A Love Letter to Information Security
If you believe the popular press and social media, the Security profession is In Trouble. Like, big time trouble. There’s all kinds of scary technology attacking everyone on an automated, constant basis. There aren’t enough Security professionals to go around. Our policy makers underestimate the threat, and don’t understand it even if they’re worried. Leading technology companies are under-investing in Security — heck, all companies are under-investing in Security. Nation-states are using cyber as a weapon even when not provoked. Our smart speakers are not just listening, they’re monitoring and responding. And I’m constantly asked: “How do you sleep at night?”
“Always Look For The Helpers” — Mr. Roger’s Mother
I’ve been in this industry for a couple of decades now, and as I’ve worked and learned and matured, I’ve been fortunate to find “helpers” — people in the Security profession who recognize the challenges of the role, and who take proactive steps to make things better. This month, I have attended a couple of conferences where these people have shown the compassion, professionalism and concern that make me remember why I stay in this career.
The Teachers
Known at conferences as “the speakers”, they don’t just speak — they share their experiences and knowledge, mostly without expectation of reward. I appreciate those who take the time to prepare a presentation for an industry conference. It takes emotional and professional energy to submit a proposal, prepare (and prepare and prepare) the material, to show up and to share. These folks take a risk, to share their experiences and knowledge. And it’s not just during the talk itself — after they speak they often continue to engage with folks who approach them with further questions, or comments, or disagreements. I am particularly impressed with those who speak who are new to the industry. It can be intimidating to share a story or a theory when there are so many experienced professionals — but we need those younger voices to remind us where we came from, and to inject new thinking into our professional canon.
Most conference talks are later shared, for free, online. So, when you’re feeling blue about the state of the industry, or need a new way of thinking, or a fresh idea, look to the Teachers.
The Carers
These are the people that don’t ask “what you do”, they ask “how are you?”. At conferences they might be the people that ask “are you enjoying your day?” or “what do you hope to learn/do/experience while you’re here?” or “can I help you?”
Sometimes I go to a conference that I’ve never attended before, and I know very few people. At these events, having someone recognize that I’m looking lost/confused/bored/concerned and asking me how I’m doing can be a god-send. And, in this industry, usually someone does just that.
More often, I’m at conferences where I know some people. In this case, it’s always lovely to find a friendly soul who asks about my family, or my team, or the state of my mental health. And, invariably, someone does. It allows me to step outside my day to day job, and reconnect with the humanity we all bring to this profession. It allows me to remember that we’re all in this together, and working on the same team.
So, when you’re feeling like working in Security is an impossible, never ending task, find a Carer. They will remind you that there is goodness in the world, and it is closer to you than you think.
The Connectors
Some of us work in large organizations with large Security teams. Others work in smaller teams, or as the lone security person. Regardless, I encourage people to invest in their network, to meet people doing similar things, to learn new ways of doing old things. But how do you do this, particularly if you aren’t naturally extroverted or well-connected?
I give thanks for the people who are the glue of the profession. These are the ones that, while you’re talking to them will say “have you met XYZ yet? Let me introduce you”. I’ve found that my vendor partners are often the best at doing this: “Oh, you’re looking into EDR solutions? Let me introduce you to Abdul/Mary/Letitia — they know a lot about it”. I’m thrilled when someone introduces someone else to me who is looking for assistance — mentoring is hugely satisfying— and I’m just as thrilled if someone can make a connection to someone who has similar challenges as me.
So, when you’re stuck on a particular problem, look for the Connectors. When you know someone stuck on a problem, become a Connector.
The Volunteers
I continue to be amazed at the number of people in Security who volunteer their time and effort to give back to, and grow, the community. It’s true, there’s a lot of money to be made in the Security industry, and some people are making a ton. For most of us, however, Security is not just a job, but a passion, and taking time to give back reflects this commitment.
When you get together with other Security professionals, pay attention to the unpaid work they are doing. Some are volunteering to organize conferences. Some are volunteering to teach kids how to code/lock pick/engineer. Some are volunteering to mentor others. Still others are writing articles, reviewing Security books, or deciphering Security papers.
The capacity of the Security industry to overcome challenges lies with the volunteers.
I’m happy to admit that for me, the attraction of working in Security is not just the technology or the espionage or the policies. For me, what makes working in Security so satisfying is the people who work in Security.
Security people are committed, passionate, and big-hearted. They care more about others than themselves. They are willing to teach, care, connect and volunteer to make the community stronger, safer and better. They know that we are all human, and will sometimes fall, but they take care of each other anyway. They know that we bring our whole selves to the job, and that our whole-selves need to be nurtured and protected.
So, according to the popular press and social media, the Security profession is in Big Trouble, I beg to differ. The Security Profession is Doing Great. We have all the skills and tools and empathy and passion to solve any issues that come our way.
And in case you’re wondering, I sleep just fine.
