As you work in the Information Security field, you realize you can classify your peers into three groups. I guess the title gives away what they are.

But it is true. You have the mil-intel-nation-state-attack-vector types. They think of Information Security as an extension of warfare in virtual space. They are often very strong on defensive architecture and the smart ones are generally trying not to get too excited by STUXNET and FLAME because they know that code could get pointed right at them. But they love the idea of offensive infosec. These individuals are not always former military and former military personnel do not always bring this mindset with them.

Then you have the Power Rangers. You know them. They are always combining different things, looking for what works. More fluid than the SWAT team types and perhaps they take more shortcuts/risks. If you think of the difference between an engineer (I measure it and reach a conclusion) and an analyst (I work with the best data available and reach a conclusion) then they are the analysts. When they think about STUXNET and FLAME, they think “I hope the guys who wrote that keep it up and are always on our side”.

Finally, there’s the nerds with an edge (maybe they’re like Dilbert, but not always). They are not out there getting all worked up about, well, anything. They are the calm, steady information security analysts, consultants and engineers. You can’t tell them from other IT workers EXCEPT when they encounter a bona fide threat. All of a sudden, they become efficient and, mostly, heartless. When they get near the idea of STUXNET or FLAME, their only thought is “what is the risk I need to worry about that?”

Now I am, of course, tempted to name names. So and so is such a Power Ranger (even though he was with the NSA). That guy at that government agency is such a nerd (even though he is former military). That high powered consultant is just a nerd with an edge. But I’m not trying to start a conversation about “celebrities”.

Also, you may have noticed that I did NOT compare information security professionals to their adversaries, the criminals and hackers. That’s a different subject and “every cop is a criminal” is a bit of a worn out subject I think.

Finally, some caveats: like all generalities, these only go so far. To be really successful in a complex environment, an Information Security professional takes on each of these persona as fits the situation. And an individual can be any or all of these three and just be terrible at what they do. Being a Power Ranger doesn’t make you creative, but being creative usually leads you to be a bit of a Power Ranger (I use my mind and I transform!). Wanting to employ structure, discipline and seeing the world as a “theater of operations” doesn’t make you adopt a cyber-warfare approach to information security, but what other conclusion could you draw given your tendencies? And the vengeful nerds? All I can say is you have to watch out for the quiet ones.