Please share your comments; critics make life meaningful!

Monday, January 16, 2023

Translating Cybersecurity & Privacy to English (and other global languages)

 As a practitioner specializing in rather intricate domains which involve subject-matter expertise (SME), one may feel compelled to indulge in industry jargon, multi-letter acronyms and figure of speech that make sense only to a few. It is more so true for technology domains of modern significance. Having been a SME on some such domains such as Cybersecurity, Privacy, IT Risk Management etc., I have seen this tendency first hand.

At first, I was a victim of this phenomenon when I transitioned from the Army to the Corporate world. The Army itself was a similar world full of jargons and acronyms, but the outstanding factor there was uniformity; terminology was common across people from the top to the bottom, and there was a good degree of commonality in terminology across other uniformed services such as the Navy and the Air Force with whom the Army has to deal occasionally. On making a mid-career shift to the Corporate world, I had to make significant efforts to adjust to the high degree of variance in the domain as it was practiced in the Enterprise as compared to the Army. But what exacerbated the change management experience was the perception of complexity in the Corporate world that came out of two aspects: (a) Use of a lof of jargon, acronyms and figures of speech, (b) Lack of clarity in the definition and understanding of the sub-domains, and how all the moving parts fitted into the overall big picture.

The problem is common across the three main areas of practice — the Enterprises, the Service Providers and the Technology OEMs. The latter two lead in the use of jargons and acronyms, and the former is almost eager to follow the lead established by the latter. Essentially, it leads to complexity and lack of clarity in having a common understanding that further leads to prevalence of confusion, and absence of transparency. I have reflected on this at length and made certain observations which are worth considering.

It is to the advantage of the Service Providers and Technology OEMs to make things complex and deny a clear understanding simply because of the old adage “There is profit in confusion”. One can easily see who profits from complexity and how. Most OEMs align their products to existing industry semantics, and, in fact, they often times create new jargon and acronyms when launching new product lines. The hype is necessary to create a buzz around their product, and having complexity helps perpetrate the notion that the value of the product is much more than what it seems to actually does. Many times, Service Providers support the new jargon and acronyms propagated by OEMs, and even add more such verbiage to substantiate their service offerings around specific OEM solutions.

An interesting role is played by Research organizations and other such third parties which have revenue streams aligned to specialization domains. Sometimes they provide definitions and explanations that help normalize and standardize prevailing or upcoming jargon; but sometimes they add to more confusion as well by creating new jargon and acronyms. In both cases, they stand to benefit commercially.

Hence, it becomes necessary for a SME to translate complex verbiage and present it in simple language to her/his internal audiences especially to critical stakeholders such as the Board of Directors, Senior Leadership Team (SLT), C-suite executives, and Auditors. The confusion may exist in micro levels like understanding how a specific technical solution provides a certain enterprise security capability. It can also be in maro levels such as the definition of Cybersecurity, what constitutes Cloud Security, and the difference between a Policy, Standards, Guidelines, Processes, and Procedures. Regardless of what it is and how it is caused, complexity and lack of clarity does not bode well for an organization, and the SMEs who are involved in managing that function. It is critical to reach common and clear understanding in SME domains, especially with non-SME internal stakeholders for the very success and stability of the SME program.

What complexity and lack of clarity are you dealing with at your organization in terms of Cybersecurity and Privacy management? How would you like to solve these issues and challenges. Leave a comment here or reach out to me directly at Deepak.Rout@Assuranz.ca; I will be happy to suggest some thoughts and ideas!