Cybersecurity is a very hot topic right now, for example:
· A contact in the UK government agency responsible for government information security has reported anecdotally that they have had more ministerial visits in the last 12 months asking about cyber than in the last 10 years for any purpose.
· A friend who is an audit partner in a Big4 accountancy firm in the UK has spent many years trying to get boards to consider information security, in the last six months he has seen an unprecedented groundswell of interest from board members asking about cyber. It’s one of their hot topic items right now and every board is asking him his opinion.
It is easy to dislike a sexy ill-defined new marketing term for what is essentially what we’ve all been doing thanklessly for years. But like it or not cybersecurity and it’s constituent parts: cyberwar, cybercrime, cyberespionage, cyberactivism and cyberegotism presents one of the best opportunities we have had for a long time to get support from policy makers and decision takers for improving security.
Cybersecurity has traction.
So what does this mean? I’m not a IT security specialist or an information security specialist anymore, I’m a cybersecurity specialist. It gets me the attention of the people I need to influence.
Even if you hate the term I think you have to consider calling yourself the same thing and you need to think about how what you’re doing is tied to the cybersecurity agenda, and how you are going to articulate that link.
Pandering to folks who use ‘cyber’ as a noun (it is an *adjective* – oh yes it is) really hurts.
I’m afraid that calling myself ‘cybersecurity analyst’ or ‘cybersecurity specialist’ will get me shunted into an operational security role grepping SIEM alerts and being woken at 3AM by a false positive SMS messages from the security event monitoring system I masochistically configured to let me know if a script kiddie is knocking.