6 cybersecurity experts share twitch-inducing pet peeves
Everyone has that thing. That trigger that makes a person twitch. Whether that's standing on the left side of an escalator, walking too slow on the sidewalk or coworkers neglecting to take home last Tuesday's Chipotle guacamole (yes, it has indeed gone bad).
Mere annoyances and pet peeves can fester in the workplace and make for tense lunchroom conversations. But as professionals, overreaction is not recommended and people have to just grin and bear it.
Pet peeves in the technology industry, however, center around perceptions in the field. Misunderstandings about technology implementations, and just how much works goes into a project, can set off the most demure employee. In cybersecurity in particular, many annoyances focus on the misuse of words and industry lingo.
At RSA Conference 2018 in San Francisco last month, I spoke with six experts about their pet peeves. Here's what they had to say:
Jenny Menna, SVP of Security Intelligence, Engagement and Awareness at U.S. Bank:
"It drives me crazy that people are now using 'active defense' as a buzzword when historically it meant you were doing something illegal. ...
There's baggage in the financial sector after the DDoS attacks and what can you do to not just protect yourself but to take action, so I hate that people are using that as the new buzzword for their products when it has that connotation."
Gus Hunt, managing director and cyber lead for Accenture Federal Services:
"The increasing gap between the haves and the have-nots ... what you're seeing happen is that because of the nature of the shortage of skills and the cost of doing [business], big companies and organizations have the wherewithal to hire the talent and can pay the prices, leaving the small and medium and the mom and pops in the dust.
And yet we are so interconnected in this world across the board that we are now vulnerable because they're being left in the dust. We have to find a way to raise all boats across the board."
Marc Spitler, sr. manager of Verizon Security Research at Verizon Enterprise Solutions:
"The jargon that is used. The inability for people to use even the word 'hack' correctly when sometimes it's not hacking, it's malware.
And to extend upon that, anytime someone says 'malware incident,' that can be a little bit annoying because [in] the majority of data breaches, if there's any level of sophistication there's going to be malware in some form or fashion, either as a tool that is invoked after compromise or as the means of compromise."
Juan Pablo Perez-Etchegoyen, CTO of Onapsis:
"The size, I think. It's getting so big and there's so much stuff, I mean, putting myself in the shoes of a CISO, it's probably nearly impossible to really decide what's critical and what's not. It's really really hard [to] scale and get the right resources. ...
I would love for things to be simpler, but it's not going to get any better in the future. Everything is interconnected. Everything is digital. So security is going to become literally a part of our lives moving forward."
Tammy Moskites, managing director at Accenture Security:
"When I go into organizations as a whole, they don't have an inventory of their assets. They do not know what's accessing what to their network. ... [so it's] foundational security, security 101. You can't secure and protect what you don't know you have. It's really important to know where your crown jewels are.
The other pet peeve of mine is when people put HIPAA with two P's and not two A's."
Mark Nunnikhoven, VP of cloud research at Trend Micro:
"My cybersecurity pet peeves are more directed at the cybersecurity community. ...
I think, in general, usability is a really challenge. The myth in the security community is that it's security vs. usability. ... the vast majority of people and the vast majority of breaches and incidents happen because people are just trying to get stuff done and the security was too onerous or too challenging.
I think that, coupled with the general attitude of not seeing ourselves in the security community as educators — it's our job to make the case, it's our job to inform people about the challenges because thankfully we are getting the conversation in the mainstream media.
We are getting a two-day grilling on the Hill about data privacy and yes the questions were all over the map, but that is a huge win for security and privacy in general that it's in the mainstream consciousness. That's an opportunity to educate people further and the fact that we don't take advantage of this enough is a huge pet peeve of mine."
Follow Naomi Eide on Twitter