I am a terrible writer. I, like many, struggle for words and often put together sentences that are structured in such an odd way it is difficult for a reader to follow, let alone maintain their focus. As one might imagine, being a terrible writer is a pretty tough wrap for someone whose job is primarily based on their ability to express their thoughts through the written word. That is where I found myself in 2007 when I was working as an industry analyst for EMA.

At the time, I worked for Scott Crawford who is easily amongst the best writers in the entire security industry still to this day. Despite Scott’s constant guidance and best efforts, I could never write on a level that met his caliber. Not even close. Scott’s guidance, and likely frustration, were always summarized in a statement he would make that was as much of a wish as it was a statement…

“If I could just get you to write the way that you speak.”

Therein lies the problem however. I don’t speak professionally. I speak casually, in the first person, and with a pacing that more closely mirrors a student driver learning to work a clutch than a smooth running train. And so, writing is often discouraging and very difficult for me.

I have little doubt that this is something that has held me back in my career. When people seek guidance from leaders, they look for the most sophisticated, advanced person in the space. They look for Bruce Wayne to guide them, not the wisecracking, spastic, guy who wants to teach you everything they can as a friend instead of as a teacher.

I have no interest in being Bruce Wayne.

Frankly, I couldn’t be Bruce Wayne even if I wanted to be. Being constantly well-spoken and calculated is an affront to the neurotic wiring of my brain. My brain fires too quick to be well-spoken, and my calculation is more akin to continually failing estimates landing closer and closer to the right answer. I might have twenty wrong answers on my way to a really good one (seriously, you should see how I code).

From a professional perspective, the only thing that is exact about the way I function is that I function exactly the way I’m not supposed to. I am not pragmatic. I am not concise. I am not calculated.

I’m not Bruce Wayne.

But I can wear a tux, and that is at least something. In fact, if someone walked in a room and found me in a tux, they might not realize my lack of sophistication or that I wasn’t a pragmatist or that my writing was going to be gonzo as gonzo gets. In fact, they would likely not realize that my personality is more of a hoodie and jeans than it is shiny peak lapels.

So I should probably wear a tux every now and then.

And therein lies my point. In the security industry many of us, if not the majority of us, are fast movers and neurotic thinkers. Those of us that find ourselves in conservative corporate settings often are buried underneath those that fit the more ideal professional. The Bruce Wayne’s of the world.

So it is important for us to throw on a tux every now and then to play the game, live our expected persona. In a world that now offers endless opportunities to forgo the tux, it is important to make the effort. Skip the Youtube video and write the article every now and then.

Use the instant gratification outlets to provoke thoughts and free thinking, but every now and then, throw on the tux, fight your way to delivering a rare performance of sophistication, pragmatism, and calculation. Again, play the game. Write about a topic like a practiced professional. It’s important.

Anyways, that’s my point. Kind of a roundabout way to get there, right? Well, to be fair, one of the best writers in my industry always tried to get me to write the way I speak.

Categories: Free Thought


Michael is an Information Security Executive with more than 14 years of security services, security strategy development, risk management, security research, vulnerability management, threat management, incident response, integration, and network and data security experience. Michael specializes in Executive-level security advisory. Michael has experience within the financial, technology, retail, power and energy, healthcare and public sectors. He has previously functioned as a technical and practice leader of Managed and Professionals Security Services within IBM as the North America Director of Security Intelligence, as a Senior Threat Researcher on the IBM X-Force, as an industry analyst, and as public sector vulnerability management coordinator and incident responder.