⚠️Warning this article contains Stu Ranting⚠️

So a few weeks ago I got a nice message from a follower on Twitter (yes sometimes I get nice messages too), and this got me thinking about the public perception of those on Twitter, Discord, Linkedin etc and how what we do affects others, mostly without us knowing it. Below is the tweet for reference.

DM from a follower, which I shared with permission

This also was a conversation that I had at great lengths with Stu Hirst last night, over a beer (or many). There seems to be this almost cult like status to infosec sometimes, where certain individuals are raised and placed upon a pedestal to be admired by the masses. While this is great, we are all human after all, and cannot keep up to the expectations and the pressure this creates. This ties into impostor syndrome which I suffer from (as do many in infosec), where I don't really feel worthy of my follower count on Twitter or of the lucky position I find myself in with my work.

Because I co-created The Many Hats Club, there is some heavy expectation that weighs on my shoulders, I have to bear the brunt of any drama, provide career advice, to help solve problems for others, and in some circumstances help those who have serious mental health issues who might do harm to themselves.

There is no guide to running a community, you choose your platform, you dance off into the sunset thinking everything will be okay. ⚠️Spoiler alert⚠️ Its not easy, its literally one of the hardest things I've done in my life, sometimes thankless, sometimes the most rewarding. But the most rewarding is getting to know so many awesome people, learning that everyone feels to some degree a level of impostor syndrome. That infosec is hard, and bloody all consuming.

I never thought when I started down this journey that this is what it is to run a community, would I change any of this? No, not for a second. I somehow have accidentally become a mentor to many without even realising it, all while trying to come to grips with my own insecurity issues.

Ben Parker from the Spiderman Comics/Films famously said;

With great power comes great responsibility

If you work in infosec, have a presence on Twitter, Linkedin (Adult Facebook as I call it), or even Facebook/Instagram you may not realise it, but your actions affect others. What you say may resonate with someone in a way you may not realise. This is a concept I'm still coming to terms with. Hence why I wanted to share my thoughts here.  

I have another example of a DM from a community member I wanted to share.

Its messages like the one above that make helping others worth while. And on to the point of this article, we can all do more to help each other. Infosec isn't just about leet hacking, dropping 0days on Twitter, its also about a group of people with similar ideas, different levels of experience trying to solve what is a very complex problem.

When we fight on Twitter, Discord, Linkedin, or at Cons, we make it harder for those shy newer people to want to engage, for fear of reprisals. We as a community have got much better of creating an open, welcoming environment, but there is still an long way to go, and sadly there is still too much Drama. Hence shameless plug #infosecdramaclock

I'm not saying we should go on to twitter and become #thoughtleaders #with #all #them #hashtags, nor am I saying we should start actively hunting people to mentor. What I'm suggesting is that no matter who you are, you have some form of influence and people may look up to you without you realising. Always have this in mind, as this changes how you act, or how you may want to be perceived.

So here is my advice as an accidental mentor:

⚠️ Try your best to be open, engaging and welcoming

⚠️ No matter your experience it counts and is valuable

⚠️ If you see someone alone at a con/meetup say hi, I've done this and it means a lot. You also may learn something really interesting, or it could lead to collaboration

⚠️  If someone asks for help on Twitter, as long as its not "How do you hack a Facebook account?" do your best to help, if you don't know how to, maybe recommend someone that does.

⚠️ I also have some advice for mentees or those asking for help. Be respectful, someone is giving up their time and experience for free, if they don't get back to you straight away don't be offended. A friendly reminder never goes a miss (talking from experience here).

In summary, I never set out to mentor people, it just happened. Am I the best mentor- probably not, I make a lot of mistakes, but try my best to help. It is now a cross I have to bear, one I do with pride, and with some degree of anxiety. I look forward to where this journey of discovery takes me but mostly others I've helped on the way.

Agree or disagree with the points in this article, I'd love to know. Drop me a DM on Twitter or on Discord.

The amazing image for this article is called Neo City and is by Lovely Creatures



Stu is one of the owners and founders of The Many Hats Club. with a background of threat intelligence, Social Engineering, and incident response. He also hosts the podcast, and features in many memes

Read More
The Accidental Infosec Mentor