Security (CAN BE) an ART not a SCIENCE


This is far from a new idea, however it’s not something that is easily provable. So I had an idea this morning. I posed the following question on Twitter:


You know what I got in return? a resounding “No” from everyone. (well I had one outlier but, who doesn’t when you are trying to apply science to prove art) I challenge you to name another non-artistic career that people are so passionate about that they would stay in it even if they won the lottery.

Here are a few that I would like to highlight:









This was a somewhat surprising outcome. See a trend? Most people wanted to quit their jobs, and start their own infosec company. Why is this? Is it just “The American Dream” or is it because they are unhappy with the current people in leadership? Or is it simply the fact that they are hindered from actually pursuing and learning hacking/security at work? The world may never know, but I do implore firms to look at the retention rate of their actual talent. (No, I don’t buy into the No Infosec Peep left behind bull).

There is a rumor that Google has a practice. 2 hours a day, you (an employee of Google) are REQUIRED to work on a project of your own, that is in no way indebted or owned by Google, even after completion. I can imagine the above answers would change if that were the case where they worked. If their employers fostered learning.

As a result of Infosec / Hacking being an art, do we have our premadonas? Of course. But do we also have our Van Gogh’s and Michelangelo’s? Definitely.

But, time for a bit of a reality check:



Ya, you have NO idea what you would really do with millions of instant cash. I think the number is some 80% of lottery winners go BANKRUPT in the first 10 years. This is because you, and EVERYONE you have ANY connection to, goes absolutely crazy. To the point that there are lottery winner support groups.

However, the fact that people say it now, shows that they at least have the passion for the art. (or are just fronting)

Here some honest answers to even out the tide:







In conclusion, I believe that hacking is a science, until passion adds the artistic fire to the mix. At least that’s what I think, draw your own conclusions.

(That’s another thing I love about this field, you are constantly challenged to draw your own conclusions, to think, to learn, to improve, to be… better)