We’re all guilty of speaking in a certain way when we do our jobs — every company and every industry has its own jargon after all — but, hopefully, when we communicate with third parties outside of our own industries, we can alter our language to a certain degree in order to get the message across.
Having said that, I’m sure we all know a few people who can’t get their heads around that most simple of concepts — Keep It Simple Stupid — aka KISS.
Worryingly, this seems to be especially true for the infosec profession.
Sure, I can understand whilst during the course of your working day you would talk about APTs, AV, DoS, DDoS, CVEs and all manner of other things which I’m sure you understand completely. Thats great and everything and everyone in your office probably thinks you’re just as cool as them for speaking the infosec language.
But please stop and think about who you are serving here: other infosec professionals don’t need your help after all.
Keep It Simple? My ARSE!
Joe public and even big business doesn’t understand everything you say. It can be complicated some times and I actually think you like to keep it that way. I mean, if you made things as simple as they could be you wouldn’t look half as intelligent as you do now and you probably wouldn’t be able to PCI DSS your way to such a good salary either.
So you baffle the masses and I truly believe its at least semi-deliberate at times.
For instance, a good friend of mine had a major problem with the internet security suite on her laptop a few weeks back. She knows my area of interest but doesn’t like to trouble me so she rang the support number for the company in question instead. Now, this young lady is educated to Masters level so she isn’t exactly lacking in the intellectual department, so the phone call should have been swift and offered a full and working answer to her issue right?
The guy she spoke to, based on what she told me afterwards, knew exactly what he was talking about. But he couldn’t communicate. At all.
He did give her an interesting talk on the history of his company. He did try to sell her some software she didn’t need. And he did completely confuse her with the solution he offered to her problem.
He spoke quickly and threw way too much computer and security jargon into the mix, He didn’t once ask her if she understood and he ended the call as soon as he finished saying what he wanted to say.
Ineffective arrogant tosser.
So what was the end result of this interaction? Simple – she came to me (and I’m just some numpty who stacks shelves for a living) and I fixed the issue in under 5 minutes. I also explained what the problem was, why it happened and how to find the solution if it happens again. She now has some printouts and is empowered to fix the problem herself if it happens again.
And she won’t ever, ever deal with that company again.
So infosec professionals, are you going to keep things simple in the future so that the message gets out and far more people can acquire the knowledge they require to keep their computer systems safe?
I doubt it — after all, knowledge is power, intellectual ego stroking and a good salary all rolled into one.
You just don’t deserve any of it though do you?