Leading Folks to Cybersecurity

February 21, 2024 – by Trevor Parker

Too many outsiders

One of my biggest frustrations with cybersecurity is how easy it is for almost anyone to feel like an outsider.

People typically bump into the world of cybersecurity when their data is stolen, when their accounts are compromised, when security controls or requirements change — all usually frustrating or at least inconvenient. And in depictions in popular culture, "hackers" tend to take the form of some kind of stereotype in a dark room either portrayed as a heroes or villains who, themselves, are some kind of outsider.

If people only encounter cybersecurity when things become a burden or go wrong, and all the cultural references of security folks tend to look like someone else or seem to do something impossibly magical or unimaginably obscure, then of course the typical person will tend to either actively avoid the topic or have a really hard time connecting with it.

That's a real shame.

Cybersecurity isn't special

In an ideal world, perhaps cybersecurity would be more akin to something like fitness or personal finance — disciplines (and for some, hobbies) where there are experts, skill ladders, and even entire businesses but also very real, attainable, clear connections to everyday life that regular folks can foster outside of crisis scenarios. These are areas where folks have gone out of their way to show people that there's room for them and that they can make positive impacts for themselves.

Anyone who has a password, anyone who has an expectation of privacy, and anyone who depends on the functional mechanisms of today's world has a very real connection to cybersecurity. But those connections only seem to become clear when they present themselves as a problem to be solved or a thing to be worried about. And they're often obscured behind vagueness, technical jargon, in-jokes, and other unnecessary barriers.

Why has the cybersecurity field had such a hard time bringing our knowledge closer to people's everyday lives? Perhaps we are too busy solving problems for organizations that have found ways to make the problem set grow faster than we can keep up. Maybe we are over-indexing on the skills needed for the technical work and not prioritizing skills in communication.

Regardless, we don't spend enough time demystifying and pulling back the curtain. We don't go out of our way to tell folks that cybersecurity isn't special. We definitely don't work hard enough to show how cybersecurity isn't special and how everyone can be a participant.

We need everyone

The collective resources for cybersecurity seem to be in a constant state of flux and contention. How can we act to more deliberately inform and educate, to make cybersecurity a more practical facet of daily life, and to build as many allies as possible in the process?

The importance of a layered approach to security is well-recognized. How can we better invest in actually fostering and sustaining the human layer, one which can naturally sense, analyze, adapt, and self-propagate?