Saintly Cyber Security
Brian Roberts
Award-Winning Human Risk Management | Generative AI Specialist | Culture Change Expert
It may sound strange (certainly a bit politically incorrect), but my personal spirituality plays a pretty central role in my approach to Security Awareness. I’ve met more than a few InfoSec professionals who feel the same. I want to take a risk and share a line of thought that may be mildly interesting to those of you who relate, even if your religious background - or lack thereof - differs from mine.
I'm convinced that our work in cyber security can help us be good people.
This may be true of any profession, that one ought to use his or her work to do some good in the world. However, I think Information Security roles may provide an especially large number of natural opportunities to help others and do some good for our fellow human. Coming from a Christian background, I see many opportunities for potential intersection between my work and my faith (to be clear, I don't think being religious is a prerequisite to the general thought process of what follows).
As a thought experiment, I decided to see how far I could stretch the application of my work to my faith. There is a tidy little prescription for living a life of practical goodness, called "the works of mercy." In my faith-tradition, these are divided into two categories. One applies to the body (“corporal”) and the other applies to the mind (“spiritual”). Cumulatively, these efforts represent the ancient Christian’s idea of how a saintly person might spend his or her time on this earth. The lists go something like this:
Corporal Works: Feed the Hungry, Quench the Thirsty, Clothe the Needy, Shelter the Homeless, Visit the Sick, Visit the Imprisoned, Bury the Dead
Spiritual Works: Instruct the Ignorant, Counsel the Doubtful, Admonish Sinners, Bear Wrongs Patiently, Forgive Offenses, Comfort the Afflicted, Pray for Everyone
I know, I know. Good deeds are not (and shouldn't be) restricted to any particular check-list. Certainly, there are those who will prefer other, less religiously charged categories of goodness. However, as a Christian myself, here was my happy train of thought: I think an Information Security Awareness program/business might be able to check every box on these lists, depending on how it's deployed.
Corporal Works:
- By getting involved with (or starting) Cyber Security career support groups, we can promote paths out of vagrancy and poverty (thereby feeding the hungry, quenching the thirsty, clothing the naked, and sheltering the homeless).
- We may offer an uplifting, self-empowering source of purpose/direction by providing Security Awareness contribution/ambassador opportunities (and subsequent recognition) to capable people stuck in hospitals and jails (thereby visiting the sick and imprisoned).
- We can use an awareness program’s volunteer base (and Information Security teams) to raise money toward charitable support for funeral assistance or grief counseling (thereby burying the dead). As a bonus, some people include the practice of "alms-giving" (charitable donations) in the list of corporal works, and raising money for those in need certainly applies, here.
Spiritual Works:
- Every time we raise awareness and promote InfoSec best practices in ways that offer empowerment and hope, we simultaneously instruct the ignorant and counsel the doubtful.
- Every time we speak out against the injustices and threats of cyber-crime, we admonish sinners.
- When we reward self-reporting, and make employees feel like they always have a fresh start after an innocent mistake, we simultaneously bear wrongs patiently and forgive offenses.
- If we provide helpful resources and support for victims of everyday cyber-crime (e.g., identity theft, data loss), we comfort the afflicted.
- If we maintain a workplace the exudes calm, positivity, and compassion (instead of fear, uncertainty, and doubt) a strong argument might be made that we are “praying for everyone” – or at the very least sending a lot of good vibes in the direction of the people we serve.
…these are just some ideas for starting points. Maybe you can think of better ones. Maybe your own faith tradition has even more obvious overlaps with cyber security work. To me, this kind of thinking - how InfoSec work could help us bring more goodness into the world - is very personally motivating. I'm of the opinion that regardless of one's religious affiliation or lack thereof, an Information Security career can be a very saintly calling.
Innovate & Accelerate Advanced Manufacturing | CEO of US Center of Advanced Manufacturing | Building a Better Future by Engaging Partners and Driving Change
3 年This is a fascinating and delightfully introspection post with a long arc for every reader. I will look forward to opportunities to hear you speak. It’s given me a new perspective for looking at your chosen profession and a very valuable one at that.
CISO @ AtlantiCare | Executive Cybersecurity Leader
4 年Very insightful thoughts Brian. Purpose, mission and service fit in many areas of our lives and I appreciate the linkage you share between fulfilling cybersecurity duties and the positive impact we can make on the world at the same time. I've had many conversations in my past about our ability to serve society, and our responsibility as leaders to do just that.
Cybersecurity Leader | CxO Advisor | Bestselling Author | GT Blogger: 'Lohrmann on Cyber' | Global Keynote Speaker | CISO Mentor
4 年Brian Roberts - Thanks for this blog! Some really intriguing and helpful points. I agree with you, and a similar mindset is largely what led me to write my first book, "Virtual Integrity: Faithfully Navigating the Brave New Web" in 2008. (For more on this journey, see: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/another-look-at-virtual-integrity.html ) I have always seen my work as a calling that I have been given gifts (talents) to do and need to constantly reinvest to improve - very similar to the parable of the talents in the Bible. Educating others, helping protect people online and "redeeming cyberspace" are bedrock principles that can motivate us to make a difference online in the many good ways you describe. On a personal level as a Christian, I believe I am a sinner who receives God's unmerited grace and mercy. My faith motivates, impacts and informs every area of my life - including my professional work in cybersecurity. While I'm not made right with God ("saved") by my actions, my daily living (hopefully) flows from Christ dying for me and the joy of Easter. That being said, I am also careful to be clear that those of different faiths and even atheists can also do immense good online as well - often more than me. We work together on these good deeds and fighting evil in cyberspace. Bottom line, I believe that everyone can "surf their values" (from my book) and make a positive difference online. Thanks again for this post. Happy Easter to you! Stay safe.
CISO | Board Member | Author, Speaker, Panelist | FBI CISO Academy | Waging Spiritual Warfare in the Digital Domain
4 年I’ve always believed that while Fear, Uncertainty, and Doubt may sell products and momentarily change behaviors, calm and reasoned education that inspires people to see the vision is the best way to move an organization forward. The concepts that are mentioned in this post are the foundation of an education approach that we use to empower employees and encourage them. Security at work and at home only improves long term and fundamentally if people believe it and embrace it.