Article by Shawna Turner-Rice
On a series of flights recently, I’ve been re-watching and reading movies, TV shows and books. Many of which have something to do with computers, and they made me curious about the mismatch between the popular image and reality. In an industry where many of our biggest breakthroughs are made by teams – the media popularization of anything to do with computers has always featured solitary heroes. In addition, it’s not just that they are the person who gets the lucky strike; but that in fact they perform best under pressure and alone.
Start reading infosec white papers (regardless of what kind – cryptography, malware forensics, Verizon’s DBIR, etc.); and it appears that computer security people really do enjoy working together and come up with fantastic solutions, explanations and ideas. As teams, we celebrate them at our conferences; follow them (and their interactions) on social media and read books as well as whitepapers by them.
But look at a few of the mainstream books, shows and movies (especially the most popular ones) that portray the computer savvy, and you’d think nothing was ever successful in a team. If there is a team, everyone besides the hero is there to provide love interests, die for the hero, or, at best, provide something that only the hero can turn into the real value at the end.
It’s interesting to me that as a security industry (a subset of the larger computer industry), we talk at our conferences about how stress and burnout come from always being on the front line, feeling isolated, unable to relax; and we draw parallels to how strange our industry is in this way. I wonder if part of it is the image we have of being solitary.
Back in the 70s and 80s; on US TV; while there were still series and movies about the solitary hero, with supporting cast largely as set dressing (Kojak, Hawaii Five-O, Columbo); there was a new breed of TV show starting to come on the air. These shows had a larger cast; and brought dimensionality to the characters by showing them interacting with their peers as well as doing their job (Hill Street Blues, 21 Jump Street). Today, police procedurals (CSI, Bones, Fringe) always have a team at the heart of them. It’s not just police procedurals that have done this everyone “knows” that Navy Seals and Navy Fighter Pilots are part of a team, due to games, more shows, movies, etc.
During this same time frame, and even in some cases on the same shows, the “computer geeks” are the oddball in the room. If the portrayal is (primarily) about the computer geek, even if they start as part of a team, a single computer geek is the ultimate hero and saves the day (Swordfish, Matrix, Independence Day). In the very police procedurals that now portray how team dynamics can solve crimes, “the computer person” is still the lone person who orbits the real team, and is often described as “quirky” and / or “offbeat” – Abby on NCIS; Angela on Bones, etc.
There are a couple of insidious messages in there. If the only people who can be successful with computers have to be quirky and/or offbeat, than computer knowledge workers are, by definition, not mainstream. In addition, these computer knowledge workers are considered ancillary to the story lines of police procedurals (for the obvious reasons). This would be fine if there were balance somewhere else, but there is no TV show or movie focused on how a team of computer folks can save the world, or even a small business. That means people who want to be front and center, lead things, etc. – may not consider computers (and computer security as a subset of that) to be a viable career. Lastly, how can we change the culture of our workplaces to allow us to build successful security teams if “everybody” has no idea that a team is so valuable?
I don’t want to end without some suggestions; although I’m not sure how we would go about making these real.
• What if we could get the cSIRT/CERT/ pick your spelling teams to do a competition for infosec breach detection serial?
• What if the next fun competition for ISC2 was for TV ideas?
• What if the security community funded publication of the best security team book draft we received?
I’m sure this doesn’t begin to scratch the iceberg on how we could change the public perception of us as lone gunmen – so please, submit ideas here, or directly to me on Twitter, @STurnerRice.
Cross-posted from Tripwire's State of Security