The appearance of stereotypes about certain professions is largely due to the peculiarities of human thinking. It is always easier to accept some "established" views than to independently understand a particular phenomenon and draw conclusions.
As applied to information security specialists, there are quite a lot of stereotypes. Some of them are caused by the very history of the profession, others by the practice of interaction of "security guards" with other employees in the field, and others are completely based on a distorted perception of information technology.
In this article, we will analyze the main stereotypes about information security specialists that different groups have: customers, field employees, and ordinary citizens who do not interact with industry representatives on work tasks.
Another misconception that is typical for businesses is the attitude to information security as a product, not a process. This view is typical, as a rule, for companies that are just getting acquainted with cybersecurity and its various aspects.
Also, the management of companies often considers an information security specialist to be a "jack of all trades" who can equally effectively administer systems, control employees, and monitor compliance with regulatory requirements and compliance with regulatory documentation. Despite the fact that the position of information security manager involves all these types of activities, one person is simply physically unable to perform all tasks efficiently.
But the situation has long since changed. Training of an information security specialist can take place both in a civilian university and with the help of EdTech courses. Such a specialist can work in a completely public company from any industry: from finance and retail, to manufacturing and logistics.
But in the minds of many people, the stereotype of "old times" remains, so they perceive an information security specialist as a "supervisory authority", which, on the one hand," informs "the manager, and on the other, also writes" reviews " about employees to the competent authorities.
This distortion of perception comes from a lack of understanding of the work tasks of the "information security officer". For example, an information security specialist who monitors the activity of employees within the network does this not in order to "inform the boss" about what the employee does during working hours, but in order to protect them in time from downloading malware, entering data on a phishing site or in an online store infected with a skimmer.
In some cases, cybersecurity experts themselves unwittingly contribute to the emergence of a stable opinion about themselves. For example, if the head of the information security service does not "highlight" his activities independently, telling the management about how this month passed from the point of view of cybersecurity (what was protected from, how many times, what was analyzed and improved, what we are working on), then there is a high risk of getting a label of a loafer simply because the information security service reports on the work done no one knows.
If we talk about cinema, it sometimes serves for good, that is, popularizes the image of an information security specialist in society. For example, many modern pentesters and bug hunters first thought about this profession after watching the movie "Hacker" in 1995.
But if you look at it in general, the trend can not be called favorable, since most films idealize the image of a hacker as "a fighter against the system, for all that is good and bright", and security guards are exposed as just the same "cyber police" who beat the main character with "cyberdubes".
Another negative stereotype that is being promoted in the cinema is the perception of an information security specialist as a "hunter of himself" or "tomorrow's cybercriminal", which, for example, can be seen in the rather popular TV series "Offline".
Summing up, we can say that stereotypes about cybersecurity specialists rarely radically affect business and work processes, since the relevance and demand for the profession is growing, "pulling" the level of understanding of other people.
At the same time, the image of an information security specialist offered to the "general public" can be called, at best, neutral, but rather positive. There is a situation when in the eyes of the layman, a hacker is subconsciously perceived more loyal than an information security specialist.
As applied to information security specialists, there are quite a lot of stereotypes. Some of them are caused by the very history of the profession, others by the practice of interaction of "security guards" with other employees in the field, and others are completely based on a distorted perception of information technology.
In this article, we will analyze the main stereotypes about information security specialists that different groups have: customers, field employees, and ordinary citizens who do not interact with industry representatives on work tasks.
What customers think about cybersecurity
This year, the issue of ensuring information security has become much more acute, and it has become relevant for a large number of companies. Some of them are already familiar with information security engineers and other industry representatives, while others are thinking about information security for the first time (due to hacker activity or regulatory requirements).Another misconception that is typical for businesses is the attitude to information security as a product, not a process. This view is typical, as a rule, for companies that are just getting acquainted with cybersecurity and its various aspects.
Also, the management of companies often considers an information security specialist to be a "jack of all trades" who can equally effectively administer systems, control employees, and monitor compliance with regulatory requirements and compliance with regulatory documentation. Despite the fact that the position of information security manager involves all these types of activities, one person is simply physically unable to perform all tasks efficiently.
How do colleagues see a" security guard"?
Historically, information security is a rather closed sphere. The "first security guards", for the most part, were trained at the Institute of Cryptography and the FSB Academy, and then worked in closed companies and institutions.But the situation has long since changed. Training of an information security specialist can take place both in a civilian university and with the help of EdTech courses. Such a specialist can work in a completely public company from any industry: from finance and retail, to manufacturing and logistics.
But in the minds of many people, the stereotype of "old times" remains, so they perceive an information security specialist as a "supervisory authority", which, on the one hand," informs "the manager, and on the other, also writes" reviews " about employees to the competent authorities.
This distortion of perception comes from a lack of understanding of the work tasks of the "information security officer". For example, an information security specialist who monitors the activity of employees within the network does this not in order to "inform the boss" about what the employee does during working hours, but in order to protect them in time from downloading malware, entering data on a phishing site or in an online store infected with a skimmer.
In some cases, cybersecurity experts themselves unwittingly contribute to the emergence of a stable opinion about themselves. For example, if the head of the information security service does not "highlight" his activities independently, telling the management about how this month passed from the point of view of cybersecurity (what was protected from, how many times, what was analyzed and improved, what we are working on), then there is a high risk of getting a label of a loafer simply because the information security service reports on the work done no one knows.
What does society think about cybersecurity professionals
Stereotypes of the "broadest masses" are strongly affected by two factors:- The perception of cybersecurity is inseparable from cybercrime. Since hackers are "more mediated" than their "white" counterparts, public opinion often presents an information security specialist as a "counter-hacker".
- The influence of cinema. Books, movies, and TV shows are more involved in forming opinions about cybersecurity than any "real" reviews, interviews, and opinions.
If we talk about cinema, it sometimes serves for good, that is, popularizes the image of an information security specialist in society. For example, many modern pentesters and bug hunters first thought about this profession after watching the movie "Hacker" in 1995.
But if you look at it in general, the trend can not be called favorable, since most films idealize the image of a hacker as "a fighter against the system, for all that is good and bright", and security guards are exposed as just the same "cyber police" who beat the main character with "cyberdubes".
Another negative stereotype that is being promoted in the cinema is the perception of an information security specialist as a "hunter of himself" or "tomorrow's cybercriminal", which, for example, can be seen in the rather popular TV series "Offline".
Summing up, we can say that stereotypes about cybersecurity specialists rarely radically affect business and work processes, since the relevance and demand for the profession is growing, "pulling" the level of understanding of other people.
At the same time, the image of an information security specialist offered to the "general public" can be called, at best, neutral, but rather positive. There is a situation when in the eyes of the layman, a hacker is subconsciously perceived more loyal than an information security specialist.
