Giving 'Good' Its Power in Cyber Security

"We can't let good be just a word. It has to mean something." - Elphaba

This weekend, I indulged in the new installment of the Wicked series, Wicked 2: For Good. Traditionally, I would have raved about how much I enjoyed it, but the messaging within the film echoed something that I observe in cyber security.

This film explored the balance of 'good' and 'evil', and how humans perceive these terms based on the meaning behind them. They are not simply words, but they drive individuals towards particular choices or outcomes.

Each represents a form of united power. 'Good'-ness cannot simply exist in isolation without something driving it, an opposing force which defines its purpose and helps shape its significance.

In cyber security, pop culture curtails 'good' and 'evil' as an elite white-hat hacker, or a recluse in a hoodie. As we all know, the reality is far more nuanced.

'Good' can be one's personal journey towards obtaining certifications, or engaging in self-paced training. It could be volunteering at community events, or at training sessions to share knowledge with others.

Evil is just the same. It could look like a scammer in a call centre making ends meet, or someone forced into that situation by the real architects of harm, the leaders of these crime organisations.

This concept of 'Good' and 'Evil' is like an onion (SO many layers). Instilling meaning into what it means to be good is the way that we empower and forward cyber security beyond the mainstream stigma. It is giving cyber security a purpose beyond simply "defending against bad guys".

My interpretation is that good is about protecting the vulnerable, and working together as a collective strength. When building strategies around this purpose, I believe we start to make room for a shift, foregrounding why cyber security truly matters.