Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

The importance of langwidge.

Language is vital to me in my role as a security manager. 

I rely heavily on it when I’m interviewing a job candidate.  I can tell pretty quickly what someone’s IT background has been and whether he knows what he’s talking about by the words he uses. 

Can he explain something in little teeny words?  Then he really does understand it.  Does he insist on using the textbook terms, and sound like he’s quoting rather than owning the words?  Danger sign.

“batch job” == mainframe background
“cron job” == Unix background

“information assurance” == DoD background
“IT security” == corporate background

“cyber"-anything == law enforcement or federal gummint background

using “risk assessment,” “vulnerability assessment,” and “penetration testing” interchangeably == clueless

And I hate it when people are sloppy in their writing, especially when they’re vendors.  If I see too much evidence of rote copying and pasting in a proposal, I suspect the vendor is just phoning it in and doesn’t really want the contract.  If I see less-than-literate language, it depends on its character:  I can tell when something is simply written by a non-native English speaker and I cut him some slack.  (Sometimes I can even tell the writer’s native language based on the English mistakes he makes.) If they’re the kind of mistakes made by someone who grew up in this country and should know better, my opinion of his services plummets dramatically. 

In security, details count.  I can tell whether a brochure was written by a marketroid or by someone who really understands and cares about the product.  If I’m going to hire services, the most important thing I want to do is have a conversation with the staff who will actually be performing them.  I can tell by talking to them whether they’re going to be competent, diligent and trustworthy. 

I’ve had wonderful employees who were smart as the day is long, but I had to translate their emails whenever I forwarded them outside of the group.  For those who were non-native English speakers, it was even worse:  you tend to use smaller words when you’re not using your native language, and that often makes you sound blunt.  (For Germans who ARE blunt, it’s even worse. wink) I’ve had to resolve many a misunderstanding between colleagues that came from an unluckily phrased email message, especially when they’d never met in person.

Language counts when I’m trying to write policies, troubleshoot problems, define risk, sell ideas, and educate users.  It’s amazing how much of my time is spent arguing semantics in functional specifications. 

By the way, did I mention that I’m an INTPgrin

Posted by shrdlu on Friday, May 18, 2007
(3) CommentsPermalink blogmarks Favicon del.icio.us Favicon Digg Favicon Fark Favicon Furl Favicon Google Bookmarks Favicon StumbleUpon Favicon Technorati Favicon TailRank Favicon
Page 1 of 1 pages