When CNN published their “Superhero Hacker” series it kicked off on Twitter. While the circumstantial truths and skills of those featured are indisputable, the bigger question of enduring stereotypes came to the fore.
The rest of this post has been updated following extra consideration and digging into what the CNN crew, and other contributors set out to achieve. Here I’m offering the perspective of someone who doesn’t hack and never really has. Yes I’m a security pro, yes I have a technical background, and yes some of my best friends are…
…never mind…it’s not important. So, here goes:
There is the 30 minute CNN programme and then there is the artwork accompanying it. Those graphic interjections are a fit for the general public’s perception of hackers…and there’s what prompted this post.
The vast majority of the community, like most of the people featured in the video, are grounded in the real world application of skills. Fighting to make businesses and private individuals aware of risks, and helping them (step by basic step), to protect themselves.
That, for the first time in a meaty mainstream media segment, was made clear.
For every report of fridge, car, plane, pacemaker, and satellite hacks, there are many, many hours spent nudging everyone who’ll listen closer to a safer computing and internet space. By the same token, in honing those skills, competition in the community is a huge driver. In the midst of that there are (just like in all other fields), exposure tarts and wrongdoers. If you make time to get beyond the graphic novel, it’s easier to spot the good guys.
It’s not that the graphics are unfair or wrong (people represented are deathly talented), it’s that the dark, vigilante, Sin City-esque typification seems counterproductive. It’s an image that does me no favours when I’m trying to persuade a CISO to employ someone with these niche skills to really put their network through it’s paces. An image that puts question marks behind the positive noises I hear when I make such a proposal. Question marks that go after thoughts like this: “If I piss them off will they hack my email, deface my website, or steal and sell my secrets?”.
Underlining that, from the darkest part of this perception gap:
I can think of no other field but politics where law abiding professionals are seen as criminals until proven innocent – Lesley Carhart
Hackers shouldn’t have to wear suits to be accepted. But they shouldn’t have to wear hoodies either. Stereotypes that disadvantage those labelled build subcultures, tightly knit groups, and (in some cases), activists and criminals. Every profession on the planet, when meeting as specialists en masse, will show off the full extent of their skills and tell horrifying war stories. I’m sure if we spied on AccountantCon, and listened in just before the bar closed, we’d never employ one again. To present this as the everything (or even the main world) of these super-skilled people, is creating an imbalance that will damage our chances of a collaboration we can’t survive without.
Lesley (@Hacks4Pancakes), Cheryl Biswas (@3ncr1pt3d), and a big bunch of other super high-profile bodies have the same idea that motivated this broadcast: Put the eloquent subset in front of non-security people. Blast holes in the echo-chamber and present our realities to accountants, lawyers, procurement professionals, auditors, financiers, power plant managers etc. etc…
…or, in Cheryl’s own words:
Get the decision makers to take us seriously by not packaging and presenting us as entertainment
The reality of what hackers do, and who we are as a security community, cannot be reduced to a 2D caricature.
(Any professional bodies who would like a security pro to speak at an event are welcome to get in touch).
It’s something Keren Elazari previously combatted with her excellent TED talk “Hackers: The Internet’s Immune System”. Do (if you haven’t already), make time to watch.
It’s also something Josh Corman (who appears in the video), Beau Woods, and the rest of the I Am The Cavalry crew spend huge amounts of time doing: Finding their way to the people who make safety choices, and arguing on our behalf for better transport, and medical device security. Lesley (with her own blog and substantial social media following), breaking the specialism down into rational, consumable parts, and spending time freely and clearly sharing valuable info with the trade and interested non-specialists. I could go on, and on, and on with similar examples.
All things easily deserving of bigger print headlines and more TV slots.
So, overall: A rare jump into mainstream media that’s arguably put cracks in the “all hackers = blackhat hackers” stereotype. Plus well crafted accompanying graphics that don’t (in my opinion) help.
Do, if you haven’t yet, watch the whole thing. And don’t, as I initially did, let the noise get the better of you.