[HN Gopher] Ask HN: Mental Health for Hackers?
___________________________________________________________________
Ask HN: Mental Health for Hackers?
We live in interesting times as hackers. The Internet has empowered
us like never before and everything these days is unprecedented and
very powerful if used correctly and wielded correctly. `With great
power comes great responsibility`. But I've been thinking lately,
with everything so polarized, and all the different factions
warring against each other, and the organized chaos we live in, and
the caffeinated hyper connected world we live in: it can wear us
down if you don't disengage from it often, or try and tame our
information diet we are all accustomed to. Every day I chow down
on so much documentation, security vulns, looking at code looking
for defects (and there are plenty of defects to find!) and I
realized everything is broken in some way. Hacking or more
precisely infosec for me is the art of exploitation. `How can I use
this to my advantage?`. But at any given moment I could go full
blackhat and pull off serious damage if I wanted to, but I'm an
ethical hacker, so although the temptation is there, I don't
proceed further and either 1) report it or 2) sell my exploit
legitimately to an 0day broker 3) write a huge blogpost
embarrassing the vendors(s) when option 1 or 2 doesn't work. But
all this is disheartening. Roughly ~90% of what I do is hobbyist
projects I work on in my free time, and the rest is bug fixing,
patching, reporting, etc It's the extra 10% of 'brokenness' that
pisses me off. We like to think we can have nice things, but
infosec is a dumpster fire, a raging mess we find ourselves in
because people are getting away with it (look at the ransomware
scene now, it's booming). All this takes a toll on mental health.
I could choose to ignore it, but there it is, the elephant in the
room. People, companies, vendors, core infrastructure like
hospitals, fuel pipelines; all getting pwned left right and center.
And that's just ransomware. Cybercrime in general increases
exponentially each year and it's getting worse. I try to help,
writing tutorials on how to do defense in depth, zero trust
manuals, best practice tutorials etc but it's still getting worse.
Are there any tips on good self-care tactics I can use to disengage
from all this and not think about it too hard? Any mental health
'hacks' to approach a broken world? Ways to approach the rising
amount of cybercrime news and shit-storms I encounter everyday?
Author : WallyFunk
Score : 6 points
Date : 2022-05-20 22:24 UTC (36 minutes ago)
| Mountain_Skies wrote:
| Security cannot be perfect and it's unfortunately that there's
| often an expectation for it to be. Even if perfect security
| cannot be achieved, there is value in creating obstacles.
| Sometimes the obstacles might not be enough and an attack ends up
| inflicting damage. Sometimes they'll reduce the damage, sometimes
| they'll give you time to erect better protections or move the
| protected assets. Have realistic expectations for what is
| possible and expect that sometimes others will not recognize this
| value.
|
| You are not an island. You cannot make perfect walls on your own.
| Others will sometimes falter. You will sometimes falter. Some
| attacks will be successful. Sometimes you will get undeserved
| blame. Understand the reality of all of this and decide if you
| can handle that or not. You can't change the behavior of the
| entire world but you can help keep at least one corner of it
| safer than it would be without your efforts.
|
| Much of this might sound like platitudes but for your mental
| health, realize that even if you're only having a small positive
| impact, it's still just that, a positive impact. If that's not
| enough, then perhaps there are other areas that are better suited
| to your gifts and needs.
| moviewise wrote:
| For mental health self-care, I sincerely recommend watching
| uplifting comedies and immersing yourself in laughter (movie
| therapy):
|
| https://moviewise.substack.com/p/the-meaning-of-life
| dogman144 wrote:
| Two things have worked for me:
|
| - rationalizing leads to increased personal agency: you now know
| enough about a topic to know how things actually work, vs. how
| the abstraction talks about it working. You've jumped over the
| abstraction wall, and that's a good thing - you're playing with
| the real deck of cards now. Would you rather be blissfully
| unaware and have your world ended by one of these security
| events, or be aware and take meaningful risk controls to protect
| yourself and your relevant loved ones. I will say with technical
| knowledge I have, buying older, less connected cars and doing a
| little bit of emergency prepping suddenly doesn't seem at all
| insane. Pre-UKR war, I pulled out cash from ATMs in the event
| NotPetya 2.0 was unleashed. It sounds nuts except for the fact
| that NotPetya shut down Maersk and iirc FedEx.
|
| - align incentives: tech is a business. tech is a business. tech
| is a business. in the most cyncical but still accurate
| evaluation, it is run by MBAs/Lawyers/product owners/ex-founders
| who joined the dark side and leverage idealistic "for the love of
| the tech" types like yourself to build great products... which is
| not always great tech. find places to work at that have the
| maximum incentive to take security seriously, and the security
| profession suddenly will suck less. parts of government,
| cryptocurrency exchanges, ICS firms like Dragos, places like
| that.
___________________________________________________________________
(page generated 2022-05-20 23:01 UTC)