By Alina Stancu (Marketing Coordinator, Titania)
About the Author
In this comparative article, Alina Stancu, Marketing
Coordinator at Titania, talks about the struggles of discussing information
security to outsiders and the similarities she experiences discussing her
country of origin, Romania. Alina joined Titania whilst completing her final
year studying; Advertising, Marketing and Public Relations at the University of
Worcester. Alina has since become a valued member of the marketing team and
during her time at Titania has developed an enviable amount of knowledge about
the industry and the importance of cyber security.
I am familiar with the pains of discussing information
security with “outsiders”, thanks to my Romanian origins. Explaining my country
to non-Romanians is not much different to talking to non-technical people about
security. Everyone has a vague idea of what it is, everyone knows a couple of
standard stereotypes (thank you, Hollywood!), everyone has some expectations of
what its inhabitants should look like.
Note: All the
questions below have been posed to the author at one point or another, by
various friends, acquaintances, strangers on the bus. You always start the
conversation with the premise that no one will know what you are talking about,
so you must accommodate the interlocutor and provide some context about the
information security industry, clarify it’s a self-standing profession, and not
to be confused with the more generic IT-support.
Interlocutor 1: So,
is Romania a part of Russia?
Alina: No. Part of the former eastern European communist
bloc of countries, but that ended in 1989, with the revolution. We’ve been
aboard a merry democratic transition ever since…
Interlocutor 1: Ah…
so it was part of Russia?
Alina: No
Interlocutor 1: I don’t get it. Sorry, I wasn’t very good at
Geography. To be honest I don’t know much about Romania. It’s one of those
places that you know they exist, but you don’t really hear much about.
Alina: That’s ok. It
wasn’t ever part of Russia. We have lost Moldova (which is occupied by
Romanians) to Russia, but Romania was never assimilated.
Interlocutor 1: Is it civilised? Do you have normal
amenities?
Alina: What’s a normal amenity?
Interlocutor 1: Don’t know… electricity?
Alina: Mhm. We kinda need it. For, you know, essential
living arrangements… like heating, lightning, Internet. Don’t get me wrong, we
like living in caves heated by fire, as much as the next guy, but once in a
while the iPad runs out of power.
***
Then, the dialogue seems to get a little more on track as
people start recalling some names, or stories they may have read in the news.
Hacking stories are not necessarily the most high-profile, but they do manage
to draw some interest, awe or fear. Hollywood does drive some form of cyber
awareness, at least. Problem is Hollywood also has a knack for exaggerating.
Interlocutor 2: Ah! Romania… I remember… Ceausescu. And that
vampire… Dracula, right? He was some kind of a leader or king in your country,
wasn’t he? Was he really a vampire?
Alina: Leader, yes. Vampire, not quite. Hollywood hasn’t got
a great track record with sticking to facts and accuracy.
***
Then follow the natural confusions between the bad guys
(cyber criminals) and the good guys (ethical hackers). Changing the perception
that not all hacking is bad hacking and explaining that there is an actual need
for ethical hackers (or penetration testers) to use their knowledge for good is
always a challenge.
Interlocutor 3: I read that there are lots of Romanians
begging on streets, in many European countries. Doesn’t make your people look
very good. You see them in the news. I have to say it is a bit worrying.
Alina: Only a small proportion of the ones reported in media
are actually Romanian. However, semantics, misleading information and lack of
interest result in a wide-spread confusion outside of Romania’s borders.
Altogether, we have good and bad just like anywhere else,
but when you’re an immigrant, you get scrutinised under microscope. Social
issues get magnified to suit political agenda, and you find yourself in a very
generic box with the label “dangerous” attached to your forehead.
***
Next, you explain the language. The technological lexicon
can put off even the most patient, well intended ear. Most of the lack of
interest towards cybersecurity stems from the intrinsically discombobulating
vernacular attached to the industry. All the while, the more popular siblings
such as mobile apps, web clients, social media have entered the colloquial
jargon thanks to necessary integration into people’s professional and social
lives. You would be hard pressed today for example, to find people not knowing
what Microsoft Office is, or how to operate Skype.
Interlocutor 4: What kind of language do you speak in your
country?
Alina: Romanian
Interlocutor 4: Is it like Russian, Polish? It sounds a
little like it.
Alina: Haha! More like Spanish and Italian rather. Romania
is part of the countries speaking
Romance (or Latin) languages
Interlocutor 4: What did you say it’s called?
Alina: Romanian
Interlocutor 4: I don’t believe you.
Alina: …
***
Finally, gently break the expectancies of what the
information security professional should look like. These particular
stereotypes are a direct result of media portrayal of “geeks” as socially
awkward people, mostly men (which in turn reflects the gender imbalance the
industry deals with), that have little else in their lives aside from computers
and gizmos. Is there any wonder that future generations may not want to be
associated with these negative portrayals?
Interlocutor 5 (knowledgeable in ethnic physiognomy): I like
Romanian girls. You don’t really look Romanian.
Alina: What does a Romanian look like?
Interlocutor 5: More blonde, with paler skin… I mean you
obviously have a light skin, but you are not blonde, are you?
Alina: No. Neither is a large proportion of my co-nationals.
But go on, what else should a Romanian look like?
Interlocutor 5: Don’t know, but they are usually very
pretty. Alina leaves pondering over her national identity… and over her hair
colour.
***
Much like a state, the information security industry has a
different language, interesting people, its own pet hates, achievements, heroes
and villains. That is not to say that it should remain marginalised and
isolated from the rest of the society. Ignoring computer security is no longer
a choice anyone can afford to make.
A country’s need for tourism, foreign policy and defence
drives the national brand marketing. For an industry, bridging the
communication gap means patience, cutting through the jargon and breaking
stereotypes through education.
There is another problem that plagues the industry, and that
is the “tired professional”. The IT professionals that after many years spent
working with IT illiterates have got fed up with explaining and prefer to keep
the strangers outside. Putting this in the same perspective of encountering
people from all over the world, should you stop explaining to people where you
come from just because they don’t know? Should they stop explaining to you
about things you don’t know? Is there any point in harvesting knowledge, if it
can’t be shared with others?