Infosec vs. Cyber -- which is it?
Who cares?
I recently witnessed a silly bunfight between two professionals slugging it out in public over whether “information security” and “cybersecurity” were the same thing. And whether physical security was part of either.
Honestly. This is the kind of dogmatic pedantry that gets companies popped. If I may be allowed to quote Hamlet:
“Words, words, words, words, words.”
With apologies to Shakespeare, words are a signpost to the things themselves, and not the actual thing. You need to go past the words to engage with reality. Words and metaphors are constraints that filter an overwhelming volume of sensory input.
Security work requires you to engage with reality as it is, not as you wish it to be, but as it actually is, and that means seeing past words and discarding filters and metaphors to more adequately engage with the world.
That’s all a bunch of fancy theory to mean the following: It doesn’t matter whether we call the work “information security” or “cybersecurity” or even, in 2024, “physical security”. It's all the same thing.