Cybersecurity is one of the greatest societal challenges of the 21st century. It transcends technology and affects our privacy, financial systems, health care, economy and the defense of our country. As technology advances at a quick pace, the world of global business and commerce transforms. The rapid technological revolution has, as a result, created new cybersecurity challenges.
As security professionals, it is our responsibility to clearly articulate and educate our employers, peers, business partners, clients and our society regarding information security. This is where we have failed. Very early in my career in information security (and blinded by my own ignorance and arrogance), I had little patience for clearly articulating and sharing the risks, challenges and solutions with my employers, peers, business partners and, least of all, with my friends and family. Life has a way of teaching us humility.
We can help our organizations by losing the technical jargon, and by being willing to share our passion for information security with people at all levels of our organizations. Security pros must abandon the ivory tower.
We, as security pros, must also find ways of clearly articulating and educating others regarding the importance that every person has in ensuring security and privacy in a digital community. People are the foundation of our society and the most important foundation in effective information security. We must invest in the future of our global village by investing in sharing our knowledge and our ethical commitment with people.
As someone working in the security field, I often read news stories regarding proposed or enacted cybersecurity legislation by the federal government or by the states. Political ideology aside, I believe legislators drafting or sponsoring cybersecurity legislation have honorable intentions for protecting our country's technology and critical infrastructure. The problem is that most legislators do not clearly understand the technical complexities and the business-process impact of cybersecurity across different industry sectors as well as across various organizations.
In addition, many times, we techies sit on the sidelines and wait for new regulatory compliance mandates to add to our workload. But, there are many things we can do as security professionals to expand the common body of knowledge of information security in our society. The most important question remains: Security professional, what will be your legacy to our 21st century society?
Jaime Chanaga formerly served as the chief information security officer for a health care organization.