I do it for the Lulz

I've always done for the lulz.   Security that is.  When I lecture to students up at UW, I try to warn them that don't do this job for money. 

Anyone going into infosec for the money, the prestige, or for the job security is seriously misguided.   I tell them the only reason I do it is for the lulz.  I warn them to prepare to face the humiliation of having a server hacked, the terror of knowing the bad guys will outspend and outlast you, the tedium of when nothing happens and the crunch when you need to justify every thing you've done to an auditor and the budget axe.  It's tough, it sucks, it's relentless, and I still love it.

What are my lulz?  The thrill of the chase. Heck, forget the chase, how about actually taking down some bad guys?

Besides the sexy stuff, I also get lulz making an organization safer… or even if it's just a friend of the family that needs some malware scraped off their machine.  Sure, it's tough work but it feels good to make the world a little safer, a little saner when you're done.  And knowing that you've deprived some creep one less victim.   Lulz.

I get my lulz designing new systems, making the strong, making them resilient, making them better than they were before.  And digging deep and figuring out where the holes are, where's the best place to fix things, and then working on presenting that to the people that care.  Even more fun than all the puzzles and video games in the world.


Technology, and especially information security has always been more than a job to me.  More than even a career.  It's a calling.  Don't tell my boss, but I'd do this even if they didn't pay me.  It's what I do.  I can't help it. 

And to those who say we're losing the war.  Whatever.  I've been hearing that for years.  The world hasn't ended.   I know that more systems than ever are online now and somehow we failures are still protecting a majority of them.   I know we'll be always outnumbered always outgunned.

That's what makes it a challenge.