Earlier this month, Wired published an article titled “The Worst Cybersecurity Breaches of 2018 So Far“. It shouldn’t be too tough to figure out what the article discussed.
Halfway through the article I asked myself, “Why do we even bother?” Let me unpack this a little for you so you understand exactly what I mean.
As a cybersecurity professional, I do as others in my field do every day. I tell people to use strong passwords, to make sure they don’t re-use those passwords on any sites, to be watchful for phishing emails, to never send sensitive info like credit card or Social Security numbers via email, text message or chat, and to avoid using open wi-fi connections without a VPN and other safety precautions. All of these recommendations are intended to keep their personally identifiable information, or PII, out of the hands of bad people who will use that information for profit or harm.
The problem is that there are companies like Equifax and Exactis which make money by collecting and selling our PII without us ever giving them our permission or consent. Then, these same companies neglect to take basic security measures to safeguard this extremely sensitive and valuable data. The information contained in either the Equifax or the Exactis breach has the potential to ruin the lives of millions of people should that data fall into the wrong hands.
And there is nothing I can do about it.
And so I ask myself, “Why do we even bother?”
For me, it’s personal. I grew up as the only geek in a family with deep roots in incident response and service to community and nation. Various members of my family taught me important lessons about what is important, and how a good person should be in this world.
Dad, a forty-year veteran of the Los Angeles City Fire Department, taught me to be mindful of potential hazards, to handle fire, electricity, and sharp objects with care and respect, and to help others in need, regardless of race, creed, or political party affiliation.
An uncle, who served in law enforcement for decades after his service in Viet Nam as a young enlistee, taught me that there are bad people out there who can and will do bad things if they can, that being alert is a kind of defense in itself, and that predators will go after easy prey rather than a hard target any day.
Another uncle served in the Navy for thirty years before retiring with honors. He taught me that dedication, service, and doing a job well brings rewards that are more valuable than any to be found on a ledger sheet.
Lastly, my grandmother taught me that empowering others through the gift of knowledge does more than you can imagine, and more than you will ever know, because the impact you have on one person will ripple out into the world.
When I made the decision to change career paths, to leave web development behind and dive head-first into cybersecurity, more than a couple of my friends reacted by saying, “OMG! That is so you!” or in variations along those lines. They knew of my drive to make the world better and hopefully safer for people who don’t see the risks as clearly as I do. People like my grandmother, who could never manage anything more advanced than her old electric typewriter. Or my mother, who never managed to find the “any” key, no matter how hard she tried. Or any one of the thousand of people I have taught basic computer skills to over the years, all of whom who wanted to do the right thing, and who had no idea what that looked like.
Others in my field will have their own reasons for doing what they do, and those reasons will be equally personal and reflective of their values and experiences. Ultimately, though, we all want the same thing. We want to make the world a better place for those who do not see the hazards we do.
That is why we bother.
Photo by Geralt on Pixabay