Encouraging the public and companies to be responsible for digital data as well as helping to recruit more people to the cybersecurity industry
The term ‘cybersecurity’ must change with society.
Cyndi and I have spent a lot of time speaking with students, politicians, and business leaders about cybersecurity and concluded that the term ‘cybersecurity’ does not invoke the personal sense of responsibility necessary, nor is it as inviting to the majority of the public including minorities, women and young adults who might not seek a career in this field due to lack of exposure of what the term means.
We must recruit in greater numbers into the industry. Cyber touches all of our lives, yet cybersecurity is perceived by the general public as something only experts do and can solve for us. This is the wrong message. We would like to suggest the use of the term “Data Care” to make cybersecurity synonymous with personal responsibility and expand our industry in much the same way medical professionals have done with the term “Health Care.”
Finally, diversity is imperative, so we must encourage as broad participation as possible because the fact of the matter is, Data Care is everyone's responsibility.
The term Data Care is not new.
It was most notably recently used in a United States bill titled the “Data Care Act of 2019” and focused on requiring social media vendors to be more responsible with their customer’s private data. We think this is great but want the term Data Care to encourage the general public to be responsible for their data as well as help recruit more people to the cybersecurity industry.
The cybersecurity industry has done a good job of amassing amazing technical experts, prolific technical standards, and developing very technical solutions. However, this has had the unfortunate side effect of causing the general public to think that cybersecurity is a technical solution often managed by someone else. The technical nature of cybersecurity gave the general public a false feeling of not being responsible to care for the data they generated in their daily lives or business.
"Data Care" allows us to emphasize the concept of cybersecurity being a team sport, where everyone has a responsibility to take care of their data to keep it protected and private. Right now, if you ask anyone outside of cybersecurity - "Do you have cybersecurity?" they will undoubtedly tell you about some technology they have, like a password manager, or a firewall, or how someone else in Information Technology (IT) is responsible for it. But if you ask them how they personally protect the privacy of their own data, you will get a much different reaction.
“Data Care” also allows us to have a context to discuss the personal implications of using technology like social media and mobile devices. When most of us went through K-12, we learned how banking, credit cards, and home loans worked. Putting your money in a bank rewarded you with interest and using a credit card was all about convenience. However, the same lessons were not taught for social media. Today, our personal data is mined in exchange for the free use of those platforms. For example, our phones contain everything about us, yet we have not taught the general public how they need to protect themselves from these ‘convenient’ devices, or from being attacked as a vector because they are vulnerable, or how to back phones up because they are breakable, or even how to secure them because they are easily stolen!
Data Care is very similar to the term “health care” by design.
Data Care is very similar to the term “health care” by design. We chose this to specifically leverage terminology that was familiar to the general public. The health care industry is full of job categories and specifications the public recognizes as being “health care” related such as geriatrics, pediatrics, mental health, and oncology. In cybersecurity, we don’t get this benefit. Instead, we have created job categories that make sense to the cybersecurity industry but not to the general public. We have terms like “red team”, “cyber hygiene”, “penetration tester”, “network auditor”, “crypto custodian” and “security operations center analysts”. Speaking about the cybersecurity industry as the “Data Care” industry allows the general public to understand that there are different types of cybersecurity careers, skill levels, and technologies that are all related. Additionally, there are various entry points in cybersecurity that do not involve a technical background such as legal, policymakers, insurance providers, regulations, marketing, and the like.
Diversity of race, thought, and gender can also be increased through leveraging the term “Data Care” as a new industry name. Attracting a broader set of the population to future cybersecurity roles is hurt by the sheer volume of data required to become an ‘expert’ before being taken seriously. To be knowledgeable in cybersecurity today, an individual must know compliance, technology, threats, customer service, privacy, how the Internet works, and how the IT help desk works. It's like requiring new recruits to the healthcare industry to be both brain surgeons and cancer doctors before they can apply a Band-Aid.
Recruiting talent is easier.
Recruiting talent to join the "Data Care" industry is easier than doing so for a Cybersecurity industry because there is less of an intimidation factor. This will make it less challenging and more inviting for minorities and women who feel they don't have to overcome both looking different and being an instant expert in all things cybersecurity.
Cybersecurity is one of the only career fields where you can enter with some basic training that has been self-learned or gained through certification training and eventually gain enough experience and knowledge to gain management positions at companies and organizations.
Cyndi and I routinely meet senior cybersecurity leaders who are financial accountants, programmers, re-trained veterans, and business majors. Anyone can excel in this field regardless of race or gender. Talking about our industry as “Data Care” lets teachers, parents, and politicians tell this story more easily as well.
Ultimately, if we don’t start speaking the same language as our society, we will continue to have low interest in both protecting data and recruiting the number of people required to answer the call. Renaming our industry, the “Data Care” industry is the first step towards making cybersecurity more personal for the general public, and once it becomes personal, the responsibility and desire to help others will follow!