That all security professionals spent time having to explain what they want to do to lay people. And that doesn’t mean Information Technology professionals, who will understand many of the things you are describing.

No, you really need to learn how to communicate what you intend to accomplish, how you will accomplish it, and what it will involve to people who have absolutely no practitioner knowledge of InfoSec. Talking to people who don’t automatically know what packets are, a man in the middle, firewalls, malware and all the other things we take for granted would open everyone’s eyes.

You would have to find ways to explain what a SIEM is, why you need an MSSP, how someone’s credentials are compromised, and why that puts them at risk for financial fraud and identity theft. When you talk about whaling, spear phishing and social engineering, their eyes will glaze over until you explain it in ways they can understand.

How many of you ever have to do that? Very few. I wish you all had the o…