samedi 9 mars 2013
Jargon, Communication, and Respect.
« Qui se sait profond tend vers la clarté;
qui veut le paraître vers l'obscurité ;
car la foule tient pour profond tout ce dont elle ne peut voir le fond. »
“Whoever knows he is deep, strives for clarity;
whoever would like to appear deep to the crowd, strives for obscurity.
For the crowd considers anything deep if only it cannot see to the bottom:
the crowd is so timid and afraid of going into the water.”
One trending topic in InfoSec these days is our jargon usage and more generaly our ability (or lack of) to communicate properly with our stakeholders.
Sure, jargon and acronyms are a necessity in every tech/scientific field. As a vernacular language of the specialists.
But we must never forget: we don't work for ourselves, we are at the service of stakeholders, most of them non-specialists.
Here are some links related to this, in English and French:
RSAC2013 and InfoSec communication (English)
A real life example of what can go wrong (English)
Information Classification in simple words (French)
Excellent InfoSec Terminology Definitions (French)
IT specialists in general have this problem of having a hard time to communicate with non specialists.
It's even more true for InfoSec specialists, even when communicating with other IT fellows.
Certification bodies tell us we must adhere to important values: honesty, respect, responsibility, diligence, etc.
I think Respect is a key: proper communication avoiding obscure jargon is a way to respect others, and they will respect us in return, and more importantly listen to all the fear-mongering, boring and hindering/blocking advices and recommandations we give them ;)
Without this, InfoSec is doomed to fail.
I worked for some years for an antivirus company. This industry is crouded, many competitors. But one thing I marked: key people of these companies often work together and have good relations, doing presentations in common at InfoSec conferences, referencing each other's work in articles, forums, blogs or in social media.
I remember internal orders we had when one competitor had some source code leaked on the Internet: don't try to get it, if media contact you about this, don't answer and worst of all, don't despise. Direct them to our official PR service.
In a word most of them respect each other even if they work for competing companies. Nobody boasts to "go thermonuclear" against another.
This is a good sign, and seems to be mostly true in the InfoSec community in general, not only in the antivirus industry.
Of course, there are strong-minded people in this field, it may even be a requirement to be a good InfoSec specialist ;)
And there are some polemic topics, offensive security currently the main one. All businesses have their darker side.
I'm kind of a newbie in InfoSec, and I may be a bit naive about this. But I hope Respect is and will remain a key value in this field. I deem it's a necessity.
Famous scientifics, such as Louis de Broglie consider one of their main missions is to popularize their arcane field, as a service to the society and humanity as a whole.
We must follow this track.