It’s the new social media platform for a lot of cybersecurity users, as well as the rest of the world, with 27 million users having joined Bluesky over the past few months.

Now many still maintain a presence on the likes of X/Twitter, but with this new social media site being increasingly used by the infosec community, is it time to get in front of it and ensure there are some conduct considerations in place first? One person who thinks so is Heather Lowrie, winner of the 2024 CISO of the year award at the SC Media UK awards.

Behaviour and Respect

Speaking to SC UK, Lowrie cited a code of conduct she saw at the recent SANS EMEA conference, and also the Black Hat conferences about behaviour and respect for other users. However as the platforms are open to all users, this has its “advantages but also its disadvantages.”

Lowrie is a fan of social media, as she says “there's so much innovation and ideas exchanged via these platforms” but when there is a lack of respect, “it drives people off if the conduct is not what you would expect.”

She says what she wants to see is a platform where you're able to share ideas to get information, but one that is “quite useful professionally.“

Appropriate Controls

This poses the challenge that she raises, how do you make sure the appropriate controls are in place, and build norms and standards in an online community? “So that it remains inclusive, productive, and professional?” 

As for Bluesky, is this where the community is going to have its conversations now, some 15 years after Twitter/X was selected and ultimately moved from? Ultimately after X was moved on from after the acquisition of the platform in 2022 by Elon Musk, it may seem that we have Bluesky, where it's all a little bit cute, nice and all friendly, but is that because we’re all playing nice at the moment?

Ultimately all it takes is for a few bad apples to inject themselves into the community, make a name for themselves, and all of a sudden Bluesky is not such a friendly place.

“I guess whether it's online or offline, it's about behaviours,” Lowrie says. “You want to see in whatever community, role model behaviours. Making sure that the values are understood and it to be a supportive, inclusive environment.”

She admits that there will be dramas, but if there is a reference point to a code of conduct, that can make things - and people - easier to deal with.

So who is to be appointed to this position of social media code of conduct overlord? She says it is not a case of formal governance, “but some kind of consensus around a code of conduct within the infosec community.” She acknowledges that there are different infosec communities and geographies which need to be considered, so it is not the case that there is a governor for social media, but more that there is a series of conforming rules that we all work towards. 

What do you think, is this something that we need and could we establish? Would users conform to this code of conduct? Would there need to be a community effort to admonish those who don't comply? Or have we already gone too far for this to work? Do let me know your thoughts.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.