The ABCs of Information Security
Learning the ABCs is important to understanding the English language, and the ABCs of Information Security are important for understanding the basic concepts in information (and people) protection. These ABCs are written as education for people who don’t speak information security natively and serve as good reminders for those of us already fluent in this confusing language.
Here’s our progress thus far:
- “A” is for accountability
- “B” is for business
- “C” is for cybersecurity
- “D” is for data
- “E” is for everyone
- “F” is for fundamentals
- “G” is for governance
- “H” is for holistic
- “I” is for if
And now for “J”.
One is justified in their joy and jubilation from the judicious and just protection of information.
The jibes, jeers, judgement, and jitteriness of losing to jackanapes along our journey through the jargon, jabberwocky, jactitation, jostling and jackassery of our juvenile industry makes us justifiably jaded.
There you have it.
“J” is for Jaded
We’re not all jaded all the time, but too many of us jaded too often.
Feeling jaded seems to come with the territory. As someone who works in this industry, sometimes it feels like we’re fighting a fight that can’t be won, we’re losing ground, and that life has given us the short end of the stick. Given enough time in this industry, you’ll either become jaded or you’ve fought hard against becoming so.
If you’ve done something so much that it doesn’t excite you anymore but just leaves you tired, consider yourself jaded. If someone says you look a little jaded, it just means that you look tired.
The formal definition of “jaded”, courtesy of George Merriam and Noah Webster (not really, these two are long gone and Merriam Webster, Inc. was acquired by Encyclopedia Britannica, Inc. in 1964):
- Fatigued by overwork : EXHAUSTED
- Made dull, apathetic, or cynical by experience or by having or seeing too much of something.
Being fatigued, exhausted, overworked, dull, apathetic, and cynical are not things we should aspire to.
Jaded is Bad
There is nothing good about being jaded. People who are jaded are live a sad life, or at the very least, a life with less joy than there should be.
Here’s what Dr. Stephen Diamond (a clinical and forensic psychologist) has to say about jaded people:
bitter, jaded people tend to project a self-righteous attitude suggesting they’re justified in feeling resentment. They’re often bored and cynical. They observe and criticize more often than they participate. Because they believe they’ve been burned, they no longer have the trust necessary to build solid, positive relationships. They believe the world is unfair and freely express their impatience and anger. They no longer expect success, but don’t accept responsibility for their failures; instead, they blame others. They’re almost always irritable and frequently express annoyance in most situations.
The highlighted words represent traits that are too common with people in our industry, some of these people we know personally, and maybe one of those people is you.
Jaded people often lash out at others. Bitter sarcasm and criticism are hallmarks. They often feel like they’re victims of what they perceive as injustice. The injustice leads to resentment, anger, and general unhappiness. Jaded people are more likely to suffer from burnout, mental health issues (depression, anxiety, et al.), broken relationships, and chemical dependency (self-medication).
Again, think about people we know in our industry; the people we fight alongside every day. There are people we know personally who have a self-righteous attitude, criticize more than they should, and have lost patience with “dumb users” and/or “incompetent management”. Dialogs such as these are examples:
US: “We need to educate our users and constantly make them aware of information security dangers.”
JADED US: “Why waste our time or money? They don’t get it and they never will. They just keep clicking on links and choosing sh*tty passwords.”
US: “Let’s figure out a better way to communicate with executive management and the board. If they understood better, we’d be able to secure the budget we need.”
JADED US: “What’s the use? Management doesn’t give two sh*ts about information security!”
Someone who’s jaded has given up, lost hope, and just exists to exist. They’re debilitated and they’re debilitating to the people around them. Someone who isn’t jaded, is still fighting the good fight. They’re relaxed, rested, energetic, and active. Jaded people have a negative impact. People who aren’t jaded make a positive difference, creatively solving problems and hoping for better outcomes. The truth is, jaded people hurt themselves and others. People who aren’t jaded help themselves and others.
Jaded people hurt themselves and others.
Jaded people are NOT bad people. Please don’t make this mistake. Often, they are good people who care(d) deeply about something. They care(d) so much, they took it personal and suffer(ed) for it.
To simple? Maybe, but the point is this; we need to do everything we can to avoid becoming jaded.
Start with a simple and honest self-evaluation; are you jaded? If you’re not sure, ask someone close to you. Then decide:
- If you’re jaded, choose to come back or not.
- If you’re not jaded, learn how to keep yourself from becoming jaded or not.
The mindset and skills are the same either way.
People who work in our industry often (or always) find our work stressful. When we become jaded, we negatively impact our quality of life and become much less effective in our work. Back to our definition of the word; jaded people are fatigued by being overworked and/or made dull, apathetic, or cynical by experience. Being jaded is not acceptable to me, and it shouldn’t be acceptable to you either. So, let’s do something about it.
Fatigued, Overworked, and Exhausted
People who work in our industry are some of the most passionate, motivated, and intelligent people anywhere in the world. We’re unique and we’re amazing! The passion pushes us to work our tails off, mostly without appreciation beyond our paycheck (we do get paid well though). Some of us work 50, 60, 70+ hour weeks, forgo vacations, and sleep much less than we should. Our passion will work against us when/if we’re not in balance. The constant hard-driving workload can lead to fatigue and exhaustion. Eventually, something has to give.
To make matters worse, it doesn’t matter how many hours we put in, security incidents are inevitable. No matter what we do, we cannot prevent all bad things from happening. When the bad thing happens, then “they” notice; the appreciation we longed for becomes condemnation. Nobody cares about the 1,000s of hours we put in, often while others weren’t watching. They want to know why the bad thing happened and who’s to blame.
Feeling any injustice? Oh, how we need tools to fight against becoming jaded! So, what to do?
Somewhere along the line, we might get our priorities messed up. Our job is a job. We do it as well as we can, but we must recognize that work is not life. Work is part of life, but it is NOT life. Good priorities might look something like this:
- Spouse (if you’ve got one)
Notice how “self” isn’t listed? Self supersedes all priorities. Self-preservation is primal.
You could switch #4 (Work) on the list with #5 (Friends) and still be OK. Regardless, work is NOT in the top three. Bad priorities look like this:
The first list lends itself to health, the second list lends itself to becoming fatigued, overworked, and exhausted. Couple messed up priorities with the nature of our work; guaranteed failure (if failure is defined as preventing all bad things), and you have a recipe for becoming jaded.
Health (Spiritual, Mental, and Physical)
All health requires maintenance. If we’re not maintaining our health, we can expect it to fail (eventually) and we can expect it to suck.
This isn’t the place or time to preach Jesus to you, but we all need a spiritual “higher power”. This is the place we go when the world doesn’t make sense, and we all know the world doesn’t make any damn sense, right?! If you need help finding a spiritual advisor, reach out to a close personal friend for guidance. If you don’t have a close personal friend to trust for this guidance, you get my advice; seek Jesus! That’s all the preaching you’ll get (for now).
According to the National Institute of Mental Health, nearly one in five U.S. adults live with a mental illness (51.5 million people in 2019), and less than half (44.8% or 23.0 million people in 2019) received mental health services. Think about these numbers for a second. Due to the nature of what we do and the stress related to it, the percentages for us are probably worse than the U.S. population. Most of us rely VERY heavily on our minds, and if our minds our broken, then what? If you need help, or think you might need help, here are some great resources to check out (DO NOT IGNORE THIS):
- Help for Mental Illnesses (National Institute of Mental Health) – https://www.nimh.nih.gov/health/find-help/index.shtml
- Substance Abuse and Mental Health Services Administration – https://www.samhsa.gov/find-help/national-helpline
- Mental Health Hackers – https://www.mentalhealthhackers.org/
- PsyberResilience Project – https://www.thepsyberproject.com/
It’s easy to overlook our physical health, but we can’t. Most of us sit for hours on end at a computer keyboard. This is not healthy. We must get up, get out, exercise more, and eat healthier. There’s nothing glamorous about dying of a heart attack while reverse engineering a piece of code.
Our health has a direct impact upon being jaded. The more unhealthy we are, the more likely we are to become jaded. The inverse is also true.
Dull, Apathetic, and Cynical
The second part to our definition of “jaded” is being dull, apathetic, and cynical by experience or by having or seeing too much of something.
Seriously, how many times have we:
- Seen someone click a link they shouldn’t have?
- Witnessed someone fall for a phishing attack after we’ve taught them a kajillion times not to?
- Read about a breach that should have been prevented?
- Told people to master the basics, only to see them NOT compile/maintain an asset inventory?
- Shaken our heads at dumb mistakes people (including “we”) make?
- Beat our heads against the wall trying to get management to give a sh*t?
After a while, shouldn’t we just give up? What’s the use? People keep doing dumb things and making crappy decisions. Aren’t we tired of it yet?!
Spoken like someone who’s jaded.
Maybe it’s not them. Maybe it’s us.
Maybe we’re jaded because we have too many or the wrong expectations. We’re less likely to become jaded when things go well, when we experience things that are good (or exceed our expectations). It’s not like we’d say:
- “Dammit, Jane in accounting picked a great password again!”, or
- “Life would be so much better if Joe would just click links without thinking more often.”, or
- “It just sucks when management always gives us the budget we need for information security.”
Absolutely not. Some (or a lot) of our jadedness comes from being disappointed. We’re setting the wrong or unrealistic expectations, leading to disappointment, leading to frustration, leading to becoming jaded. We think expectations are good, but they’re often not.
What did we expect in the first place? Did we actually expect humans to NOT be human? Did we expect management to treat information security like it was THE issue versus AN issue? Did we expect people to listen to us when we don’t speak their language? Did we expect to not have breaches? Did we expect such a thing as risk elimination, or did we realize this is actually about risk management?
If we set any expectation, we should expect to be disappointed if we have expectations. Expect disappointment, and if it happens often and long enough, it WILL lead to frustration. Frustration is the last step in the path to becoming jaded. This is the “jade cycle” (simplified), see diagram.
The math: (-e + e2) = -d + -j, where e is expectations, e2 is better expectations, d is disappointment and j is jadedness. Essentially, fewer expectations and better expectations = less disappointment and less jadedness. Living life without expectations is NOT the goal, living a life with fewer and more realistic expectations is the goal.
NOTE: The exception is computers and other logical, binary things. We can always expect computers to do what we tell them to do. Care must be taken with emotional and non-binary (analog) things like human beings.
Beware and be aware of jadedness in yourself and others in our industry. It makes us less effective and it steals our joy. If you need help, ask for it. Being jaded is more common than many of us realize, and it does nothing to help our cause. The cause being better information security, and through it, better lives.
This is no honorable mention for “J” because it’s a letter we don’t use enough. 😉
Next up, “K”. What are some good relevant words for this letter?