undefined | Better HN

0 pointswannacboatmovie1y ago0 comments

Getting paid to fuck off at conferences and hang out with hackers on the company dime instead of staring at a screen in a cubicle all day sounds pretty awesome. Do I detect some jealousy or resentment that you haven't mastered the art of the corporate grift?

0 comments

tptacek1y ago

This is like every software security team of every form in the whole industry. Sometimes it's real, sometimes it's not, but it's evergreen problem.

astrange1y ago

Similar problem when if you're an innocent software engineer who introduces a bug, the security people will find it, make up a fancy website and logo for it, go around giving conference talks about it, get bounties (or not), give each other prizes, post on Mastodon about it from their accounts with cool hacker nicknames, presumably go have Vegas orgies, etc. Nobody's doing that for you.

I think they could use a little more ritualized shaming: https://en.wikipedia.org/wiki/Leveling_mechanism

Only Linus is brave enough to do this.

Liquix1y ago

that's the thing though: security teams composed of grizzled talent absolutely benefit from going to conferences. they bring back what they've learned and leverage their new connections to bring more value to the company. so now you've got this industry-wide norm that the security guys are kind of out of pocket and spend a bunch of time at conferences, but they know their shit and protect the infra so it's all good. if it worked at the last X companies $CISO worked for so they're going to be hesitant to drop the hammer on the netsec team networking.

factormeta1y ago

practice of the art of the corporate grift does take a toll on one's soul. Usually only pyscho/sociapath can do master this and do it for a long time without any emotional/mental consequences.

j / k navigate · click thread line to collapse