Listening to the Noobs on Security - Or Not?

How much attention should cyber pros pay to comments from the "noobs" about technology and security?

by / May 6, 2012 0

How much attention should cyber pros pay to comments from the "noobs" about technology and security?

I started thinking about this topic after reading an intriguing Computerworld article entitled: Dispatch from the technology culture wars: What geeks and noobs need to understand about each other.  In case you’re wondering, a noob is slang for newbie or, as Erin Elgin describes in this piece, “nontechnical people who want gadgets to just work.”

This is a thought-provoking article that is worth reading – covering the “technology cultural wars.” Here’s an excerpt:

“Computer technology used to be the exclusive province of geeks. You couldn't get anywhere near a computer before 1977 unless you were a certifiable, card-carrying geek.

Things started to change in 1977 with the introduction of the Commodore PET, the first relatively mass-marketed personal computer. Later came the graphical user interface, the Mac, Windows and the Internet. With each new generation of technology, computers became more "user friendly" and in rushed the noobs.

After the turn of the millennium, the noobification of the technology scene accelerated. The rise of "Web 2.0" and the mobile revolution were all about simplification. Creating a website was replaced by blogging. Blogging was replaced by microblogging. The cloud eliminated the need to install and manage desktop applications. The post-PC revolution, as exemplified by the Apple iPad, embodies the noobification of technology to an unprecedented extreme.

With each advance, there's an increase in the percentage of noobs who use technology.

Today, geeks are a beleaguered minority, almost strangers in their own house.”

 The article goes on to describe how this difference in viewpoints has a dramatic impact on many areas of life and what we do at home and work - from predicting new product adoption success rates to Facebook’s stock price.

But taking a slightly different twist on this topic, allow me to suggest that security and privacy experts often have the same issue as the geeks – probably because many (not all) security pros are actually geeks. (Yes, I know most prefer to be called hackers.)

 Put another way, what’s the right balance between easy to use, easy to implement, easy to modify and on the other hand “secure.” In many cases, security seems to be at odds with a simple user interface. For example, longer, complex passwords are a pain to remember and are viewed as a hindrance to most noobs.

Another aspect of this question regards mobile device (smarphone) security. There is an ongoing debate about what operating system is more secure – and Symantec reported that iOS is more secure than Android. This has led most enterprises picking iPads over Android-based devices.   

Finally, there are those within the security field that believe that cybersecurity itself is way too complex. Our network architectures, firewalls, zones and more make securing the enterprise almost impossible against an agile enemy. There have been several papers written on this topic of radically simplifying security. Should we even start over on cybersecurity?

What do I think about this “technology cultural war?”

I’ve found that I learn a ton from my family and non-technical church friends regarding technology, security and work. (Yes, they are all noobs.) To say my wife Priscilla really likes her iPad would be a vast understatement—like saying Mount Everest in a tall hill. My daughters are digital natives. I watch them and see what they do online and how they do it. I check-up on their Internet security, and we interact on tough questions that fall into the “grey zone.” This is part of who I am and how I was wired – (see the end of this CSO blog post for more on this topic). I’ve heard from many others around the world that think and act the same at home and work. It’s in our DNA, and I guess that makes us security geeks.

But I also realize that good customer service is essential for security professionals, and we need to listen to the noobs. As Elgin describes, they are the majority. They have really good points and the power of the wallet. They predicted this iPad craze way better than I did. I’m fascinated by how they think and interact.

I suspect that there will always be somewhat of a struggle between the noobs and the security organizations in most enterprises. Like the love/hate relationship that most citizens have with the police, security pros are often admired (after stopping a hacker attack) and sometimes despised (after you forget to bring your 2-factor hard token along on vacation). The feelings can also be similar to being pulled over for a traffic ticket when doing 42 on a 30 mph road.   

But that’s what makes life interesting, challenging and fun. It means we rarely have a dull moment in our government work – and it keeps me coming back for more.

What are your thoughts on the noobs in your life?

 

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso