit for the clinical definition, I think I can use it here to fit my desired message, which is: Get a grip dude. It is just a term.

So how much did TippingPoint pay…

So how much did TippingPoint pay…

…for this interview?  It is titled "Embedding security has drawbacks says TippingPoint chief architect", but the explanation Brian Smith gives is about as weak as the American dollar.  Did TippingPoint marketing write the questions?  Sheesh.

Look, there is a need for embedded security AND security on the edge.  It really comes down to your business.  When good and fast security becomes built into the switch, I will look at it and judge it’s merits for MY BUSINESS (or my client’s business).  But this whole thing about switching and routing technology being outpaced by security technology is the largest piece of crap answer I have ever heard.  Of course the security technology is outpacing it.  That is because security is hot, hot, hot right now, and it has been for the last few years, whereas routing and switching are routing and switching.  But what does that mean?? 

Mr. Smith, was the incorporation of IPS into 3COM switches was a "fool’s errand", as you called it at 3:21 in the video?  Does that mean that you can’t incorporate the two?  Does it simply not work?  Is this just not feasible?  Of course not.  The reason you are saying this is because the 3COM / TP deal fell through for other reasons.  Plain and simple, 3COM was not in any kind of position in the switching market to make a dent.  I wrote about this a while back.  Here’s most of that post:

When I was an infosec manager, I was a TippingPoint customer. When I bought the TippingPoint box, stand-alone devices were still all the rage. UTM and NAC were pretty much still new terms. But right about the time TippingPoint was bought by 3com, the convergence track had started to emerge. Cisco was really getting into putting different devices in their switches. Things were really starting to move in that direction, and 3com probably thought they should do the same.

But just in case things were not what they seemed, 3com decided to test the waters (conjecture on my part, but plausible conjecture nonetheless). So they surveyed their customers (or TippingPoint customers, at least). I received one of these surveys. Among other things, it asked if I would buy a 3com enterpise switch with a TippingPoint IPS blade integrated into it. Understand that I come from the network engineering world. I have installed and configured many a switch and router. And for the immediate 4-5 years before this survey hit my inbox, 3com had been about as present in the enterprise switch space as a woman at an ISSA chapter meeting. The biggest place you saw 3com was on a NIC or a little white 8-port hub in a room full of cubicles. So, I answered a definitive “not no, but hell no”.

To clarify (if the above didn’t explain it well enough), it was the 3com switch that threw me. I wasn’t unhappy with TippingPoint (except that they had been bought by 3com). I liked the box. It served me well. If I could get a TippingPoint blade for the 4506, I would have seriously considered it. But there was no way I was going to replace my Catalyst 4506 with a 3com switch, no way, now how.

Of course, I cannot answer for every TippingPoint customer who received the survey, but I can guess that many of them answered the same way. And this makes me wonder if 3com and TippingPoint are sitting in ivory towers and ignoring the trends because it doesn’t compute that people don’t like their switches.

And to add one more thing that may add some credence to my hypothesis: I also had a couple of 3com reps come out to visit me during the final months of my tenure as an infosec manager. When my boss and I told the 3com guys that we would not consider in any way replacing our current switching infrastructure with 3com because of our impression of 3com as a serious player, they were completely surprised by our attitude. Now maybe they had never received that reaction before because we were just a little more harsh and up front with our opinions. But my immediate opinion was that they really didn’t know they had that kind of reputation. Maybe it is just me that thinks this about them, but I don’t think so.


So basically, what it came down to was that 3COM did not impress me, so I would never have bought their switches.  The IDEA was a good one.  They recognized that it was a good one.  But they could not make it happen because no one wanted to buy 3COM switches.  Plain and simple. 

Now let us get back to the business of security while you guys go try to fool a few more people.