Cybersecurity & Information Security are the same thing!

I feel like Joshua doing his "unpopular opinion", don't worry Josh, I'm not stealing your thing.. This is more of a Peter Griffin "Grinds my gears" thing ;)…

Get ready to debate! I'm a big fan of semantics and debating (ENTP). I pride myself on being open minded, I strive very hard to never become an "old dog who cannot learn new tricks." I am open to growth and change. I also have those "special powers" that make little details most don't care about, super important to me. I once argued over how someone in IT should not call a USB Drive a "memory stick", regardless of the name the company put on it, because that's not what it is. :D… This is a little like that.

So like an lawyer with my opening remarks. In the next few minutes you will read my position and will side with me. You'll understand that Cybersecurity and Information Security are the same thing. There is no difference and we don't need arbitrary differentiation like this.

1. Chief Information Security Officer. The CISO; the responsible leader for all things infosec, cybersec and related for the business. Whether you prefer the prefix "info" or "cyber" this person runs things.
2. It started as "Security" and that is still a good term in use today. Information Security is more clear to separate us from?traditional security (armed guards). This evolution was necessary because we were protecting information, using technology, protecting data. It's a different "thing." But adding a new term now, it's creating a name for something that already exists. It's the same job/profession that exists, it's not defining anything new. Heck, we still have "IT Security" floating around today. Thankfully, we've recognized this is a limited definition and mostly moved away from it.
3. There was a time when anyone using the word "Cyber-anything" was shunned. Especially trying to re-brand information security, information security & risk management. We used to make fun of the people using the word cyber. There was a whole website dedicated to telling you when you could or couldn't not use that word. Spoiler: only use it when writing a cyberpunk, bladrunner-esque novel. I have a LI article on these ramblings if you're interested...
4. This is a problem in our industry. We as professionals need to make a commitment to end this kind of thing. (being a bit dramatic, but you get it ;). This goes back to the conversation (last week or so) on IoT, OT, and now having CPS as a term? We don't need to create names for things that already exist.In this case those who do believe "info/cyber-security" are two different things, potentially limit themselves when looking for jobs, or understanding some communication from those of us longer in the industry who don't differentiate. I'd hate to think someone believes they work in one and ignore the other term.
5. I'm guessing this came about from some early-on in their career, or outside the industry (like HR needing a job title), or cringe marketing. :D And I can understand how someone less knowledgeable would try to break out the "paperwork side" and the "technical side." The problem is you can't have one with out the other, and you need to understand both sides of things. So the delineation is not only unnecessary but can have a negative impact. We have security domains. GRC, penetration testing, identity, application security, etc... That's where delineation is, in job function and skills, not trying t split the industry.

?I've been doing this for a long time. That doesn't make me the "King of InfoSec" or anything. And I don't want to be some old man yelling at the clouds. (Even thought that's kind of what this is. LOL.) We as a industry need to make smart choices and prevent others from defining us.

I remember when I first heard people using only the word "cyber" to describe cybersecurity/infosec. I won't detail too much, but it was at an event educating a lot of people in an industry about information security. No doubt due to their exposure "cyber" = cybersecurity, information security, risk management, etc... They shortened it up, like we do with a lot of things. Not their fault (entirely). I still dislike this very much, I've accepted that I now work in "Cybersecurity," but I will die on the hill that I don't work in "Cyber."?Remember Cyberspace? Cybernetics? Cyber was term in game theory way back. Cyberpunk? I love me some William Gibson and Philip K. Dick, but your words have created an itch to never be scratched in my brain due to the manipulation of your ideas. :)

?Important note: I'm English speaking, first language. The only language I'm fluent in. I expect that in other languages this probably exists to varying degrees of "better/worse-ness."