Beer, Squirrels and other Vetting Patterns.

In the operational security ('opsec') space, there are many different kinds of social patterns. Each is a different twist a very basic pattern: "What's the minimal amount of people we need in the room to get a diverse set of opinions and an executed and targeted outcome while maintaining some level of secrecy".. well, at-least that's the way they start out. As groups get larger, they tend to take on a lifecycles in which nobody planned for. They eventually "let Bob in" because bob has a specialty, but Bob doesn't have a 'time to live' (TTL) associated with him, and it wouldn't be right to just cut him loose. We might need him later,  so Bob stays.

After a few years, the group gets a little bigger, some fresh blood comes into the fold offering new perspectives and some older perspectives fade as people get burned out, move on.. or worse.. retire. Along the way, the group needed resources to handle it's operational growth, technology isn't free and neither are the human resources needed to keep things organized. Pretty soon, the groups dynamic have changed from an opsec organization to a political one. The original mission has more or less been solved, and new problems are more sector systemic in nature and require a different type of collaboration. They require scale across not just opsec personnel, but tighter integration with the customer support groups, the networking groups and yes, those wonky grey beards that still run the unix enterprise group. These new problems require more staff, more resources and more politics to get things done.

Your opsec group went from a mission of operational security with a tight knit group, to a more formalized, service oriented political body. Like any other functional (sustainable) organization,  it's new mission requires a new business-model to evolve in order to survive. Hard working people have come to depend on it for their livelihood, and it does serve a good purpose- as with it's constituents, it has evolved into something entirely different. It leaves some wondering, "how did we get here" ?


This idea came from the ZeroMQ Guide, well I guess from programming in general. There are these "patterns" that span programming languages, messaging frameworks and yes, social groups. "Normal" social groups are simple- they follow a recursive discovery pattern where you randomly throw yourself out into the world (reads: have a beer with a group of friends), meet (or 'discover' the existence of) someone, which leads to more beer, more discovery.. and usually a massive hangover at the end. Over time those relationships' either grow or decay, but rarely stay constant. These are not meant to be all inclusive, rather some simple observations of the more prominent patterns and help you identify what they are.

The Bar Pattern

Screen Shot 2018-02-17 at 10.01.55 AM.png

Randomly start talking to people at a conference. Head out to a bar, have a few beers, decide to build a mailing list and take down a botnet together. Create professional life partnerships. One of the more successful patterns, because you believe you can do anything when you get a few beers in you. All other (successful) patterns usually have origins in this pattern, or something like this- could be a bar, could be a game night at a coffee house, beer helps, but isn't always required.


The Gatekeeper Pattern

Screen Shot 2018-02-17 at 10.02.29 AM.png

Person(s) executes the Bar pattern, starts a mailing list with a group of close friends. Offers to host the mailing list, becomes the gatekeeper. Spends the better part of their professional life bringing interesting people into the community caring for it, pruning bad actors (kind of like a bonsai tree). When that person goes off to better things (or worse- retires), it survives for a while, but almost never in the spirit of the original founder, who put their life's work into building and caring for it (*cough* apple *cough*). Eventually, like any successful organization who loses it's visionary founders, dwindles until someone decides to finally just shut down the server.

Not all gatekeepers are created equal however. Gatekeepers that enforce a strict community grooming policy tend to be more operational relevant than gatekeepers that don't. This is measured by the maturity of conversation in the community and it's signal to noise ratio. Too much grooming and there is no operational impact, not enough- participants start responding to threads with cat memes (or worse, a subreddit).

The Gov Pattern

Screen Shot 2018-02-17 at 10.03.07 AM.png

Someone sponsors you, you fill out some legal paperwork, get a background check (have that background check lost in a data breach), get some access to some odd things in classified, un-classified and anonymous settings. Once in, information tends to be somewhat compartmentalized, barrier to entry is high in terms of time, politics and cost of entry. Information tends to move more slowly, but can be highly targeted and corroborated (we hope). It's also hard(er) to engage with non-sponsored participants, which is better for things like national defense, makes life harder when it comes to things like international cybercrime.

The Tribal Pattern

Screen Shot 2018-02-17 at 10.03.29 AM.png

This usually follows the Bar pattern, where a group of volunteers decide to solve a collectively agree'd upon problem. This group usually starts small with a small set of rules with an attempt to keep the group small and focused. What's interesting about this pattern is that- while the original 'community' may decay, because of it's original features and organization, many more of the relationships built within the pattern adapt outside of the community. This pattern tends to fork itself a bit more because the rules are almost person agnostic and cheap to implement. Each fork almost has to start small because of the nature of the rules. The rules are meant to help thwart most bad-actors without any single entity really being in total control of the group.


The Secret Squirrel Pattern

The SSP is a rift on the tribal pattern. The integrity of these groups are usually held in tact by mandating the use of real world identities and banning the use of aliases. These features tend to keep the group thriving for a long time until eventually the overhead involved with operating the group (or the original founders get burned out, move on, retire, etc) becomes overwhelming. These groups are usually disrupted by newer technologies more adept at solving those problems more cheaply and with less overhead. It's usually a great group for getting things done in the early stages. It also helps illumniate community overhead issues and prototyping solutions until the market catches up with solutions that can be moneitized and sold to external participants who may not have access to these groups.


The Monopoly Pattern

I have a service. I charge a ton of money for that service. I have lots of customers that pay me a lot of money. You can't really engage with outside parties unless they pay me, but it solves the signal to noise problem, the bad-actor problem and sustainability problem. Until of course- it is disrupted.





The Non-Profit Pattern

At some stage, the tribal (and/or secret squirrel) pattern(s) require resources (humans, machines, lobbyists?). So a community comes up with a more stable set of rules for governing it's membership and resources. The original mission stays in tact, but when you reach a certain size and growth rate, politics become a barrier to entry (especially if money is changing hands in exchange for those resources). The group isn't necessarily out to turn a profit (which in some industries can also be considered monopolistic or illegal), so some form of 501c3 or 6 vehicle is used to steward the community assets. With that comes politics, which provides some continuity of those assets, but can also evolve the organization away from it's founding roots. It's mission changes a bit, towards sustainability of the community and it's members, versus whatever operational aspirations it originally had. When you're a small business owner- you trade sustainability for flexibility, when you acquire shareholders, you trade flexibility for sustainability. Neither side of the balance is right or wrong, just a phase in an organizations lifecycle.

The Tinder Pattern

Similar to the bar pattern with a small twist.. You accidentally Swipe right. Hours later, wake up wondering where your pants are.. or naked, on a beach... in a foreign country. Not knowing who shared what with you- or if you even want to know.

None of these patterns are better or worse than the others.

One thing i've learned over the last decade of both building and participating in, like people- successful communities come in all shapes, sizes and colors. Some are geared towards introverts, some extraverts, some government liberals, some tea-party libertarians. They all have ONE thing in common: they ALL, want to make THEIR Internet a better place. However, they all suffer from one fatal flaw...none of them plan for success (meaning, sustaining the operational aspects of their work, something that is typically not a profit center). Of course with the Tinder pattern, it may leave you with some explaining to do in the morning.. Success in that pattern, is that you made it home that morning in one piece.

Failure is easy- people stop sharing, and eventually the list, chatroom, wiki or whatever they were using is accidentally shutoff and nobody notices. If a tree falls in the forest, does it make a ... NOBODY CARES! What happens when a group strikes a growth path that begins to conflict its original mission? Humans can only maintain N number of relationships, some suggest that stable number is ~150, I can't successfully maintain more than 2 or 3 in any given week.. and i'm a MASSIVE extravert.

What happens when your group starts to push the barriers of that 150, or 300 or 450...? Probably nothing, at-least at the surface. Below the surface, this odd dynamic starts to take over, less smart people continue to share "in the group" and start having more side-bar conversations. As new folks come into the fold, they're typically younger and less prone to speaking in public. If you came in after the group was 500+ people and you're a socially intelligent person you probably don't dive in head first. You probably end up as more of a lurker than anything, rarely contributing to the threads. If you're NOT a socially intelligent person, you end up dumping meme images to the list on a regular basis, further alienating the intelligent folks, making the community even less useful. The threads quickly turn more political than operational and the original mission starts to evolve. This isn't a bad thing, this is a natural thing. As you grow older, you worry less about your day to day life, and more about your future, it's only natural that larger groups follow a similar lifecycle.


Half ^H^H^H^H most of growing up is understanding where others before you have been, and then where they went from there. There are no hard-fast answers when it comes to these patterns, only in understanding what may come if you're successful and learning how to handle it. Also understanding that at certain stages you may have to accept what success for something you've built looks like and if it's what you want out of life. Success IS getting people involved, addressing a problem so others can benefit from that. However, as anyone with kids will tell you, it's also about them eventually GTFO and living on their own, because there's nothing worse than a kid ^H^H^H^H young adult ^H^H^H^H^H MILLENNIAL! you can't get to move out of the basement.

How do you create some kind of sustainability around operations while marginalizing the politics of it? There are some patterns that are quickly evolving in the open-source software space that may prove useful- things like the ZeroMQ C4 process that help build targeted communities and thwart bad-actors. Coupled with tools such as CIFCSIRTGGitHub and Slack, that make it cheaper and easier to fork any of these patterns as they reach those thresholds. If your community needs less resources to survive, and people are able to more easily flow between compartments, does your pattern ever get to a point where it needs politics to survive?

.. and then there's the discussion of automation and discovery within these patterns. At some point we need the machines doing more of this for us. more on that later :)