Seeing yourself on a TV show, albeit one that is in likelihood not being viewed by that many people other than those you've spammed about it, is always humbling for so many reasons. I've always preferred the faceless anonymity of print and radio so much more than sitting in front of any camera, even just messing around during J school courses -- the glare is just a little too revealing for me I guess.
So, it was with a not-so-tiny rumble of self-doubt that I awaited the airing of a story on a long-running local TV newsmagazine, Chronicle, for which I'd been somehow recruited to appear as some form of informed party on larger issues of IT security, based primarily in fact on this existence and focus of this blog.
Because, the truth is, in addition to my broadcast trepidation, while I've been reading the work of and communicating with a number of people with a deep and truly relevant knowledge of security for a decent number of years now, I'm in no way experienced in the practical application of most if not all of the technology involved in the research I aggregate and summarize in this space. The reality is, I'm really just a mouthpiece for real experts.
When I first saw the "Sneak Peek" for the program, which included the back of my head at my desk while typing said blog, it was hard not to think that, OK, while hopefully factually-rich and informative, this episode probably isn't going to be the one that breaks the most new ground in IT security research in 2009.
As a former colleague pointed out on Twitter after seeing the preview which highlighted rudimentary war driving, etc., the piece might have been closer to cutting edge five years ago, but, for those of us with our eyes trained on security all the time, there really wasn't a heck of a lot of new news involved. And yes, he even predicted correctly that the story would mention TJX. I won't say that I didn't cringe just a little when it was the first thing that was referenced, and not altogether briefly at that. (Though it's worth noting that TJX is a local company too)
But the thing is, despite the fact that this type of coverage might seem a tad bit simplistic to us, who have our hands in this stuff every day, there are still far many more people in the world who have no idea what the hell we're talking about!
Chronicle is the type of show that appeals to people who watch local news magazines at 7:30 on a Friday night. And while that may not include a lot of people who might read this blog, it includes a pretty broad swath of humanity. Once the piece aired, I heard from contemporaries including former classmates, and yes, a good few of my mom's friends, and my daughter's kindergarten teachers.
And, while they liked seeing me on the show, they all pretty much said the same thing... they had no clue what it was I was rambling on about. Malware? Botnet? Spyware? These words still mean nothing to most people who don't sit at a computer all day.
So, I guess the lesson I was reminded of through this experience, other than that an interviewer will always find a way to use a part of a quote you don't like (when I said that botnets were allowing for 'mass supercomputing' I really meant spamnets and DDoS type threats) it was that it's hard for those of us in the security world to remember just how far outside the mainstream we usually are. And if we want to do a good job and actually rectify all these issues we drone on about, the truth is, that's a pretty big problem.
Like any other group of smart people focused on a particular endeavor, we have the blinders on and can't understand why people don't see what we see. And end user education is undoubtedly still our biggest problem.
That's why instead of being snobby about it and shaking our heads at those who aren't yet schooled in even the most fundamental elements of hacks, attacks and cybercrime, we have to remember to smile, and try to educate -- to understand that we're still the tip of the spear.
Because compared to most of the people I know in this space, I consider myself pretty much a simpleton.
But, hopefully, if someone learned anything from the Chronicle segment I was featured in, it proves that a little knowledge can be a powerful thing.
Remember the masses!
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.