I’ve been looking for a new job recently and found a position with an organization that does amazing work. They advertised for a security evangelist so I looked into the position. I’ve heard of the term before and never developed an opinion of them one way or the other. Frankly I didn’t really know what they did until a few days ago when my research began.
The first blog that popped up on Google is from a security evangelist at csoonline.com. He based a lot of his article on an article by krypt3ia who ranted about how bad it is to use the term evangelist.
I read krypt3ia’s article with an open mind but I always worry when someone starts a written argument with a literal definition from an actual dictionary. That was what I did in high school when I didn’t know how else to start a paper and it’s an appeal to authority that isn’t very useful in this type of discussion. Languages evolve and definitions change all the time and pretending otherwise isn’t a winning strategy. I think the actual problem he has with the term ‘evangelist’ is shown about 3/4 of the way through his rant where he talks about the term ‘heretic’:
“Perhaps this is all we know, we people who still follow a book so closely that now has the masses up in arms about the issue of people of the same gender wanting equality … A book mind you, written by people barely able to understand nature around them so they made stories up to fill in the gaps. Really? 21st century? Yeah.. Right.”
I get his argument against religion (and I’m assuming the Bible) and I don’t disagree with him on this point[1] but I think getting this worked up over the term evangelist doesn’t make sense. The wikipedia article for the more generic term “Technology evangelist” has this opening definition:
“A technology evangelist is a person who builds a critical mass of support for a given technology, and then establishes it as a technical standard in a market that is subject to network effects.”
The article goes on to establish the link to the word evangelism by suggesting it is “due to the similarity of relaying information about a particular set of beliefs with the intention of converting the recipient.” Think Steve Jobs or even today Vint Cerf.
This part rings pretty true for me. Infosec [2] is a cloudy term that encompasses a lot more people than it did when I learned it in the 1990’s, however; most of us do hold beliefs about security. These beliefs translate into practices like “hardening a server” or “using passphrases instead of passwords”. So a security evangelist is someone who tries to convert those with poor security practices to our way of life.[3]
Perhaps I have an easier time dealing with portmanteaus or even updating definitions as words find their way into computer specific lexicons. I fought similar fights when I was at Akamai and trying to implement biostatistical analysis and epidemiological methods to make the company more secure. I was told that the words I used were medical jargon (eg. Sensitivity and Specificity) and it was too confusing for them. But our industry specific language has dealt with this for a long time and I doubt it will stop anytime soon. [4]
So how do people, especially those that hate the term ‘evangelist’, feel about the term ‘virus’? Want a link to the Wikipedia article or an OED definition? You probably won’t find anything related to non-biological organisms unless you look at ‘Computer Virus’. Or how about ‘sales engineer’?
Again citing Wikipedia, an engineer is “a professional practitioner of engineering, concerned with applying scientific knowledge, mathematics, and ingenuity to develop solutions for technical problems. [5] What do SE’s build again? I’ve been an SE in my career and other than sales demos there wasn’t much I did to really deserve the E part of my title.
Krypt3ia isn’t alone in his disgust with the term however. As I scanned through Twitter I found other notables (particularly Space Rogue of curmudgonley fame) saying one should never ever admit they were an evangelist. There is a hint of anti-charlatanism in their tone that can’t be missed. [6] I think the real answer to the animous against this term lies here. The sense I’m getting is those opposed to the term think security evangelists are those that don’t have the skills to be real hackers/infosec professionals and therefore listening to them is both a waste of time and potentially dangerous. I think nothing displays that more than this anigif.
Footnotes:
[1] At the best of times I’m an atheist but occasionaly I’m just agnostic.
[2] I don’t know if someone has written about the transition of the 1990’s hacker to infosec so I’ll leave this here as a reminder to write about it if an article isn’t already extant.
[3] I do this all the time without thinking about it. Last month it was when speaking with the CFO of my nonprofit when she asked about using online banking. My advice was to boot up a liveCD and bank from there.
[4] The biggest push back I got was using the term “computer disease” instead of malware/badware/trjoan/etc. It makes a lot of sense if you think about it.
[5] In case you’re wondering “engineer is derived from the Latin roots ingeniare (‘to contrive, devise’) and ingenium (‘cleverness’).”
[6] Anyone who knows him understands that he isn’t shy about opining on what is right or wrong and who in the industry is an actual charlatan.
Post a Comment