May 6, 2012 /
Listening to the Noobs on Security - Or Not?
How much attention should cyber pros pay to comments from the "noobs" about technology and security?
I started thinking about this topic after reading an intriguing Computerworld article entitled: Dispatch from the technology culture wars: What geeks and noobs need to understand about each other. In case you’re wondering, a noob is slang for newbie or, as Erin Elgin describes in this piece, “nontechnical people who want gadgets to just work.”
This is a thought-provoking article that is worth reading – covering the “technology cultural wars.” Here’s an excerpt:
“Computer technology used to be the exclusive province of geeks. You couldn't get anywhere near a computer before 1977 unless you were a certifiable, card-carrying geek.
Things started to change in 1977 with the introduction of the Commodore PET, the first relatively mass-marketed personal computer. Later came the graphical user interface, the Mac, Windows and the Internet. With each new generation of technology, computers became more "user friendly" and in rushed the noobs.
After the turn of the millennium, the noobification of the technology scene accelerated. The rise of "Web 2.0" and the mobile revolution were all about simplification. Creating a website was replaced by blogging. Blogging was replaced by microblogging. The cloud eliminated the need to install and manage desktop applications. The post-PC revolution, as exemplified by the Apple iPad, embodies the noobification of technology to an unprecedented extreme.
With each advance, there's an increase in the percentage of noobs who use technology.
Today, geeks are a beleaguered minority, almost strangers in their own house.”
The article goes on to describe how this difference in viewpoints has a dramatic impact on many areas of life and what we do at home and work - from predicting new product adoption success rates to Facebook’s stock price.
But taking a slightly different twist on this topic, allow me to suggest that security and privacy experts often have the same issue as the geeks – probably because many (not all) security pros are actually geeks. (Yes, I know most prefer to be called hackers.)
Put another way, what’s the right balance between easy to use, easy to implement, easy to modify and on the other hand “secure.” In many cases, security seems to be at odds with a simple user interface. For example, longer, complex passwords are a pain to remember and are viewed as a hindrance to most noobs.
Another aspect of this question regards mobile device (smarphone) security. There is an ongoing debate about what operating system is more secure – and Symantec reported that iOS is more secure than Android. This has led most enterprises picking iPads over Android-based devices.
Finally, there are those within the security field that believe that cybersecurity itself is way too complex. Our network architectures, firewalls, zones and more make securing the enterprise almost impossible against an agile enemy. There have been several papers written on this topic of radically simplifying security. Should we even start over on cybersecurity?
What do I think about this “technology cultural war?”
I’ve found that I learn a ton from my family and non-technical church friends regarding technology, security and work. (Yes, they are all noobs.) To say my wife Priscilla really likes her iPad would be a vast understatement—like saying Mount Everest in a tall hill. My daughters are digital natives. I watch them and see what they do online and how they do it. I check-up on their Internet security, and we interact on tough questions that fall into the “grey zone.” This is part of who I am and how I was wired – (see the end of this CSO blog post for more on this topic). I’ve heard from many others around the world that think and act the same at home and work. It’s in our DNA, and I guess that makes us security geeks.
But I also realize that good customer service is essential for security professionals, and we need to listen to the noobs. As Elgin describes, they are the majority. They have really good points and the power of the wallet. They predicted this iPad craze way better than I did. I’m fascinated by how they think and interact.
I suspect that there will always be somewhat of a struggle between the noobs and the security organizations in most enterprises. Like the love/hate relationship that most citizens have with the police, security pros are often admired (after stopping a hacker attack) and sometimes despised (after you forget to bring your 2-factor hard token along on vacation). The feelings can also be similar to being pulled over for a traffic ticket when doing 42 on a 30 mph road.
But that’s what makes life interesting, challenging and fun. It means we rarely have a dull moment in our government work – and it keeps me coming back for more.
What are your thoughts on the noobs in your life?