Skip to main content

Episode #17 - Negativity is Bullshit


Ever met someone who’s seems negative all the time? The person who always has something negative to add to a conversation? 

These people are common, so common we have a nickname for them; “Negative Nelly”. 

You could be having the best day, then along comes Nelly. He/she shits on your parade and leaves you feeling gloomy. 

You don’t like Nelly, you don’t like talking to Nelly, and you certainly don’t like hanging out with Nelly.

We’re Nelly.

The information security industry is Nelly.

Don’t agree? How often do you read positive news about our industry versus negative news? Some recent headlines:

  • Online marketing company exposes 38+ million US citizen records.
  • Chinese professor on sensitive projects in US jailed for espionage.
  • Google removes Android app that was used to spy on protesters.
  • WordPress websites attacked via File Manager plugin vulnerability.
  • Vulcan Cyber study finds serious problems with vulnerability management.

We can’t help it, we're Nelly.

In our defense, this is the nature of our work. Information security is about managing risk and “risk” is always dependent on a negative outcome. What information security is and how we package it are two different things though.

How many times have we said things like these (or similar)?

  • “If the ^@&*! users would just stop clicking links!”
  • “People just don’t get it.”
  • “It’s a layer 8 problem. People are always the problem.”

The business doesn’t like Nelly.

Nobody invites Nelly to parties because dealing with Nelly is bullshit. The business doesn’t invite Nelly to their parties (meetings) because Nelly tells us why it’s not a good idea to do something or why we can’t do something.

  • No, we can’t do that.
  • It violates our security policy.
  • It’s too risky.
  • It violates regulatory requirements (GDPR, HIPAA, GLBA, etc.).
  • We can do that one thing but it’s gonna be a lot of work to secure it.

A business is in business to make money. Nelly is a cost center. Nelly is necessary evil, so we deal with him/her. Nelly is so damn negative though, so we're going to try avoiding him/her when we can.

Business users don’t like Nelly.

These people may be warming up to us, but that’s a helluva lot different than wanting to hang with us. Mandatory training, punitive reactions, etc. are common ways we engage. 

How do business users feel when we walk into a room?

Nelly doesn’t like Nelly.

Ever felt intimidated or dumb when asking someone a question or suggesting an idea or solution? Ever felt a little beaten up? 

It’s Nelly again. Nelly is a pain in the ass and he/she is bullshit.

So, what do we do about Nelly?

We’ll discuss this on tonight’s Security Shit Show! We’ve got some cool ideas, but here’s some to get you started:

  • Be intentionally positive even when delivering negative news.
  • Be aware of how your perceived by your audience.
  • Deliver value based on positive results not negative ones.
  • Make lives better, make businesses more money, and people will wanna hang with you (Nelly).


Chris, Evan, and Ryan will have some good shit to share!


Popular posts from this blog

Episode One is On!

We're ready to roll! The first episode of the Security Shit Show is scheduled for this Thursday at 10pm CDT. It's sure to be good entertainment watching three information security "experts" shootin' the shit about some information security topic that's bound to get one (or all) of us riled up. We're live streaming our episodes on YouTube, so if you're looking for some Thursday night entertainment, grab a drink and listen in. The YouTube live stream show link is here; The recordings, both video and audio will be posted shortly after the live show, so look out for those too.

Killer Robots? Oh Shit.

If you missed last week’s episode, the Security Shit Show crew tackled the difficult discussion about morals and ethics. There are two ways to treat you ears and/or eyes (not likely) to Episode #5, "Moral and Ethical Shit in a Shitty World" : YouTube (video) Podcast (audio) It was an really good episode. A little bit of shit-slinging, but mostly just great discussion and opinion. If you like our shit, you should subscribe to our shit. Subscribe on YouTube or whatever your favorite podcast thingy is. Rumor has it, the shit will only get better and better! Episode #5 - Killer Robots? Oh Shit. Alright, we’re ready for the next episode of the Security Shit Show! Shout out to a helpful (and maybe even loyal) viewer Robert Hodges for calling our attention to a neat article titled “ Should 'Killer Robots' Be Banned? ”. Do killer robots sound like a good idea to you? Think about it... Certainly, Chris, Evan, and Ryan will have a few things to say about the topic.

What's the Security Shit Show?

If you don't want your life to stink, quit standing in shit. The Security Shit Show is a podcast that three friends put together; Ryan Cloutier, Chris Roberts, and Evan Francen. We're information security veterans (some call us "experts") with more than 70 years of combined experience who have a lot of shit to get off our chest. The information security industry isn't all hunky-dory; we're doing a lot of things wrong and people are suffering because of it. You can be the "fly on the wall" or you can interact with us. Ultimately, this is your call. Here's the lowdown for our show... Name The Security Shit Show You can take this name two ways; either we're calling security a shit show, or we're discussing security shit on the show. The answer is "yes". Purpose Provide people with the real shit going down in our industry, and always discuss ideas about what people can do to make things better. This is not a