[This is not me piling on to the woes of Theranos or its CEO. It’s not. Well, it is to the degree that you can’t draw analogies without pointing out some embarrassing truths, but let’s be honest: we have all, like Fox Mulder, wanted to believe in something fantastical, despite all signs to the contrary.]
Credibility Matters. Any product, any service, any methodology that promises the world – or something akin to it – should be viewed with a jaundiced eye. If the driving force behind said promise is effectively a random stranger, even more so. Cyber security has been studied to death. The idea that one person has uncovered something no one else in the field has figured out is so unlikely you almost have to assume they’re full of ****. I worked on something that was thought to be novel. Turns out it wasn’t, which means we were on to something, but it could be argued that better or at least faster minds than ours were already on the case.
Enablers Are Evil. When the unit of measure is “billions” all sorts of yahoos will come out of the woodwork. Most of them are there because you’re measuring things in billions, not because what you’re doing is actually worth billions. In the case of Theranos they’re worth nothing and have been for a long time. In the security space it is rare to find a company whose valuation is not by and large aspirational. Those doing to assessing really have no idea if those solutions will stand the test of time. And by “time” I mean “the point at which customers realize they’ve been had.”
The Importance of Being Honest. People are putting their trust in you; you owe it to them to be honest and forthright. When over 90% of “your” work has nothing to do with what you’ve sold people on, that’s what most people would call fraud. You exacerbate the problem with half-measures and stalling tactics, so not only are you a liar, you’re sleazy as well. How is that helping the cause exactly? Are you in this business to have an impact or are you just here for the paycheck and what passes for fame? It’s OK, we’re all only human, just be up front about it.
I have to imagine that in the beginning everyone starts out with the best of intentions, but given the nature of the work and the potential impact it can have, we need to hold ourselves to higher standards. If we’re not checking ourselves we’re setting ourselves up for a situation where checks will be imposed upon us by people who know very nearly nothing of what it takes to succeed, much less advance security.