It’s probably no surprise to you that cybersecurity professionals are an unhappy bunch. There are a lot of issues between people in the community, between consultants and vendors, and between management in the security strategy tower and security professionals in the trenches. So, if you’re miserable and a cybersecurity professional, add ‘not being special’ to that now and go on be a little grumpier.
We have a lot to be frustrated about, really. Nobody understands us. But worse than that is the ungratefulness for what we do.
Through history, people have put themselves in harm’s way to do the right thing. Sure, some do it for money and others for the sex appeal, but mostly people go into security to protect. I get it that 'harm’s way' isn’t the same for cybersecurity and a beat cop’s police patrols, but the part of helping and protecting is the same. But I’m on a roll so don’t start throwing facts at me now.
The point here is that people who do physical security and assorted heroics get all the accolades. And the people in cybersecurity get insomnia, stress-fat, and eventually fired. Maybe not in that order, but definitely some of that.
Why? Spoiled ungrateful masses. It’s just a theory but I personally think the public is thoroughly unimpressed by tech skills - or at least nonplussed by anything not physically driven.
So, if I track a criminal through the forest by looking at foot impressions and broken twigs, I’m amazing. But if I track a criminal across the globe through code variations and connection timings in a variety of logs, at best I’d get an indifferent shrug from the public. Why?
Twice in a year I used cyberskills and detective work worthy of Batman in cleverness in finding the owner of a lost iPhone. Not the old ones either, but new ones. Expensive ones. One was rose gold. I found the phones, one on a bench in a parking lot of a hiking trail and the other outside a tourist bathroom. Both times I ran around immediately looking for the owner, but found no claim. So, then I went to work.
Both phones were locked with a PIN, so both required some effort to find the owner. One, I had to deduce the owner from recent pictures where I identified and located her car to flag her down before she left the parking lot. The second one had the pictures roll locked, so I used Siri to call someone, just making up generic names until it asked me if I meant “Steve” and then called him. I had Steve get in touch with the phone owner for me.
So, all that done in under a minute each time. And while I may have overstated the whole ‘Batman’ bit, it’s at least Veronica Mars type action.
But that’s not the point. The point is both times the owner seemed annoyed and dismissive of me, bothered that I ruined their day because they had to come and pick up their phone from me. Neither wanted to hear how I found them using the locked phone. Neither saw it as anything great, or even just a really nice thing that I did.
I get it that it’s not the same as pulling someone’s child from the jaws of a raccoon or finding their runaway cat. And that’s my point too. It’s just not seen as a big deal at all, at least by the masses.
If it was any of you cybersecphiles then you’d think it was really cool. You’d ask questions. You’d make me feel happy for helping or even clever. But you’re not the masses, are you?
This is what happens every day, all the time, on some level to all cybersecurity professionals. It’s a thankless job. People feel safe when they see the security guards in the parking lot. Nobody tells you they feel safe with cybersecurity people on the network. And while I can enumerate many possible psychological reasons for it, emotionally it still sucks. It still feels like a thankless job.
I was going to suggest some changes we could make to improve the situation, or at least some things that make us feel less bad about it. But I couldn’t. Instead, I just started listing all the ways the message of cybersecurity is unclear to the masses and what they think they know about security.
So here it is:
What do we do with this knowledge? Make better marketing? Write more articles? Try to be a little less depressed? I don’t know. I just know that the lack of appreciation will likely never go away as long as people don’t have an emotional connection with their online selves.
Until then, we'll just keep doing our jobs.