My Blog Comment Deleted!

I left what I considered a thoughtful comment on another security blog, but my comment was deleted. Denied. Ignored.

Read about what happened in Creating a Culture of Security and my thoughts about it, which I added at the end of that post.

Ever had a similar experience? Think I got carried away? Afraid to leave a comment of your own? Let me know about it here.

Leave a Comment



Filed under Security

7 responses to “My Blog Comment Deleted!

  1. I haven’t been blogging for that long but I quickly realized that the majority of readers don’t take the time to write a comment or contact you offline. If a reader takes the time to craft a response then it should be posted if the content has to do with the blog post. I’m assuming the content doesn’t contain any other irrelevant data such as malicious links, SPAM, etc.

    It’s unfortunate that your comment wasn’t posted since it was a thoughtful response. I think an author should disable the comments feature to any blog posts where there may be any issues with posting comments. This way a reader doesn’t waste their time writing a response since its clear that comments are not welcomed on the page.

    I’ve never had any of my responses deleted and as a blogger I’ve only deleted one comment (the reader posted a link to a tool I was discussing and already provided the link).


  2. I got banned from the PwC blog a while back. It is *not* a pleasant feeling, especially when you’re sharing constructive comments and they’re reacting in what you may describe as a “hostile” manner.

    How does it help anyone, especially a large firm trying to get ‘street cred’ in the online world, by closing to door to comments from the online community? It makes no sense, unless you approach things from a “we must control everything” perspective I suppose.


    • ITauditSecurity

      You’re welcome here! So are constructive comments. Hard to imagine you being banned, unless you used profanity, but that doesn’t sound like you.

      Some people can’t handle criticism or being challenged. Some can’t admit they’re wrong.

      I agree that such behavior doesn’t help anyone–except you–it helps you find another place to share your insight.

      Always good to hear from you.


  3. ITauditSecurity

    Not only do the majority of readers not leave a comment, most of them don’t. For various reasons. But even the majority of the few who read the entire post, whether they liked it or hated it, don’t comment. Only a select few, which is sad, as most of those diligent readers DO have something to say or contribute. I think it just takes too much time; readers want to move on the next thing and don’t realize how important comments are to bloggers (and other readers).

    As I’ve said before, an intelligent negative comment would be better than none at all. Personally, I love pokes and contrary opinions; it is what has spurred me on in life to better myself. It makes me take a fresh look and myself and wonder out loud.

    I read a couple of your posts and saw for the first 3 pages of posts, you had comments on most of the posts. Not only that, but they were helpful comments, so helpful that you acted on them. That’s pretty cool.

    I liked all your explanations and pics on your blog. Keep up the good work. And I like the name of your blog: Journey into Incident Response. It says that there’s always more to learn, and reminds me of Journey to the Center of the Earth, which is kind of what forensics is, in a sense.

    I added your blog in my LINKS page (see top of the blog) under the Computer Forensics link.

    p.s. I left you a comment like a good reader should. I had some problems leaving a comment the other day, but went back and was successful. I noted my trouble in my comment on your blog.


  4. One of the main reasons I want comments is to help validate what I’m doing. It’s helpful when I receive that validation because it reassures mean I’m on the right track. It’s even more helpful when someone points out my errors since I can learn from it. Neither of this is possible without feedback from readers and I don’t think most readers are aware of this.

    I thought it was interesting that your 3 part solution to the problem of security culture didn’t include compliance checking. This may be included as the third part since how can you fire someone without knowing about the non-compliance. One of the issues I’ve seen in InfoSec over and over again is the lack of compliance checking. Management has provided support for policies or procedures on to be put in place. Over time, assumptions are made that everyone is following the policies or procedures without ever performing any verification. This can help create the culture of just going through the motions when a new policy or procedure is being created because once its implemented you don’t have to follow it. A strong compliance program can counter this because people are more willing to comply if they know someone is going to be checking and if they are caught then they will be fired.

    I like your perspective on things which is why I’ve been reading your blog since I came across it. Keep up the good work and thanks for sharing.


    • ITauditSecurity

      You are correct: I included compliance, but didn’t do it explicitly. In addition to the firing, there’s the review in the performance appraisal process.

      I should have explicitly included it as a separate step, because, as you noted, it is often not part of the process. Firing is more likely to be the result of a major incident rather than just failing to comply, so your point is exceedingly well taken.

      When I was in security, I monitored compliance to security and other policies, but never had the time to do it diligently. I checked the major items frequently (patches, insecure configs, security of new processes and products, monitoring, etc.). Unfortunately, the audit team didn’t have the resources to review enough either. One company I worked for did a pretty good job, but they were in the financial sector.

      Just like car drivers check their speed when they see a cop, users tend to be more careful when someone’s watching and checking–couldn’t agree more. Fortunately, some eventually realize that doing the right things are good for business, not just compliance–but that only happens when we can demonstrate the risk and the probability of occurrence.

      Thanks for your input and keep raising the compliance flag!


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.