How to destroy a community faster than you built it

Mark Cutting Community, Management, Network, Staff 8 Comments

There’s a lot you can learn about a person just by the way they present themselves online – whether that is in a positive or negative light is really up to the individual posting the content. Several of my followers have questioned why I choose to part company with Peerlyst, and here’s why. Firstly, let’s understand the word “community”. Taken literally, it’s something like the below

“The condition of sharing or having certain attitudes and interests in common.”

Anyone calling themselves a community should abide by this basic description at all times. Especially the part “having certain attitudes”. It’s this very part of the description that is capable of destroying a community much faster than it takes to create one in the first place. It was always my dream and wish to give something back to the industry that adopted me at the age of 16 as a school leaver, and I promised myself that once I reached a plateau in my career, I would start giving something back in order to help others.

This initial drive began in 2016 when I started writing articles for Peerlyst. The very first article I donated to the community here detailed the most common types of compromise, and what to look out for. Fairly soon, I was contacted and asked if I’d consider making this a featured resource that their community could use as a learning tool. Happily, I agreed, and began donating regular articles from my own blog for the benefit of their community. As a side point, there are several authors who write similar content for others, but it’s typically for a fee, or a mention in a larger community in order to promote that individual. This isn’t how I work. I’ve never chased glory – I get my satisfaction from those who read my articles, and engage in active discussion relating to the content.

I always expected questions and dialogue arising from my articles. In most cases, the exchange of opinions, questions, and content in general made for a pleasant experience. Now, not every piece of creative writing inspires everyone, and I completely understand that. However, opinion can easily be divided when a specific response is used, and counter effective if the response hasn’t been well thought out before clicking that submit button. Written content often suffers from the same central ailment in the fact that it rarely conveys tone or emotion. When you read something someone else has written, it’s impossible to gauge body language or tone of voice. For this reason, diplomacy and a careful selection of words is often a good idea (also known as “think before you post”), as is reading your input before submitting it. Often, the first response to something isn’t always the best one, and you’ll find yourself effectively sanitising content before you submit after renewing it.

However, the story (unfortunately) doesn’t end here. I was not on the receiving end of the diatribe about be unleashed, but watched (with a mixture of disgust and disbelief) as this whole scenario unfolded. The focal point of discussion was from this post

Some of the comments left for the author of this post were in my view nothing short of disgusting to say the least. Here’s the opening comment

Those are great academic credentials. Let’s talk about “in the trenches” experience. Were you ever an engineer or specialist hunting threats and vulnerabilities? Run a NESSUS scan? Perform threat mitigation? Get called at 3AM because your network was hacked?What I am seeing is a professional test taker and academic. Perhaps with a photographic memory and tons of charisma? Getting a PhD at an early age and knowing 5 different languages leads me to believe the previous sentence. Where is the actual, bonafide experience?As for your “acting chief information security officer for regulated businesses”, again, where is the actual experience? Anyone can be a CISO including a person with a Music background. Just saying.

There was a comment from the original author of this post, but it has since been removed. It was essentially threatening the author of the above comment with a lawsuit for defamation of character. Unsurprisingly, the response below was then posted

Feel free. I am well known on here. And your lawyer can contact me at the provided address. If you were truly serious, you would offer the proof I am requesting. I will gladly acknowledge your certification and knowledge when the proof is provided. But you have not done so and that is an indication of your true meaning. I doubt your certification as a CISSP and you have done nothing to prove me wrong. The truth is your only defense.

I don’t claim to be an airplane pilot. I could not tell you how to land a 737. Why should you be any exemption to that? You claim to be a cybersecurity expert with a CISSP requiring 4 years of actual experience. Where is it? If you will acknowledge that experience, I will not only accept it, I will endorse you.

Have you “attorney” bring suit against me here in the US (I’ll never travel to Singapore so that doesn’t matter). Have him/her contact me at my stated email address. I will gladly share my physical mailing address for service of process. I’ll encourage service! Let’s go to court. Perhaps I know the laws better than you in the US not to mention cybersecurity.

As for Peerlyst, maybe they will see it fit to remove an individual who is a poser. A fake. A charlatan through her own lack of admissions. If they ask me to be silent on this, I will honour their request. It is their site after all. Guess we will need to wait and see.

Is this really necessary ? Since when did we consider it appropriate to behave like Neanderthals by publicly humiliating someone else, then dragging their reputation through the mud ? This is when a so called community deteriorates to a battlefield, and if the moderators do not make an effort to ring fence “debates” like this, they quickly spiral out of control and dramatically damage what the community set out the build the in the first place. The best way to extinguish this particular situation is to disable the comments for that post. As a moderator, this is one the immediate mechanisms to prevent brand damage. However, this course of action was not taken, and incredibly, the moderators chose to actually engage in the debate. This was not a wise choice, as the participants then started to respond to the interjection and went off track in the process. Mediation is a powerful tool when running a community, but it’s effectiveness is severely impacted when you decide to air dirty laundry in public.  Why on earth would you want to engage in a debate with someone when they are clearly trolling someone else ? You’re supposed to actually prevent that from happening in my view. And this is the real reason why I will never write for Peerlyst again. They have knowingly damaged their own community – effectively allowing someone else to poison it’s integrity and standing as a reliable information source. I know of two others who have contacted me since my LinkedIn post detailing that I no longer write for Peerlyst, and expressed the same reasons as mine stated above.

And so, on the 15th of November, I invoked my version of “Article 50”, and decide to leave the Peerlyst community by deactivating my account, and effectively, exercising my Right To Be Forgotten. For those who don’t fully understand the meaning of this, here’s a snippet supplied by the ICO

The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

I was contacted by Peerlyst the following day asking why I had deleted my account. I’m not convinced it was the fact that they were genuinely sorry that they had lost a member – but where more concerned that the content I had contributed over time was also deleted as part of the account deactivation procedure. Here’s some of the comments I recieved

“I’m sorry to hear that you decided to leave for this reason. I understand you have your own initiative, which I hope will work well for you. However, removing the content which serves 100,000 monthly readers and 500,000 unique readers is a pity for those who come to Peerlyst to learn”

My response was that all content I had previously provided is posted here at Phenomlab. It’s actually my work, and Peerlyst are no longer permitted to use it. I was also asked if I would leave my account in place so that they could retain the content. This concerns me somewhat, as that would imply the content hasn’t actually been deleted, but “moved off the site to somewhere else”. I have asked for Peerlyst to confirm that the data has been removed – so far, there has not been any response. I guess they have until May 2018 to delete it from the GDPR standpoint in order be in full compliance.

The other comment I received was

“So sad to see you deactivated your account. You used to believe in the mission of sharing everything to help people improve!?”

My response was “And I still do. Just not for Peerlyst”.

The point I’ll make here is as follows. For a community to succeed it has to have a solid foundation, and a clearly defined policy. There isn’t much to the policy I put together, and it can be found here. Based on what I saw on Peerlyst, the last “rule” is “Don’t be a dick”. Take a look yourself. I personally want to mentor the next generation of InfoSec professionals, not get into a pathetic “shit slinging” match that yields no real benefit whatsoever. I’ve also been contacted by one of the moderators – evidently, Peerlsyt’s CEO wants to have a call with her to discuss this. Too little, too late, I’m afraid. The damage is done. I don’t want an apology as one isn’t needed. I don’t want a discussion as nothing will change. In reality, I refuse to associate my name or any of my content with a so-called community that is effectively endorsing  one of the worst online experiences we have to date – trolling.

About the Author
Mark Cutting

Mark Cutting

Facebook Twitter Google+

Mark Cutting is the founder of and He is a network, security and infrastructure expert with more than 27 years service in the Information Technology sector. Mark has a significant eye for detail, coupled with an extensive skill set. Having worked in numerous industries including trading, finance, hedge funds, marketing, manufacturing and distribution, he has been exposed to a wide variety of environments and technologies alike.

Leave a Reply

5 Comment threads
3 Thread replies
Most reacted comment
Hottest comment thread
5 Comment authors
John SeargeantSally LithgowInfosecJamesMark CuttingMarc Kisner Recent comment authors
newest oldest most voted
Notify of
Marc Kisner

@Mark Cutting Very well written article and splendid reference to “don’t be dick” which should feature in all formal policies and procedures.
I appreciate your sentiment and agree that showing respect and treating people the way you would want to be treated is very important. Any kind of online bullying or trolling is wrong on all levels. Too many keyboard warriors would rather comment on others insight and pick up on petty irrelevant interpretations while vary rarely taking the time to write articles themselves. They would rather pick at others to gain attention while missing out on the valuable content of the actual article. Healthy debate is great and in the spirit of knowledge sharing which I support totally. I value peerlyst for trying to build a community for infosec professionals but trolling should be stopped and isolated at source if possible. I also appreciate the effort and time that it takes to contribute well thought out and well written articles and don’t take them for granted. I have greatly benefited from reading articles written by others and will remain very humbled and grateful. I don’t understand small minded attention seekers who take a free resource for granted and moan and pick holes. Polite contributions and disagreements are good and help spark debate and learning but trolling and bullying are unnaceptable imho

Marc Kisner

You have experienced it yourself and also seen it happen to someone else.


I have to admit, I found the peerlyst community a bit ego driven. Seemed like alot of the users there. Just took a read through the comments your wrote about below and I agree with your statement. This asshole is a troll and they shouldn’t allow this to happen on a supposedly professional site.

Sally Lithgow
Sally Lithgow

I read this article with both interest and dismay tbh. As much as I like communities (and loving this blog, too), I can understand why you don’t want anything to do with peerlist. It’s obvious from what you’ve written that they are up their own @r535 and I agree with infosec james

Btw, the link you posted has been changed recently and the trolling comments were removed. There’s a comment someone’s left there saying that there isn’t any need to keep the original remarks, so I guess they may have finally agreed what was posted was offensive. They should issue a public apology IMHO.


Classic case of a cover up I think. Why else would you suddenly delete stuff someone must have made a complaint ?

John Seargeant
John Seargeant

I’ve just come across this post whilst googling for something on Peerlyst. Having read what’s here and the post you referenced (which now has the comments redacted) I’ve changed my mind about signing up there.

What the hell were the mods thinking of engaging like that. Trolling is a disgusting activity and a so called professional site should know better.