Chad Perrin: SOB

3 November 2009

Think Security

Filed under: Cognition,Geek,Metalog,Profession,Security,Writing — apotheon @ 04:18

A few days back, I quietly launched a new security Weblog I’ve decided to call Think Security, for lack of a better name. The inspiration for this new Weblog was actually a case of turning lemons into lemonade, so to speak, because it grew out of the desire to do something I was essentially being told I couldn’t do any longer in the venue where I have done so in the past.

That probably seemed pretty cryptic. I’ll try to be a little more direct:

I’m the primary IT Security writer for TechRepublic. Some things have been changing there in terms of how the site and its contributing writers (like me) are managed, and the way TR presents itself to the world. I suspect some of this has something to do with the fact that TR’s parent company, C|Net, was bought by CBS. That network of sites is now grouped under the heading of CBSi, or “CBS Interactive”, along with the rest of the CBS online presence.

One of the recent changes — a change that was announced just last week, in fact, and was apparently effective immediately — was a requirement for increasing the percentage of writing that constitutes “actionable content” to at least 75%. By my understanding of things, “actionable content” is basically corporate buzzword code for “howtos and checklists”. Apparently, the TR format is moving a little further away from things like news, opinion, and discussion of principles.

It’s that last part that really bothered me. I take a principles-based approach to security, because I believe (as I stated in the About the Site page at TS) that it is important for people to learn principles that will serve them well in a variety of circumstances rather than just memorize rote behaviors that are considered “industry best practices”, to be used once and thrown away without thinking about what you are actually doing in each step of the process or why you do it that way. The moment your focus on security has been reduced to knee-jerk reactions based on popular practices indoctrination, you have begun losing the battle for security.

I posted a new TS article today: Update Cautiously. If you are one of my readers at TR, I recommend you add TS to your reading list as well. In the future, material that is not appropriate for a given article of mine at TR because it is not specifically “actionable content” will get shunted into TS instead. In some cases, where I would previously have written an article for TR about principles first and, later, written one about specific implementation practice based on those principles, I will now write the former for TS and the latter for TR. The idea is to create a mutually complementary relationship between my articles at TS and TR, so that each will benefit from traffic directed to it from the other — and to actually better focus the direction taken with my articles in each venue.

This will mean a substantial increase in the amount of time and effort I have to put into writing security articles, of course. I expect it to double my article writing workload. It’s something I feel I need to do, though, because I am not content to merely let the principles of security I feel a need to share evaporate just because there isn’t enough room in TR amidst the actionable content any longer.

That’s not to say that TechRepublic is necessarily doing anything wrong. Every site needs its business model (if it’s a business) and its subject focus (unless it’s SOB, apparently). Without that focus, it becomes too scattered and vague in terms of the content it provides to really grab a strong, core readership, or to set itself goals for refining policy. It’s not like I haven’t written howtos and checklists for TR in the past, anyway. The increase in percentage of the total that needs to be actionable content, however, leaves a type of writing that is very important to me largely unaddressed. With the addition of Think Security to my lineup of writing outlets, this is ultimately more of an opportunity than a bandaid. The cure is, in this case, better than never having had the disease in the first place, to mangle a metaphor.

Of course, a little bit of real thinking will still sneak into my howtos and checklists at TR, I’m sure. In fact, it’s likely that my next article there will contain some hints of what I already said in Update Cautiously at TS.

Now that I think about it, though, it would be nice if this didn’t happen concurrently with National Novel Writing Month. My writing output already at least doubles in the month of November each year, even when I’m just using NaNoWriMo as campaign preparation for a roleplaying game, like I am this year. I’m not as serious about cranking out the word count this year, though, so if one of TR, TS, and NaNoWriMo has to get neglected this month, it’s not going to be either TR or TS.

In fact, so far I’m just kind of keeping pace with the daily necessities of being on track to complete 50,000 words in 30 days. Last year, I tended to stay quite a bit further ahead of the curve than that. I guess we’ll just have to wait and see how it goes.

All original content Copyright Chad Perrin: Distributed under the terms of the Open Works License