A week ago, I had the unique privilege of declaring the second Great Purge of the Platypus Initiative. Among the other Australian information security communities, this concept is unique to us – a time when all “idle” accounts are deleted from our Slack channel, and if they have access, our other resources.
To give an idea of the scale of this exercise:
Of a community of just over 200, 68 is a sizeable number to remove. Why do we do this to ourselves?
The Platypus Initiative was created as a highly participatory environment, where we help each other build knowledge.
Just over a year ago, I had the pleasure of taking part in creating the first iteration of the Platypus Initiative, a small group by the name of Let’s Just Hack Shit. Initially, this group was intended to bring together like-minded individuals who could work together in pursuit of pure technical goals, all together contributing their specialist knowledge for the betterment of our members.
We distinguished ourselves from other communities by this mantra alone: that is, where other groups often tried to be everything to everyone, we focussed on technical excellence above all else, applying ourselves to the arduous trek of self-improvement.
All were expected to participate – at the time, we agreed among ourselves that we would put time and effort into bettering ourselves, as opposed to sitting in a presentation, intellectual begging bowl in hand, only to forget everything as we drunk ourselves senseless by the evening’s end: as was the tradition in the local information security scene.
It is with some pride that I look back upon that time, when we were but a handful in number, and our chat channels filled with technical content to some extent.
In growing, we have become complacent. In embracing community, we have forgotten the ideals which brought us together.
Over the past year, it has become increasingly apparent that we have strayed from this initial ideal. Personally, I think this is a natural result of the growth we have experienced – as we have grown, we have diversified our interests, and now serve more as community organisers rather than technical drivers.
If I had to search for a word to describe this condition – “complacency” is the first that comes to mind. In growing, we became lazy and idle, and unable to drive the technical content so sorely lacking locally. In embracing community, we have begun to sit on our laurels.
This is not “wrong”, per se: merely disappointing. We are still doing better than the hilarious intellectual tick-box exercise that passes for commercial penetration testing nowdays. Someone complained to me earlier in the week that commercial penetration testing did not allow him to “learn” – if you want to really learn about infosec beyond a certain, unspoken limit while pentesting in Australia, go home and jerk off instead.
To be clear, I’m not implying there’s no good pentesting teams in Australia. There’s some good places to work, but extremely few manage to (or have a need to!) push the envelope. Nor am I implying that people don’t have a desire to learn – ultimately, Australia suffers from a problem of scale, where there is simply no requirement to push beyond the established norms of industry.
I do, however, mean to say that people simply neglect to try. Cool projects are happening out there, all it requires is a willingness to apply themselves and a base knowledge of programming (i.e. C, or “low-level systems programming” in today’s parlance, once known as “regular programming” or “high-level languages”).
Still, while I don’t have a solution, my message is not one of hopelessness:
It is time we refocused the community again – we grow together, or we suffer slow death-by-no-content like everyone else.
For those of you who have been with us through the two Great Purges we’ve had so far, this line will be familiar to you. It is the third and final pillar of our Great Purge strategy: that is, in proactively removing idleness from our ranks, we give ourselves opportunity to refocus, and reapply ourselves.
Unfortunately, this approach doesn’t scale. Such Great Purges are often announced with some fanfare, and for a week or so, technical content comes to the fore once more – before everyone resettles into their comfort zone.
Most importantly, this includes us – and among organisers of communities, stagnation is death.
To me, it is time we looked beyond our local communities for a more sustainable solution, and in doing so, challenge ourselves and our achievements. As Platypus – as a community, by pooling resources, we have given ourselves the ability to do this – whether this be internet-based collaboration (RIP. Platypus Facts Show) or hopefully flying people into Australia to speak in coming years. If anything gives me hope, it’s this.
As for the here and now – the meager handful of you willing to make sacrifices in order to reach for technical excellence, let’s take this opportunity to refocus ourselves and strive ever onwards.
As for everyone else, may you take this opportunity to reflect, and consider the possibilities open to you, if you were to reach beyond the scope of what your day job would have you do.
See you all at BSides.