Security Bloggers Network and Influential List Nonsense
Last Friday I decided to leave the Security Bloggers network. For those that don’t know its an aggregated feed of 50 or so blogs rolled into one feed at Feedburner.
I am brand new to blogging and interested in how it all works, hence Blogonomics. It seemed like a no-brainer at the time and I signed up without really thinking about it. I didn’t research all the other blogs and decide if I wanted to be associated with them; in fact I saw a few solid folks like Matsano Chargen and Pete Lindstrom and jumped in feet first.
Of course if you are part of a network you subscribe and see what others are saying. It became almost like a mailing list. While it’s true to say there are a good number of very smart and talented folks on the list and there has been some great content come across my RSS reader; for me the Security Bloggers network had a low signal to noise ratio and some of the other members were not folks I want to be associated with. This came to a head when ITSecurity.com produced a blog baited list of the top 59 most influential security people. The list is farcical in so many ways; no Dan Geer, Mike Howard, James Gosling, Andy Jaquith, Phil Venables, Spafford and so on. Tom Ptacek sums it up with a great quote
The noise of self congratulation for “falling f0r for it” became deafening and very annoying. Over the last month I have also read some ridiculous blog postings about PCI from people who I honestly doubt have ever held a corporate security job in their lives and just don’t have a clue (and yes, I am happy to debate you charlatans on a public stage at a conference of your choice about that topic if you have the balls).
I want to read the thoughts of people I respect. I realized way back when that this industry has gotten so big that you you can’t track everything and have to focus on what’s important. If you read product reviews in eWeek for instance you’ll get annoyed at their inaccuracy and commercial advertising revenue derived results. No one with a brain falls for it. We tested a firewall at Foundstone that could be totally bypassed trivially but got 5 stars for security by eWeek labs. Some speakers and projects seem to spend more time telling you about why they are such experts and “thought leaders” than they do producing anything of value.
A CSO I respect a lot sent me this email a few weeks back.
Btw do you have a character in your cartoon strips that is the guy who does nothing but conferences and magazine columns, but mysteriously nobody can actually recall him/her actually being a meaningful contributor, holding a senior infosec management post, or similar real world qualification?
I suspect others think the same and so if they are interested in what I have to say will subscribe to my blog and not an aggregated network feed. I have now subscribed to two new blogs before I joined, all of the other blogs I am interested in enough to read on a daily basis were on my subscriptions list before.
My tongue in cheek “Art of the Security Group” slide from Naked Security may make your chuckle of cringe.
March 19, 2007 at 3:04 pm
For being new to blogging, you have a particular clarity and honest rawness to your postings. You could have fooled me!
And you’re right about focusing on what’s important in this industry. Hell, even in the blogs and online news alone there are way too many for any employed person to follow and track and absorb. Kinda like the 50 or so bloggers of the Security Bloggers network many people only have enough mental bandwidth to follow a handful of them.
Of note, I agree you should have a character like the one mentioned by that CSO above. There’s something about what I call the “journalist” IT people who talk well but really have no clue what their best practices mean in the real world…
Keep up the good work man, and at least know that at least one person wants to read what your thoughts are!
March 19, 2007 at 5:56 pm
Mark
Sorry you left the Security Bloggers Network. Couple of things. First of all the SBN had nothing whatsoever to do with the ITsecurity.com list. On the SBN, I am responsible for who gets an invite. As a vendor, I thought it very important that I do not discriminate against people who blog on security and wanted to join the network. I did not think it was my job or even within my purview to start weeding out people I did not think worthy. I think the blogging marketplace takes care of that and articles not interesting you can skip over.
So, sorry you think there are people there not worthy of being associated with you. In the meantime there are hundreds of people subscribing to the feed who I guess find some usefulness out it. Good luck with your blog and cartoons!
a
March 19, 2007 at 6:10 pm
Alan,
There are some great people on the list as I mentioned in the post above. The challenge for me was when the noise to signal ratio gets so large, its hard (as you mention above) to skip over the articles that aren’t interesting and find the diamonds.
As a raw aggregated feed its just great; I thought it was a refined or distilled feed when I joined. I thought the value was in the content and not convenience. Maybe I am missing something or so new to blogging I just don’t get it. There are only a few of your members who I don’t want to be associated with and I didn’t want you to have to deal with the outbursts that I am sure will ensue when I start calling out PCI and some of the ridiculous “rah rah” PCI type advice for whats it worth. And I plan to do it very publically and very directly when the time is right. That wouldn’t be fair on you or your other quality bloggers on the network.
And FWIW “not worthy” what not what I said at all; ” folks “I” don’t want to be associated with” was. Thats very different from “not worthy”! As Buddha teaches, removing badness leads to happiness. Thats all I have done. If I could have filtered a few from the list (without having to write a filter), believe you me I would have. I also could have easily slipped away silently but I think its shows more integrity to be honest and up front about it, even if you know some folks will be pissed. If people don’t like it they can un-subscribe or not read. That was my very issue with the network, I couldn’t unsubscribe from the few and had to wade through the mass to get to the good stuff.
Cheers
Mark
March 19, 2007 at 6:26 pm
“I am happy to debate you charlatans on a public stage at a conference of your choice about that topic if you have the balls.”
That is a very bold statement, and I was going to comment to your post by saying that you need to call out the charlatans instead of just posting that statement. But by your reply to Alan, it looks like you are going to do just that. I don’t think the security blogging world and the security industry as a whole would be hurt by some kind of shakeup, and if you feel like the one to do it, then I say more power to you.
I have stated this before on private conversations to other bloggers, but I think the security blogging family is getting somewhat incestuous, and we are possibly breeding malformed kids (everyone seems to want to jump on the security blog train). Of course, as Alan said in his comment, I also think that most of these will be weeded out eventually.
Michael
March 19, 2007 at 6:33 pm
Michael,
I totally agree and thanks for taking time to comment.
On PCI timing is key. Give a few people enough rope and they will hang themselves. I think thats whats happening now. I am waiting until they really hang themselves with their new found confidence.
On the natural selection I think you are spot on but I hope that doesn’t stop the good stuff that folks like you (and a lot of the security bloggers network) produce from getting lost while it happens. Natural selection for a regular blog is to unsubscribe. I couldn’t unsubscribe from the noise. That was one of my main issues.
March 20, 2007 at 1:54 am
[...] to help us look at the security industry and ourselves in a new light. Take a second to read Mark Curphey’s post about the issue over at [...]
March 20, 2007 at 3:25 am
Mark – On the SBN, actually what it is now, I hope will not be what it is in the future. Through Brad Feld I have met the FeedBurner guys and I know they have big plans on what to do with these networks. I hope that we can have a common comments feature one day. Something like this thread would be good to put up there so everyone can jump in if they want.
Anyway, as I said before, sorry to see you leave the network but we each have to follow our own road. I will keep reading anyway
March 20, 2007 at 4:56 am
The fighting 59 and One Flew Over the Cukoos Nest
OK, I am going to come out of my self-imposed Mr. Nice Guy persona and return to the gruff NY’er. What has put me in this state you ask? It is all the radioactive fall out from the Top 59
March 20, 2007 at 12:09 pm
[...] Read more… Tags: bloggers, blogging, blogs, feedburner, feet first, i decided, last friday, lindstrom Posted on Tuesday, March 20th, 2007 at 7:06 pm and under category News. You can read any responses through the RSS 2.0 feed. You can give a response, or trackback from your site. « IBM, Cisco release crisis response service INTERNET CRIME : The Latest Numbers » [...]
March 20, 2007 at 2:17 pm
Mark said:
From the tenor of your post, then, it seems that you won’t have much to read.
Seriously, lists are just meant for gaming the “blogosphere” (there’s a term that can’t die a death too soon), and it seems that you’re allowing yourself to get sucked in by it.
Lists mean nothing. As Alan mentioned, the public will see through the “crap”. Don’t spend any energy on it — you’ve got better things to stress yourself with.
March 20, 2007 at 4:22 pm
Congats on an excellent job of self-promotion.
You could have quietly removed yourself from the feed but I guess the narcissism pushed out the enlightenment.
March 20, 2007 at 4:47 pm
Mark,
I think you’re conflating “How do people want to read my stuff?” with “How do I want to read their stuff?”
I’ll admit, I don’t read everyone in the SBN. But I have readers who like the SBN, and it costs me little to help them out by making the Emergent Chaos feed part of that feed as well. So why not?
March 20, 2007 at 5:02 pm
Adam,
I honestly don’t have a good answer for that. I tried to answer it myself in my post here http://securitybuddha.com/2007/03/20/closing-my-loop-on-the-sbn-and-blogonomics/ but I am still learning about all this stuff.
It just felt like the right thing to do at the time.
March 20, 2007 at 6:09 pm
What? You actually tried to read the whole Sec Bloggers Network feed? This makes no sense – you read the people, not some kind of faceless network.
I won’t be leaving the network, but I won’t be reading it either
I am fine with my RSS reader and checking individual blogs.
March 20, 2007 at 8:40 pm
I know Anton, I am seeing the error of my ways now. I naively thought you were meant to contribute, shake things up, help establish equilibrium and not a status quo; make things better and not settle for mediocrity, not just consume but participate etc.
I am truly shocked by the number of people who can mail me with a “good on you, exactly my thoughts” but can’t add the same with their name in my comments….. Oh well. I am learning lots so its all good.
I guess I have been consuming from your blog from a while and never as much as made a comment so I really should know better but….C’est la vie, mon amis!
March 20, 2007 at 10:28 pm
I agree with you Mark. There are several people who I’ve just stopped reading altogether because I’m tired of hearing them and two some just keep rambling on about the same stuff over and over again. I do my best to only comment or blog about subjects I have a firm understanding of, and not just repeat what came out of some random joe’s ass.
There are 65 blogs on the SBN and I subscribe in my own reader to about 10-15 of them. There is just too much to read, and I usually I find myself marking “all as read” and not wasting my time with it. If I didn’t, RSS would consume me entirely!
March 21, 2007 at 8:03 am
Thank you Marcin.
Adam et all, I have now had some time to digest and I think the reason I didn’t just leave it there is this.
Having now had 10 of the 65 folks mail me directly (I think I could reasonably extrapolate that maybe 15-20 therefore think the same) and tell me they don’t read it either for the very reasons I mention. Surely if you publish something you want to be proud of it and want it to be something you would read yourself? I fully buy Adam and Antons arguments above but it just doesn’t feel right publishing content that I would never read myself in the form it is presented to users. Here is an analogy (with some obvious humor and lack of seriousness). I am spending the year in France and am quite a wine buff these days. Thats wine, not the sugary sirup you prooduce in Napa for the American pallete
If I were a good domaine producing fine wine, should I be happy if it were added to a blend and sold on? You could argue as Adam does above that if people are drinking it then who cares. But is the essence now a cheap blended wine or part fine wine?
March 22, 2007 at 7:39 am
Great post. I am glad to see yet another person seeing through the constant bullshit that is this industry and most of the self important bloggers in it.
Cheers!
December 15, 2007 at 11:50 pm
very interesting, but I don’t agree with you
Idetrorce
December 10, 2008 at 4:17 am
Rather than an aggregated feed including every post from every blog in the network, how about an edited feed (as you have suggested, Mark)? Or, if this is too much work (and it might be unless the economics and ad revs make sense), how about taking the best feeds and putting them through FeedHub. This is what I do and it works great for me.
See this: http://www.feedhub.com/iris/feeds/23381?c=61ed91615ea696bce4bc3adb9397c63eac7a4e8e299b2fcd7f3b1e538c74023c