Here we are, my friends. The 1000th post. Whew! It’s quite a load off to have finally made it. Hopefully this doesn’t come as a surprise to anyone since I’ve been announcing it for months, and if you have questions, hopefully the FAQ can answer them. I wrote and re-wrote this post several times. There’s so much to say. How can you sum up 5 years of a blog in one post? I have so much to say, but I’m not going to write a book about why I’m shutting the blog down, I’ll just focus on the major issue at hand - happiness. Isn’t that what life’s really all about?
It wasn’t that long ago that I unfortunately lost my love affair with security. Even a few years ago my wife would find me up way too late at night writing some little proof of concept code, excited to post about it the next day. A lot has changed. Some of it is external forces, and some of it is that I realized that I’ve done what I came here to do. When I ask audiences at conferences how many people have heard of XSS or CSRF or command injection or SQL injection, nearly everyone raises their hand. I can rest easy now in that the ultimate mission of the blog has been a success - people have been educated, partly through me, and partly because the industry at large has stepped up to the plate and done an amazing job of absorbing the problems.
I started ha.ckers.org as a place for me to experiment on my own, and share ideas with a few like-minded folks. I never intended it to be a big site, but scope creep from the original mission changed all that. I realized I could educate a lot more people than the 20 or so readers I had started out with. 20,000 readers, countless press articles and 5 years later, and I’ve been run through the meat grinder. My love for security was unfortunately replaced by a sense of servitude.
With any kind of work you get a sense of anxiety. But the biggest problem is that security stopped making me happy. I got into security because I enjoyed the intellectual puzzle. The industry around me has certainly changed several times since I got started but more importantly I too changed. My wife told me not too long ago that I wasn’t a hacker anymore, I was a politician, looking to see how I rated in the polls. I really didn’t like what I had become - that’s not me at all. I normally hate the press, and I’ve never enjoyed public speaking. It was always a necessary evil. An evil that I embraced far too much, if you ask me.
They say that if you look at the graph of happiness in your life you can tell what sort of life you led. For instance, if your life starts positive, then goes down, and then ends positive it’s a comedy. If it starts low, goes up and then ends badly, well, then you lead a tragic life. I’ve never claimed to be a futurist, and in fact, I’ve found the question, “What do you think we’ll see in the future” to be a terrifying question - what if I’m completely wrong?
I’m not an oracle and I really don’t like giving people incorrect information. But if I were to look at the graph of my life honestly, it wasn’t trending well over the last few years, looking more like downward trending saw blade of perpetual highs and lows. Although there have been a lot of individual highlights and amazing things that have happened, I’ve noticed and other friends, family, and peers have noticed that I’ve gotten less and less happy as a whole. As much as my trustworthy friends tried to convince me that the negative sentiment was meaningless, it was having a profound effect on my desire to continue. The saw blade was trending downward. I’m not blameless for how I got here - no one is perfect, least of all me.
Although I’m a fun loving person in many ways I also tend to be a pessimist and I do take things too seriously sometimes - definitely to a fault. I saw my happiness declining and the light at the end of that tunnel was getting further and smaller as I went on. It became harder to shrug things off, and I started worrying about even the simplest of things. So instead of being a victim of my own circumstance I made a decision to make my own destiny and start enjoying life again.
So this is it - I’m taking my happiness back and I’ll be taking on new and exciting challenges without the drama of intense public scrutiny. It’s time to make the graph of my life into a comedy - filled with excitement and wonder in the unknown. I’ll always have a soft spot for security; I’ll keep up on it, and I’ll continue to research and run my company, among a lot of other things, insofar as it doesn’t impinge on my happiness. Not hedonism, my friends, happiness. Now is the time to seize the day and start having fun again. Life’s too short.
I could also spend pages iterating all the people who’ve helped me think through the countless issues we’ve talked about, sent in ideas and generally made this website and WebAppSec in general a success. Rather than risk excluding anyone all I can say is that I truly, deeply respect all of you for your skills and appreciate what you’ve done for me and the industry as a whole. Perhaps no one but me will truly appreciate everything you’ve done, but trust me, you’re the real gods of WebAppSec. I wish you the best. So I leave it to you all - this industry along with all the good and bad, in very capable hands. Trust me, there are plenty of amazing people out there. Now it’s time for them to take their rightful place.
So… where can this mythical happiness monster be found, you may be asking? For me the journey to find happiness starts with a cold beer - so that’s where I’m headed. On behalf of id and myself, adios, my friends! Thank you for reading.