A lot of people ask me why I still use a handle and go by ‘Space Rogue’ instead of using my real name. Trust me it is kinda awkward to go to a respectable con like BSides, Blackhat or even RSA and introduce myself as ‘Space Rogue’. People always ask me to repeat myself as if they didn’t hear me, then they get this weird look on their face like ‘who is this crazy person?’
The original handles came about because early multi-users systems, like UNIX and BBS systems, could only handle eight character login names. So people tended to get a little creative. Those handles became intimately identifiable with the personas behind the keyboards. Most of the people I still interact with from those days I still refer to by their handle. Jeff Moss will always be DT, Chris Wysopal at Veracode will always be ‘Weld’, Joe Grand will always be Kingpin, or just KP. Not just online but in face to face meetings as well. People who know my real name still refer to me as Space, SR or even Mr. Rogue when we are together. For me handles are easier identifiers than actual names, I seldom remember a name but I almost always remember a handle.
During the L0pht years handles were important. We felt we needed them to protect us from individual lawsuits that may be filed from the companies whose security holes we were exposing at the time. We went to great lengths to protect those handles. We gave up many press opportunities because numerous journalists couldn’t get past not having a real name to pin a quote to. I figured if my handle was good enough for a Senator to read into the Congressional Record it was good enough for a newspaper quote.
Somewhere along the line most of the people I knew who were using handles switched to using their real names, usually because of a job. There aren’t many people at the top of the InfoSec world these days that still uses a handle. (Of course there a few that use ‘normal’ sounding handles, and a few whose actual names sound like handles.)
For me it comes down to keeping my day job. I tend to do infrastructure, networks, servers, that sort of thing. Big deal right? Well a lot of company’s are still afraid of the evil ‘hacker’ label. I guess they don’t feel comfortable with having a ‘hacker’ have physical access to their networks, servers and other mission critical systems. Never mind my extensive experience in the IT field or that my ‘hacker’ background probably makes me a better IT Manager than anyone else they are probably able to hire. Companies tend to freak out and pull a knee jerk reactions.
Making my real name easily associated with ‘Space Rogue’ via a Google search does not assist the job search. I have lost at least one and possibly two jobs, and who knows how many potential jobs, when someone was able to make the connection between the two identities. Now they didn’t come right out and say ‘Oh your Space Rogue you can’t work here anymore’ but it can be pretty apparent when a company is trying to get rid of you and then you find out later that they made the connection somehow.
So while a lot of people ‘in the scene’ know my real name I keep my Infosec identity as Space Rogue separate from my IRL identity and will continue to do so. At least until there is a company that is willing to see the value behind the handle. With any luck I will be able to merge the handle with the real name and become ‘John “Space Rogue” Smith’
– SR