Acronyms aren’t unique to cybersecurity, but they’ve become a hallmark of how we communicate with each other. Do we really need to be adding this layer of complexity to an industry which is already complex? Or are they just making our devs more depressed? Let’s make security accessible and actionable.
The cybersecurity industry is seeing record growth, growing 20% YoY, and built on the promise of increased productivity. And yet developers often struggle to focus on what matters. Instead, they are met with another new acronym that has them reaching for that dictionary every time they want to get something done. We’ve developed something unique in the cybersecurity industry – a language that no-one natively speaks.
Take “static application security testing” as an example – that doesn’t really mean anything to people that don’t know what it is already. But what it actually does is try to secure our code. With that knowledge we can then immediately try to understand what “dynamic application security testing” is. It’s semantics, not guess work. (p.s. The latter is like a hacker trying to find vulnerabilities in our applications.)
My main frustration is that I can’t understand why we actually even need an acronym for those things when we could simply describe what they do. When we’re building security tools, we should be able to easily describe what they do in non-technical terms, instead of trying to describe what they are.
As this communication barrier moves up the chain and crosses the technical divide, these problems become even more amplified. At the board level, security teams are completely against the wall in terms of funding. We have this catch-22 situation where security teams aren’t getting enough funding, or at least they believe they’re not, and we’re also suffering way more from security attacks. One of the biggest issues is that at the board level, the decision makers don’t understand a lot of what’s needed. Because they don’t understand what things actually do. You can’t walk into the boardroom and ask the CEO to part with some cash for a CNAPP.
The cynic in me also sees a lot of these acronyms as money-printing machines. When we create new acronyms that replace the old ones and say we need new tools for them, it just looks like an upsell. And, even when something might be needed, it’s difficult to separate the necessities from the snake oil.
Source: Tech Radar