Skip to content

How to destroy a community before it's even built

  • There’s a lot you can learn about a person just by the way they present themselves online - whether that is in a positive or negative light is really up to the individual posting the content. Several of my followers have questioned why I choose to part company with Peerlyst, and here’s why. Firstly, let’s understand the word “community”. Taken literally, it’s something like the below

    “The condition of sharing or having certain attitudes and interests in common.”

    Anyone calling themselves a community should abide by this basic description at all times. Especially the part “having certain attitudes”. It’s this very part of the description that is capable of destroying a community much faster than it takes to create one in the first place. It was always my dream and wish to give something back to the industry that adopted me at the age of 16 as a school leaver, and I promised myself that once I reached a plateau in my career, I would start giving something back in order to help others.

    This initial drive began in 2016 when I started writing articles for Peerlyst. The very first article I donated to the community here detailed the most common types of compromise, and what to look out for. Fairly soon, I was contacted and asked if I’d consider making this a featured resource that their community could use as a learning tool. Happily, I agreed, and began donating regular articles from my own blog for the benefit of their community. As a side point, there are several authors who write similar content for others, but it’s typically for a fee, or a mention in a larger community in order to promote that individual. This isn’t how I work. I’ve never chased glory - I get my satisfaction from those who read my articles, and engage in active discussion relating to the content.

    I always expected questions and dialogue arising from my articles. In most cases, the exchange of opinions, questions, and content in general made for a pleasant experience. Now, not every piece of creative writing inspires everyone, and I completely understand that. However, opinion can easily be divided when a specific response is used, and counter effective if the response hasn’t been well thought out before clicking that submit button. Written content often suffers from the same central ailment in the fact that it rarely conveys tone or emotion. When you read something someone else has written, it’s impossible to gauge body language or tone of voice. For this reason, diplomacy and a careful selection of words is often a good idea (also known as “think before you post”), as is reading your input before submitting it. Often, the first response to something isn’t always the best one, and you’ll find yourself effectively sanitising content before you submit after renewing it.

    However, the story (unfortunately) doesn’t end here. I was not on the receiving end of the diatribe about be unleashed, but watched (with a mixture of disgust and disbelief) as this whole scenario unfolded. The focal point of discussion was from this post

    Some of the comments left for the author of this post were in my view nothing short of disgusting to say the least. Here’s the opening comment

    Those are great academic credentials. Let’s talk about “in the trenches” experience. Were you ever an engineer or specialist hunting threats and vulnerabilities? Run a NESSUS scan? Perform threat mitigation? Get called at 3AM because your network was hacked? What I am seeing is a professional test taker and academic. Perhaps with a photographic memory and tons of charisma? Getting a PhD at an early age and knowing 5 different languages leads me to believe the previous sentence.

    Where is the actual, bonafide experience?As for your “acting chief information security officer for regulated businesses”, again, where is the actual experience? Anyone can be a CISO including a person with a Music background. Just saying.

    There was a comment from the original author of this post, but it has since been removed. It was essentially threatening the author of the above comment with a lawsuit for defamation of character. Unsurprisingly, the response below was then posted

    Feel free. I am well known on here. And your lawyer can contact me at the provided address. If you were truly serious, you would offer the proof I am requesting. I will gladly acknowledge your certification and knowledge when the proof is provided. But you have not done so and that is an indication of your true meaning. I doubt your certification as a CISSP and you have done nothing to prove me wrong. The truth is your only defense.

    I don’t claim to be an airplane pilot. I could not tell you how to land a 737. Why should you be any exemption to that? You claim to be a cybersecurity expert with a CISSP requiring 4 years of actual experience. Where is it? If you will acknowledge that experience, I will not only accept it, I will endorse you.

    Have you “attorney” bring suit against me here in the US (I’ll never travel to Singapore so that doesn’t matter). Have him/her contact me at my stated email address. I will gladly share my physical mailing address for service of process. I’ll encourage service! Let’s go to court. Perhaps I know the laws better than you in the US not to mention cybersecurity.

    As for Peerlyst, maybe they will see it fit to remove an individual who is a poser. A fake. A charlatan through her own lack of admissions. If they ask me to be silent on this, I will honour their request. It is their site after all. Guess we will need to wait and see.

    Is this really necessary ? Since when did we consider it appropriate to behave like Neanderthals by publicly humiliating someone else, then dragging their reputation through the mud ? This is when a so called community deteriorates to a battlefield, and if the moderators do not make an effort to ring fence “debates” like this, they quickly spiral out of control and dramatically damage what the community set out the build the in the first place. The best way to extinguish this particular situation is to disable the comments for that post. As a moderator, this is one the immediate mechanisms to prevent brand damage. However, this course of action was not taken, and incredibly, the moderators chose to actually engage in the debate. This was not a wise choice, as the participants then started to respond to the interjection and went off track in the process. Mediation is a powerful tool when running a community, but it’s effectiveness is severely impacted when you decide to air dirty laundry in public.  Why on earth would you want to engage in a debate with someone when they are clearly trolling someone else ? You’re supposed to actually prevent that from happening in my view. And this is the real reason why I will never write for Peerlyst again. They have knowingly damaged their own community - effectively allowing someone else to poison it’s integrity and standing as a reliable information source. I know of two others who have contacted me since my LinkedIn post detailing that I no longer write for Peerlyst, and expressed the same reasons as mine stated above.

    And so, on the 15th of November, I invoked my version of “Article 50”, and decide to leave the Peerlyst community by deactivating my account, and effectively, exercising my Right To Be Forgotten. For those who don’t fully understand the meaning of this, here’s a snippet supplied by the ICO

    The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

    I was contacted by Peerlyst the following day asking why I had deleted my account. I’m not convinced it was the fact that they were genuinely sorry that they had lost a member - but where more concerned that the content I had contributed over time was also deleted as part of the account deactivation procedure. Here’s some of the comments I received

    “I’m sorry to hear that you decided to leave for this reason. I understand you have your own initiative, which I hope will work well for you. However, removing the content which serves 100,000 monthly readers and 500,000 unique readers is a pity for those who come to Peerlyst to learn”

    My response was that all content I had previously provided is posted on my own site. It’s actually my work, and Peerlyst are no longer permitted to use it. I was also asked if I would leave my account in place so that they could retain the content. This concerns me somewhat, as that would imply the content hasn’t actually been deleted, but “moved off the site to somewhere else”. I have asked for Peerlyst to confirm that the data has been removed - so far, there has not been any response. I guess they have until May 2018 to delete it from the GDPR standpoint in order be in full compliance.

    The other comment I received was

    “So sad to see you deactivated your account. You used to believe in the mission of sharing everything to help people improve!?”

    My response…

    “And I still do. Just not for Peerlyst”.

    The point I’ll make here is as follows. For a community to succeed it has to have a solid foundation, and a clearly defined policy. There isn’t much to the policies I put together, and they can be found here.

    Based on what I saw on Peerlyst, I felt the need to update these accordingly. Take a look yourself. I personally want to mentor the next generation of InfoSec professionals, not get into a pathetic “[censored] slinging” match that yields no real benefit whatsoever. I’ve also been contacted by one of the moderators - evidently, Peerlsyt’s CEO (at the time - they are now defunct) wanted to have a call with her to discuss this. Too little, too late, I’m afraid. The damage is done. I don’t want an apology as one isn’t needed. I don’t want a discussion as nothing will change. In reality, I refuse to associate my name or any of my content with a so-called community that is effectively endorsing  one of the worst online experiences we have to date - trolling.

  • phenomlabundefined phenomlab referenced this topic on
  • @phenomlab I am sorry to hear about your experience. I fully support your decision, and I believe it is waste of time to spend one more minute in those kinds of environments anyway. As you said, the attitudes of the moderators are very important. Even if you can bring a lot of talented people together, if you cannot maintain the atmosphere of the community, it will not lead anywhere good. moderators/admins are quite important, if they are not competent the community is doomed.

    I guess we can think of this as movie remakes that are much worse than the originals… Just because you have a great scenario and better actors, it does not mean the movie will be directed better. With worse directors/directing, you can end up having worse movies like Psycho, The Shining, and Mummy… The remakes are terrible for each one, Mummy remake even had Tom Cruise in it, but it is way worse than the original 😄 So, it is clear that the “director” (moderators) is quite a key.

  • I can appreciate how important your relationship with them meant to you, and how frustrating it would have been if they hadn’t seen all your efforts. In particular, you can discover similar folks in pubs where the world is like that. If you find time you can read " They have the right to believe what they want to believe "

  • @crazycells I guess the worst part for me was the trolling - made so much worse by the fact that the moderators allowed it to continue, insisting that the PeerLyst coming was seeing an example by allowing the community to “self moderate” - such a statement being completely ridiculous, and it wasn’t until someone else other than myself pointed out that all of this toxic activity could in fact be crawled by Google, that they decided to step in and start deleting posts.

    In fact, it reached a boiling point where the CEO herself had to step in and post an article stating their justification for “self moderation” which simply doesn’t work.

    The evidence here speaks for itself.