This Is How They Tell Me…
Michael S.
D CISO | Business-Focused Security Leader | Fostering a Culture of Security & Privacy
I recently finished reading the culmination of more than seven years of research, interviews, and reporting on the topic cybersecurity by Nicole Perlroth.?In what has become a bestselling book, “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race”, Nicole tells the story of her journey into the underground Zero-Day and cyberwarfare market.?It is a non-technical peek into a history that few outside Information Technology and Cybersecurity has been exposed to.?While her intended audience are “civilians”, I found some very important lessons for security professionals.
In the early pages of Chapter 1, Nicole talks about her previous role, writing magazine articles about venture capitalists who became rich investing in tech companies.?She was thrilled to be approached and recruited by the New York Times, but there was a catch.?The Times wanted her to change her focus to reporting specifically on cybersecurity.?By her own admission, this was a topic she knew little to nothing about, and even explained that they could find someone more qualified.?Their response was simple, but telling, “We interviewed those people.?We didn’t understand anything they were saying”.
领英推荐
Woven into the history of the rise of these cybersecurity issues, is also a rather unflattering portrayal of nation states and government participation in the advancement of capabilities, and exploitation of technical vulnerabilities.?There is also some degree of admiration for those working to identify and defend from these threats, with some suggestion to stop making it, “all too easy for the rest of us to tune them out”.?While she does not directly state that the overuse of technical language and jargon is problematic, there is plenty of examples and references pointing at the problem and the unintended consequences.?A lot has been written about the need for soft skills in this profession.?This book had some pretty good examples as to why.?Further, the book itself, with its plain language seems to resonate with a non-technical audience and is now a New York Times Bestseller, and Winner of the 2021 Financial Times & McKinsey Business Book of the Year Award.?What’s the opportunity here??Apparently, she captured some attention.
A recent blog post by Splunk states, “In light of expanding attack surfaces, sophisticated cyber threats and deceptive new social engineering techniques, it’s more important than ever that employees be proactive and understand their role in preventing attacks.”?Indeed this is a common sentiment in many such articles, posts, and discussions.?We can roll out all the phishing simulations, USB drops, and security awareness and training content we want.?Connecting with the audience is important if we want the average business person to be engaged.?Nicole Perlroth may have shown us how.