Information Security or Cybersecurity?

It all depends on your definition of “It”

Helen Patton
4 min readMar 2, 2024


I began my 20-something security journey understanding that my role was to manage Information Security. This meant that I cared about information, digital or physical, in any context or capacity. This meant that I was concerned not only about external attacks, but internal processes (and the inevitable errors that occur) and humans, who rule them all.

Photo by Tingey Injury Law Firm on Unsplash

But somewhere along this journey the industry shifted, and it seemed the role of the security leader was to manage Cybersecurity. This seemed to mean focusing mainly on external threats, on technology and tech environments, and people (but only to the extent that they interact with technology).

A bit frustrated and a little bit more concerned, I went to the socials (LinkedIn, X) to find out what the security community was thinking (or not) about the relationship between Information Security and Cybersecurity. I asked:

What Do You Think About Information Security and Cybersecurity? Are They:

The Same Thing

Cyber is part of InfoSec

InfoSec is part of Cyber

They are completely Different



Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at or on Twitter @CisoHelen or on Mastodon