cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

The "Community"

I was relating the latest on the ISC2 "community" to Gloria, and she noted that it has been created in the image of "social media."  Social media is, of course not designed to foster communication, but to create the illusion of social interaction, even when none is taking place.

(She was kind enough to refer to a piece I wrote 33 years ago, after I had been on the net for a few years, noting that certain design factors in messaging systems did actively foster misunderstandings.)

There have always been social aspects and interactions in all communications systems.  Email emables lots of interactions between friends, quite aside from all the business deals being arranged.  Usenet was very social.  (Possibly still is, for the 17 people who still use it.)

But the hard core social media platforms, like Facebook, Twitter, Pinterest, and Instagram, are specifically built to make it look like you're communicating, even when you're not.

For example, there is the ease of making a post.  About anything.  Show people a picture of your breakfast.  And, the thing is, that "show people" may not be true.  Just because you've posted, doesn't mean anybody has read.  Even if you've got "friends" or "followers," are they reading what you post?  Ease of posting does not translate into ease of saying something worthwhile: it usually just makes it easier to post any random thought.  Thus making it more likely that what is posted is not worth reading.

That is true even if they "like" (or "favorite," or "kudo") your posts.  We were recently required to join Instagram in order to "follow" the kids and grandkids.  And we were instructed that Instagram etiquette requires that we "like" every post and picture.  So we do.

(Actually, "we" is misleading as well.  The account is in my name, since Gloria doesn't want to join any social media systems.  But Gloria is the one who actually checks it, "likes" everything [in my name, remember] and alerts me to any pictures that aren't just a bunch of friends sitting about a table at some generic bar.)

This etiquette about "likes" is undoubtedly by design.  You will note that there is no "dislike."  (Yes, I am well aware that a dislike button would be abused.  In a sense, that's part of my point.)  People on social media want to "like" everything so that others will "like" everything, including posts the poster has made (but that possibly nobody has even read).  "Kudos" are, therefore, pretty close to being meaningless.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
30 Replies
Baechle
Advocate I

Ok folks.  I think I have the complaint boiled down here...

 


@vt100 wrote:

Have to agree with you regarding "kudos" and "likes".

The only true indicator of meaning is the engagement by the others on the platform.

Unfortunately, so long as there is an algorithmic sorting of the posts involved, those that have more views, likes or kudos would advance to the point of making all other content invisible.

 


Is what you want for the default display for sorting of posts to be "Recent Activity" as opposed to "Kudos"?

 

Hitting that drop down box and changing the sort to "Recent Activity" is one of the first things I do when I get into these forums.

 

Maybe we should propose that as a recommended change?  This is our community.  (ISC)^2 is doing this for us.  Let's take some ownership over what it becomes.

 

Eric B.

rslade
Influencer II

So I

 


@rslade wrote:

 

Speed of access to info, for one thing.  As previously noted, the overall design and method of sorting and posting makes it almost impossible to quickly get an idea of what has been posted recently.


and @Baechle answered:

 

Use the Community home page.  The main part is divided into two sections.  (1)  "Latest Topics" which can be expanded to see things in reverse chronological order to when they were posted. 

Unfortunately, "Latest Topics" lists by when the first post was made. If a discussion is still active, it's going to get lost.

And, (2) "Hot Topics" which can be sorted either on the basis of how many "Kudos" it got (is this part of your contention with this system?)

Definitely.

or using the drop down, by the recency of the last post (my favorite sorting method).

OK, that could be useful. But why do I have to search for odd little hacks to the system in order to use it effectively?

Searching is relatively easy too.  There's a search bar at the top.  The Forum is indexed by Google, and by the way that means they're also publicly viewable through Google.  Thus, the beware of your conduct here!

Yet another reason this is not a professional system. The CISSPforum is private. We get to discuss our concerns.


@rslade wrote:

 

(Also, how on earth do you get the quote function to work properly?)


"Um....  Uhhh.....  .... Press the button that says Quote?  I dunno."

 

So I did that.  Then, trying to do some interline comments, my stuff just got added to the quote.  So, being an old dinosaur, I dropped into HTML, with the results you see above.  It's possible, but it's not particularly pretty, or easy.  It's not a great editor for trying to interact with what others have said.


 


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Baechle
Advocate I

Robert,

 

Honestly, I don't particularly see the need to use it (Quote).  I have my default sort on messages inside a Topic into Threads instead of Chronological.  So the Quote feature is a little less necessary.

 

I forget where, but recently someone said they were having a hard time following a discussion so... I went in started using it.  I could take it or leave it.

 


@rslade wrote:

Yet another reason this is not a professional system. The CISSPforum is private. We get to discuss our concerns.


I'm really sorry, but I still don't understand what you're basing the requirement to be private on.  We're here, discussing our concerns and having academic debate as professionals.  Is there something you're doing there that you're not doing here for some reason?  I mean seriously, are book reviews for CPE and jokes about our kids and grand-kids really that offensive that they need to be kept private?

 

Eric B.

 

rslade
Influencer II


@Baechle wrote:

Robert,

 


@

Searching is relatively easy too.  There's a search bar at the top.  The Forum is indexed by Google, and by the way that means they're also publicly viewable through Google.  Thus, the beware of your conduct here!

 


 

Gee, thanks.  This makes me feel so much better.

 

The "community" is searchable on Google.

(Yes, really.  Go ahead, try it.  Search:
"Show Us How You Enrich. Enable. Excel. & Earn Badges in the (ISC)² Community!"
You will find admin Samantha O's original post--plus all the replies.)

Apparently this searching ability is somewhat limited.  (Both on Google and in the "community" itself.)  Main subjects for postings seem to be searchable, but not content, or, at least, not content in replies.  (Although, as noted, when you search for the subject, you get the entire post and all replies.)  I did some tests on the community search function, using text as it appears in specific replies, and apparently neither Google nor the "community" can find them.  I'm sure if I feel better that our replies can't be searched, or incensed that the "community" search function is so useless.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Dain
Contributor I


@Baechle wrote:

 

What elements or changes to this forum do you think are necessary to make it cater to professionals?  


how about not utilizing irrelevant metrics to prioritize posts and posters? (e.g. kudos) 

 

 

 

Does open in your mind translate to unprofessional?  


Why are you even suggesting this?  I said nothing implying any such thing.  That being said, the relatively low expectation of a forum of my peers, who I can reasonably expect to have at least agreed to ISC ethical standards suggests a level of discretion when talking about potentially sensitive subjects that I don't immediately feel is represented in this far more open community.

 

 

I am a member of several other professional communities.  The hallmarks of value in these communities is the sharing of information and the promulgation of expertise, including to and among those that are not certified.

 

 


I guess the issue comes down to the perceived notion (maybe I mis-read the cissp forum announcements, or read into them too much) that this is a good replacement for the previously mentioned CISSP Forum, which, while numerous folks have requested ISC put some effort in to, seems to be lost in preference of what seems to come down to a popularity contest in this diluted facebook for infosec. In my mind a better option may have been moving the existing CISSP-forum to a better home, and adding a pre-cissp forum (I'd join, hell I'm posting here even tho i find it irritating to navigate, and quote). 

 

Because this forum is actually managed by (ISC)^2, the qualification status of folks posting can be verified to much higher level of confidence.  Members of (ISC)^2 and certification holders are given "badges" that clearly indicate the credentials they hold.  


And who do you think managed the original CISSP Forum? 

 

Badges? If you think badges maketh the professional, I think we have a very different level of criteria for confidence level, if only there were a furby badge (and for whomever posted it, a seinfeld badge) I'd also suggest passing the CISSP represents, minimally in theory, a higher level of competency than not. If that is not the case then we ISC probably has a bigger problem on its hands.

 


 

 Additionally, closing the community would prevent the input from fresh minds not necessarily put into the rut of and bias from rigid CBK thinking.

Again - who said anything about closing the community? I certainly didn't. 

 

I can't figure out if you are mixing up replies, reading something into what I've written that simply is not there, or just passive-aggressively including extraneous unrelated information in an attempt to try and paint me as the bad guy, against openness and sharing.

 

I have to guess you have never bothered to get involved with the current CISSP forum, I can tell you quite assuredly, if theres a place you are likely to tun into the "rut and bias from rigid CBK thinking" it is NOT the existing forums.

 

/d

 

Dain
Contributor I


@Baechle wrote:

I'm really sorry, but I still don't understand what you're basing the requirement to be private on.  We're here, discussing our concerns and having academic debate as professionals.  Is there something you're doing there that you're not doing here for some reason?  I mean seriously, are book reviews for CPE and jokes about our kids and grand-kids really that offensive that they need to be kept private?

 

Eric B.

 

If you can't see how the differences in confidentiality in a private information security forum vs a google searchable public forum could impact the discussion of sensitive topics, well let's just say that sort of makes Rob's competency point.

 

There have certainly been discussions in the past that would easily qualify as something I would not want globally searchable by employers/vendors/general public, so I certainly wouldn't bring them up here.

 

The assertion that nothing on the existing forum has been deeper, or more in need of a reasonable expectation of confidentiality, than cpe reviews and kid jokes is absolutely ridiculous.

 

You do a good job making completely irrelevant comments to paint a false picture of the people on the other side of the discussion, how about you stop?

Baechle
Advocate I

Dain,

 


@Dain wrote:

I guess the issue comes down to the perceived notion (maybe I mis-read the cissp forum announcements, or read into them too much) that this is a good replacement for the previously mentioned CISSP Forum, which, while numerous folks have requested ISC put some effort in to, seems to be lost in preference of what seems to come down to a popularity contest in this diluted facebook for infosec. In my mind a better option may have been moving the existing CISSP-forum to a better home, and adding a pre-cissp forum (I'd join, hell I'm posting here even tho i find it irritating to navigate, and quote). 


I don't think you mis-read the announcement.  That's what I understood too.  That being said, as I said before, this is our forum.  I understand (and I'm sure the Community Managers) that you don't like something, but we haven't really figured out what that is, yet.  This isn't just what it is -take it or leave it- ... it's a framework to build something new, something yours.  (ISC)^2 is actively taking requests to make it what we want - but you have to articulate what it is.

 


I can't figure out if you are mixing up replies, reading something into what I've written that simply is not there, or just passive-aggressively including extraneous unrelated information in an attempt to try and paint me as the bad guy, against openness and sharing.

Maybe I am mixing up comments.  I'm not trying to be passive-aggressive, I am honestly at a loss of what you consider professional vs unprofessional as a forum goes.  As I said, I am a member of other communities where both certified and non-certified guests are free to post and comment.  Those other communities are sensitive as they deal specifically with forensics, and methods for both detecting and hiding fraud and finances.  When, as professionals, we need to talk about non-public things then we side-bar the conversation through the phone or other means.  If they aren't good for the public, then they aren't good for the closed community either except as a gossip piece.  

 


I have to guess you have never bothered to get involved with the current CISSP forum, I can tell you quite assuredly, if theres a place you are likely to tun into the "rut and bias from rigid CBK thinking" it is NOT the existing forums.


Not quite, but I haven't participated with the old community recently.  I lost interest precisely because it was a closed community. 

 

Back in the day (2006) I worked for an Inspector General and was doing research on the security of authentication systems for the reasons that make up the new NIST password guidelines today.  I turned to the CISSP Forum, and was inundated by people that wanted to quote entropy statistics and reference their own books and publications rather than discuss practical application or solve real world problems.  Nobody had any practical or real world input, and so it had no value and I departed.  I ducked my head back in over the years but the only thing I saw was Book Reviews for CPE about topics I had no interest in, nerd jokes, and "I told ya so" pontification about recent breaches in the news.  Again, no value.

 

I use the guise of "rut and bias from rigid CBK thinking" to cover my extraordinarily negative perception of the CISSP Forums above.  But, I guess now you know what I really think.  😄

 

Sincerely,

 

Eric B.

 

 

Baechle
Advocate I

Dain,

 

Do you know what an Ad Hominem argument is?  It means when you attack the person making the argument, instead of making points about the argument itself.  It's usually a sign of desperation and lack of a valid counterargument.  

 


@Dain wrote:

If you can't see how the differences in confidentiality in a private information security forum vs a google searchable public forum could impact the discussion of sensitive topics, well let's just say that sort of makes Rob's competency point.

I've asked you several times to explain what your rationale is for wanting the forum to be private.  And now, you only do so by couching your explanation in a personal attack.  EDIT: To be clear, I never intended on disagreeing with your rationale.  I was approaching this as a discussion of your choice of mitigation.  /EDIT  This is exactly the reason a professional forum deserves to be public... because in a private forum this would literally degenerate into a popularity contest rather than a discussion on the merits of the argument itself.

 


There have certainly been discussions in the past that would easily qualify as something I would not want globally searchable by employers/vendors/general public, so I certainly wouldn't bring them up here.

 


Now that you've actually finally come out and stated your rationale - as a creative and intelligent person, can you think of any alternative solutions other than making the forum closed and private?

 

How about adding the option to post anonymously to remove attribution of a question?  Would that, in your mind, make a valid change request to the Forum Operators?  How about adding a private messaging system that isn't searchable... Oh wait, that's already available here in this Forum.  Or will nothing but closing the community work for you?

 


The assertion that nothing on the existing forum has been deeper, or more in need of a reasonable expectation of confidentiality, than cpe reviews and kid jokes is absolutely ridiculous.

 

You do a good job making completely irrelevant comments to paint a false picture of the people on the other side of the discussion, how about you stop


Dain, that has been my experience with the CISSP Forum.  I have conceded that I haven't actively participated in the last several years.  Until a few months ago, I continued to get emails containing message digests, and when I randomly browsed them my description of CPE book reviews, etc. in the previous post is factually what they contained.  I may have simply been unlucky enough to randomly open only those digests that had that content, but that is the basis of my perception and lack of value in the old CISSP Forum.

 

How about we find a way to stop looking at everything so negatively and find a way to constructively develop this Forum the way that would contribute to our community?  We have practically a clean slate to develop this the way we want.

 

Sincerely,

 

Eric B.

 

 

 

 

 

 

rslade
Influencer II

"Fire makes it possible for us to text and tweet and email and Instagram and Facebook and socially be dysfunctional with each other."

 

Rev. Michael Curry, May 19, 2018


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Dain
Contributor I


@Baechle wrote:

Dain,

 

Do you know what an Ad Hominem argument is?  It means when you attack the person making the argument, instead of making points about the argument itself.  It's usually a sign of desperation and lack of a valid counterargument.  



I do, and I'm fairly certain that pointing out how a comment that strongly suggests a lack of understanding of a fairly basic concept like the impact of confidentiality on open discussion does a pretty good job of making Rob's point about competency, and as such is not really an Ad Hominem argument. 

 

Obnoxious? yeah probably, but taken at face value, that argument is legit.

 

I hate the quote functionality so I'm going to skip it.

 

Signal to noise ratio is definitely something that the old forum has issues with, no question.  some people can't handle the silliness, some keep at it and get out of it what they put in. I've gotten a ton out of it (and have definitely contributed in good and bad ways to the s/n ratio) . I've also gotten some work, and made a lot of friends - some who I've been lucky enough to meet in person  I mentioned before I've gone back and forth with Donn Parker, theres a lot of things we do not see eye to eye on, but I've had interesting conversations with someone who did a lot for our industry (for anyone who does not know the name look it up, and the Parkerian Hexad.)  Then theres all the other curmudgeons (I found my tribe) who have been nothing but interesting to get into conversations with, and without concern for being publicly available those conversations can be a lot more open than might be possible here knowing a google search brings up everything said,

 

I don't necessarily want this forum to be private, I was originally pointing out my concerns based on ISC suggesting this was a good place to move the old forum. I do resent ISC management for ignoring repeated requests to update the existing forum and instead put this in, the UI is irritating, its more difficult & time consuming to scan thru, and its setup to ACTIVELY promote popularity based on # of posts (good bad or obnoxious, kudos - but no option for a thumbs down, etc.) . So now theres ~40 of us on the new cissp forum on groups.io.  (Which is monstrously better than yahoo) . IIRC that took maybe 2 hours of work.  But thats not good enough for ISC, because theres no kudos or badges? i don't know.

 

I've not seen the private forum devolve into a popularity contest, you can be as well liked as possible, and you;ll still get called out for being dumb. it has occasionally devolved into name calling, but for the most part (99% of the time) the worst that will happen is a bunch of like-minded individuals will all pile on to tell someone they need a good hard rethink (its happened to me, and thats ok, I learned something) . The digest version can make this worse as a bunch more people read the original post w/o seeing the slew of "duh" responses and pile on (yahoo freakiness can exacerbate the piling on issue as well)

 

1 more time, I never said close this community, I'm just irritated that this is what ISC created instead of finding some way (numerous have been posted over the years) or even making an effort from what I've seen to make the original more promoted, more relevant, etc.  

 

I'll probably stick around, but it certainly won't be taking the place of the original forum in my eyes.

 

1) make the UI more user friendly (quotes end up like the worst of MS Word)

2) make some effort to promote, update, manage the original forum like we've been asking for

3) Make it easier to browse threads

4) do we really require kudos and badges and other transparent marketing ploys to be involved?

5) dedicate a section to "studying", or infosec 101, etc. (maybe it exists, browsing is 200x more difficult than scolling thru the forum posts in my gmail acct)

 

 

/d