Wanted: Cybersecurity Imagery

Eli Sugarman of the Hewlettt Foundation laments about the sorry state of cybersecurity imagery:

The state of cybersecurity imagery is, in a word, abysmal. A simple Google Image search for the term proves the point: It's all white men in hoodies hovering menacingly over keyboards, green "Matrix"-style 1s and 0s, glowing locks and server racks, or some random combination of those elements -- sometimes the hoodie-clad men even wear burglar masks. Each of these images fails to convey anything about either the importance or the complexity of the topic­ -- or the huge stakes for governments, industry and ordinary people alike inherent in topics like encryption, surveillance and cyber conflict.

I agree that this is a problem. It's not something I noticed until recently. I work in words. I think in words. I don't use PowerPoint (or anything similar) when I give presentations. I don't need visuals.

But recently, I started teaching at the Harvard Kennedy School, and I constantly use visuals in my class. I made those same image searches, and I came up with similarly unacceptable results.

But unlike me, Hewlett is doing something about it. You can help: participate in the Cybersecurity Visuals Challenge.

EDITED TO ADD (8/5): News article. Slashdot thread.

Posted on July 29, 2019 at 6:15 AM • 44 Comments

Comments

Petre Peter July 29, 2019 7:19 AM

Great initiative. It would be nice if we could somehow get Hollywood and the Shadowrun community involved in this as well.

JetsamJuly 29, 2019 7:51 AM

@ Petre Peter

Hollywood helped cause this problem. The image of the hero hacker saving the day by rapidly typing passwords into a mainframe or the evil hacker wearing a hoodie are Hollywood constructs. It's an industry built on easily recognised clichés.

TatütataJuly 29, 2019 8:27 AM

This lament is applicable to just any topic you may care about, and not only cybersecurity.

Media tend to use the same tired stock images over and over and over again, for any topic.

One reason is that the images are very often added as an afterthought, and chosen by neither the writer or the editor, but by some web-monkey who may not be particularly knowledgeable in any subject. Printed papers needn't have a pix for every article, but the web practically does.

Another factor is the cost of acquiring pictures, either from in-house photographs and artists, or outside providers such as stock photo agencies.
Journalism is a low-margin business these days. If you own the rights to a given picture, then you're gonna flog it until it's totally worn out. In that context, generic pictures with Guy Hawkes masks and suchlike would represent a one-size fits all approach...

There are sources for free pictures of reasonable quality, but they often tend to be a random or poor match, and you still need to invest into someone to sit down and search pixes, and make sure that rights are really clear.

For cybersecurity, what kind of alternative do you actually want? A dry theorem demonstration, with set theory, lemmas, sums and integrals, etc., directly from a 1975 Julius Springer book?

HugoJuly 29, 2019 8:31 AM

The problem with addressing cyber security properly is not the lack of imagery, but that we address it as seen from the world of cyber security experts instead of from the world of our audiences. Cyber security experts make 'information security' complex by focusing to much on the 'security' part, while they should be focusing on the 'information' part. Because that's what people (managers) can understand.

Don't talk about threats, hackers, malware, exploits, vulnerabilities. Talk about information as a business asset, what information does for the organization, the value of information and that some information (based on its value) is worth protecting. Make a comparison between information and finance, information and personnel and the differences in how we manage them.

HugoJuly 29, 2019 8:39 AM

In addition to my own comment: When you approach cyber security from that angle, there is more than enough imagery available.

FrisoJuly 29, 2019 8:54 AM

When I started my blog I also encountered these issues. A general visual language only exists on a level of poor understanding. Inspired by what I saw on smaller media platforms, I started making my own illustrations.

In one article I interviewed a ransomware expert and decided to mix imagery of biological viruses and worms with geometric components.

Another article tackles the value chain of surveillance capitalism (well, part of it). Here I used eyeballs on something resembling snakes or worms to show unwanted observation.

I always enjoy other examples of such visualisations, so I thought I'd share some of mine here.

Impossibly StupidJuly 29, 2019 9:59 AM

Ugh, more spec work on the Internet. If they really want creative, imaginative people to attack important, unsolved problems, I suggest these "foundations" respect their skills by hiring them to do the job. It's rather insulting to any thinking person to be issued a cattle-call "challenge" by a wealthy organization only to be rewarded a pittance when you solve the intractable problem that was stumping the experts for years.

VinnyGJuly 29, 2019 10:21 AM

I also think and work in words. There are good reasons that words have been the primary method for thorough and accurate communications for millennia. It seems to me that most of the images found on a Google search for "random term" are primarily used as a gloss; a method of over-compressing and over-simplifying a topic. Not quite on-topic, but imo most "informational" videos suffer similar deficiencies wrt the written word. I'm not altogether certain that I agree that the absence of image icons to over-simplify IT security is a problem that requires solving...

markJuly 29, 2019 11:36 AM

Part of the problem is the downward spiral of search engines. If they were this bad 10 years ago, they'd be nothing big today.

Sample proof: I just was looking yesterday for what a Galway shawl might look like. Exclude music (I was listening to someone singing that, and I got curious). T-shirts, sweaters, general Irish, but not Galway-specific, and on and on. I think on an entire page of google or bing results, in images, I saw two or three pictures, and nothing not about 100 years old.

Clive RobinsonJuly 29, 2019 11:44 AM

@ Bruce,

I agree that this is a problem. It's not something I noticed until recently. I work in words. I think in words.

Which has the same problem...

Do you remember the "300lb teenager in his parents back bedroom" sound byte and similar.

To be honest though back in the 1980's it was young WMC teenagers wearing "street clothes" in London. Being in my twenties back then with a job I was looked on as being some ancient font of wisdom...

I guess beard and hat look is more accurate, like beards, pipes and polo necks on Deans once were, are the modern sign of a Cyber-Security geek/guru.

redbeardJuly 29, 2019 12:00 PM

There isn't any image that can or will convey the "importance or complexity of the topic."

Someone is asking the wrong kinds of questions.

Btw, wtf does "white men" have to do with it? Does someone believe there's a black hat all-female hacker commune somewhere? Or is this more of the reflexive PC need to have every infographic look like an Old Navy ad, no matter how poorly that depicts reality?

VinnyGJuly 29, 2019 2:42 PM

@mark re: search engine decline - I make it out to be more like twenty years than ten. Search engines lost the greater part of their utility for me when the ability to filter results using Boolean operators disappeared. There were at least two such engines, iirc, one of which was revised and began returning incorrect results for a year or so before it disappeared. The other just flat out went away. This was about the time that Google et al began tying searches to force-fed advertisements and ad revenue. Probably not a coincidence.

RSaundersJuly 29, 2019 3:49 PM

The problem is that reality wouldn't impress anyone, dramatically. It's a photo of engineers at computers in cubicles. Unless you go with a Krell Furnaces matte painting where the cubicles go on forever, there is no way to make this interesting.

TõnisJuly 29, 2019 6:01 PM

I just wish I could get my computer to make those chittering noises computers always make on Criminal Minds and NCIS whenever users do a search.

AnuraJuly 29, 2019 7:26 PM

@Tõnis

Get a mechanical keyboard; it's what real h4x0rs use since it can't be hacked like a digital keyboard.

Petre Peter July 29, 2019 8:03 PM

@Jetsam

'The word is a medium for encoding thoughts that refuses to disappear ' -Stephenson. Images are easier to fake than words are. Put a flag in the background and you are seen as patriotic because images lead to emotional responses faster than words can be explained. A few years back only the very rich were able to afford portraits and only the intelligentsia were reliable witnesses because they had the language to describe events. Now these are buttons on our phones. The transition from thinking in images to thinking in words takes a lot of practice especially since i have been granted the fruits of technology: iced coffee in one hand, pictures from my cellphone in the other. I am about to enter the new era of high definition if I can only decide whose definition I should trust.

Nancy Wirsig McClureJuly 29, 2019 8:30 PM

Bruce, as a professional graphic artist, I object to your support for this contest. It devalues the work of illustrators (literally, in that it makes people expect to pay less).

They should request proposals from professionals, rather than promise small odds of winning a prize. You believed in the respectful process when you had me design the Counterpane logo.

They may get lucky with the contest approach. But they are mostly going to see submissions from amateurs. It seems unlikely this will work, or crowdsourcing already would have produced the images they can't find. Their prize amounts would be decent pay for several pros, each fulfilling a contract.

The biggest problem is that the competition rules do not mention rights ownership (oh, they mention their OWN rights to IP several times). Nothing prevents them from claiming the rights to own all the thousands of images submitted, not just the ones that win.

I think strong communication of InfoSec topics is important, and I might consider giving away artwork to supporters of it. But I would work with a pro bono client the same as I work with any client. We would spend a lot of time on the requirements, and I would spend a lot of time on ideation, not just drawing. And people like me bring decades of experience to the process.

-- Nancy Wirsig McClure

AdrianJuly 29, 2019 8:45 PM

Just use a photo of a group of executives in suits sitting around a table. Saves hunting around for images; you can reuse the same photo for "clients of the system" "operators of the system" and "criminals breaking into the sysetm"

Clive RobinsonJuly 29, 2019 9:27 PM

@ VinnyG, mark,

re: search engine decline - I make it out to be more like twenty years than ten. Search engines lost the greater part of their utility for me when the ability to filter results using Boolean operators disappeared.

Back three decades ago in the late 1980's and early 1990's, I used to teach librarians and other budding "information scientists" how to use the Boolean operators and why "and" was not "AND" and "or" was not "OR". Not just in HTML based search engines but in WAIS[1](using Z39.50 / ISO 23950[2]) and some other even less well known nascent Online Information Indexing engines (I even ended up working for a citation based search engine company[3]).

The simple fact is whilst librarians, engineers and early computer programers usually had no problem with boolean searching other "mere mortals" could either not be bothered to understand it or had "cognative issues". There are various stories as to where the idea that "Boolean was not for Humans" came from, but the one I have heard the most points the finger at "Microsoft" and it's human / user testing projects.

[1] Wide Area Information Servers or WAIS was thought up by Thinking Machines Corporation to demonstrate their massively parallel processor system and it used Z39.50[2]. The Nobel lauriet Richard Feynman was there at the very begining before the company had a name. On being told that the company now had a name he was delighted and said, "That's good, now I don't have to explain to people that I work with a bunch of loonies. I can just tell them the name of the company."

[2] Z39.50 is "horrible" even though it works and is in effect the property of the Library of Congress (though they appear to have killed it a decade and a half ago). It's been mangled so much it looks like a kitchen sink that has bounced down Mount Everest more than a few times. Due to the fact I knew a little about it and more main stream DBs, and had had the misfortune to be involved with standards commitiees in an earlier existance, when the company representative to the standards group (ZIG) left I was told off handedly by one of the developers someone had suggested my name as a replacment... I still wake at nights in a cold sweat over that. The reason, it was not long after ZIG started getting serious stressful about chucking in the equivalent of SQL but also SGML or XML. Thankfully before the noose got dropped around my neck a new Development Engineer was taken on and I guess he made the mistake of mentioning he new about Z39.50 because they dropped the whole lot in his lap... As far as I'm aware he managed to avoid the ZIG meetups, and they stopped them in 2002, due to something called SRU being the new kid on the block for a short while (I gather that to has turned it's toes up as well).

[3] One of the company founders actually invented the idea of storing data for PC's on Optical disks such as CD's and developed the idea and it's hardware and software in England with an engineer back in 1982/3. It formed the foundation of the company's data base products for researchers. The company later moved to the US for various financial reasons but ended up with the software development back in the UK in Chiswick West London. It actially took Microsoft another four years to come out with their first CD driver (MSCDEX) which was an abomination for quite some time and overly expensive, which is why early CD manufacturers did deals with the devil to give it to customers with the drives they sold. Eventually MSCDEX got included in MS-DOS 6 by which time the "industry" had settled on how best to hardware interface to PC's (Western Digital IDE later PATA) and Servers (Shugart Associates System Interface SASI, later changed by ANSI to "Small Computer..." SCSI). When DVD's came along they caused a bit of a problem, with 4.7Gbyte of storage you had a file size limit in Unix of 2Gbyte that is why we ended up with three more or less incompatible Optical Drive formats "Rock Ridge"[4], "Jouliet" were both extensions to ISO 9660 and the one from Apple that escapes my memory (may have been UDF based). A later standard so that CD's could be bootable on PC's where the only boot format in many OS's was "floppy disk" was worked out between The BIOS designers Phoenix and IBM, called "El Torito" it was allegedly named after a restaurant in California where the idea was first consigned to a napkin... My professional interest in optical media ended the better part of a decade and a half ago, and realistically most don't need to know anything about them any way as most OSs have abstracted it all away.

[4] The name "Rock Ridge" was filched from the Mel Brook's very non-PC film "Blazing Saddles", which scene promoted the idea and why is best not to ask.

OtterJuly 29, 2019 11:09 PM

I agree with Nancy Wirsig McClure.


Images are just other languages. A good editor, illustrator, whoever, will select images, text, so forth, which he thinks he understands, and which he thinks his audience will understand. A bad editor will select images which he thinks he understands. (Yeah, a worse editor will select what first comes to hand and is free.)

You surely understand the operators of search engines and data banks have very accurate models of what their users/products understand (And what they want their users/products to be able to understand.) Which is to say, they shovell slop to the masses, not to Harvard teachers.

Pay generous cash to somebody who understands what you teach, and can draw passably well.


Also, I notice in passing that some media feature excellent illustrations. Maybe you can rent some, or moonlight the artists.

Finally, and I offer this in all sincerity : Harvard and its students are mostly American. To illustrate security issues, you can often get away with pictures of President Putin.

Clive RobinsonJuly 29, 2019 11:20 PM

@ Mark,

According to the lassy (whose from "The Kingdom of Fife" in Scotland, and has an interest in the herring fishing, especially "The fisher lassies who followed the silver darlings"[1]. You can see a modest example of a Galway Shawl on Maureen O'Hara in the "John Wayne" movie "The Quiet Man" and some of it's advertising posters (which can be found online).

Basically they are a square of heavy wool and cotton cloth of intricate design around four or five feet on each side, it was folded in half diagonally and draped across the shoulders. Like the US Army poncho you could in inclement weather fold it differently and "belt it in".

They actually have a connection to "Computing" in that their ever more complex designs required a Jaquard Loom to make (the design programed in on the cards). Due to the affectation of "kilt wearing" most jaquard looms were found in Scotland in and around Edinburgh and Paisly. Fife is just north of Edinburgh and all along that east cost was where the young women earned a living following the herring and shawls of the same type but plainer were common.

Just to make life more complicated they Galway shawls also often had a special fringing around the edges, that was made in Ireland in a similar way to lace. Around 100years ago they were although a practical garment (like a wool over coat) also a status symbol or marker of wealth or prestige. By WWII they had aquired a different reputation such that the making of them stopped. Like all heavy wool cloth, they have the advantage of not holding body odour unlike modern cloathing, thus only required airing not washing. But due to the mordents used in fixing colours, like Harris Tweed you did not want to get them wet in the rain because they can be quite malodorous.

If you want to search further try 'jaquard loom "Galway Shawl"'

[1] Uniquely to the Scottish herring trade, armies of young girls followed the fishing fleet to provide the seasonal labour needed to deal with the catches.

JonJuly 30, 2019 1:45 AM

@ Anura

And then, when things get really intense, have two people typing away simultaneously on the same keyboard. Makes for faster hacking that, donchaknow? ;-)

J.

CallMeLateForSupperJuly 30, 2019 8:18 AM

The Trumpster quote that @Clive plonked into this thread happens to be a favorite of mine because it is a rare example of 1)Trump's chosen words saying something other than what he probably intended to say and 2)journalists et al piling on what he did *not* say (but probably *did* mean).

If the NYT can be believed in this case, The Orange Serial Liar's words were, “[...] could be somebody sitting on their bed that weighs 400 pounds.” The meaning of those words, in that arrangement, is unambiguous: bed weighed 400 pounds, and bed's owner was sitting on the bed. An 8th grader could correctly parse it. But many people - some of them journalists (sigh) - were not as smart as 8th graders because what they understood was 400-pound-guy-sitting-on-a-bed.

Notice that "bed" immediately precedes "that weighs 400 pounds"; this is strong evidence that the latter applies to the former and not to "somebody sitting". The clincher, if you need one, is the choice of "that" instead of "who". If "400 pounds" did apply to *person", "who" would have been proper. But the target was an inanimate object, not a person, so "that" was proper.

Debora Weber-WulffJuly 30, 2019 10:36 AM

I had a look at the competition mentioned above. They want you to spend many hours (for free) working out a visual concept, telling much about yourself (no GDPR information was findable on the registration pages). And just a slight chance of winning.

We can use free license images found via https://search.creativecommons.org/, make images ourselves to upload to a repository, or as suggested: Hire an expert.

joe peeerJuly 30, 2019 7:01 PM

Esteemed prof...
no one cares about surveillance when we talking pedophiles and terrorists.
ppl care being watched when trying to buy drugs or sex.
ur imagery problem. is the nations VICE laws.
ur solution iz a marketing campaign. doez u reckon thats gona fix it ?
regards.jp.

ITwannab guyJuly 30, 2019 8:07 PM

As I'm not a security expert, could someone summarize in simple terms what the issue is? Thanks!

WaelJuly 30, 2019 11:31 PM

@Nancy Wirsig McClure,

But they are mostly going to see submissions from amateurs.

He who does not possess, cannot bequeath.

Wesley ParishJuly 31, 2019 12:53 AM

After deeply and meaningfully perusing my navel, I came to the conclusion that said Foundation should rent, lock, stock and barrel, Peter Jackson's movie Brain Dead, known to the citizens of the US as Dead Alive.

For those of us who have never seen it, it concerns an unpleasant animal, the Sumatran rat-monkey, a young man and a young woman, and a pile of zombies. It - from my point of view - is superior to other zombie movies because it never takes itself seriously (for example, you have a priest who tells us, "I kick arse for the Lord!" before doing just that.).

Zombies, viruses, infections, the like are already part of the imagery of Information and Control Technology. There's no harm in using them visually, as a form of extended metaphor. You just have to remember to pay the piper. Unfortunately the corporate world in infamous for demanding to be paid but itself refusing to pay ...

Clive RobinsonJuly 31, 2019 7:50 AM

@ Wesley Parish,

After deeply and meaningfully perusing my navel,

You got a crick in your neck ;-)

For those of us who have never seen it, it concerns an unpleasant animal, the Sumatran rat-monkey, a young man and a young woman, and a pile of zombies.

You've heard of Regents Park in London's eye wateringly expensive Marylebon district then B-)

Zombies, viruses, infections, the like are already part of the imagery of Information and Control Technology.

Just look in any London Tech College ICT area in their "learning center" to see that :-S

Or for that matter as the Dutch did a Russian University "learning center"...

To youngsters hacking[1] is a game of curiosity, to old timers we went further and it's how we learnt the skills that are still getting us towards our pensions today. Unfortunately though, in a subset of the community as in any community ego's started to get involved and hacking turned to the dark side to become "cracking". Then some finally realized that like all skills money can be made and they monetized cracking.

As a community we appear to have borrowed memes from others such as "Mad Magazine" and it's "Spy versus Spy" to give us "Black Hat's and White Hat's". But how many realize that Mad Magazine had borrowed that meme from early Cowboy and Western films that in turn had borowed from the early black and white line drawings in magazines with tales of the wild west?

The reality is it's not the community that borrowed the memes but others from outside tried to stamp them on, to give other outsiders some kind of handle by which they can pretend to understand what is in reality an alien culture to them.

The point with memes is they are like story line plots of which the original creators are long forgoton. The fact is all plays and drama can trace back through to Ancient Greek Comedies and through them[2] back to the tragedies ultimately back to Ancient Greek Religion.

Memes like nearly all art are rarely original, otherwise people would not see the lineage that gives the meme meaning, thus suffer culture shock or cognative dissonance.

For instance whilst the XKCD stick drawing cartoons are original observations, the charecters in the cartoons are based on memes, it's why we feel comfortable with them. They are just like the covers of romantic magazines and the penny dreadfuls that started in the Victorian era. The hair colour and cloathing colour told you who was the villain and who was the hero. Along the line other affectations such as moustaches and eye glasses got borrowed, became stylized and thus became memes in their own right. A few deft strokes of a pen will give a top hat, twirly moustache and cloak of the arch villain. It needs no face or body and even the stylised rail way lines are not required.

Thus such memes have no real contact with the dullness of reality. Though it can get turned around such as the Guido Fawkes maskes where a meme becomes a reality even though a glitzy facade of a masquerade.

Thus we could use memes of older times, the blindfold style mask and striped jumper of the archetypal criminal meme, but instead of a swag bag, a modern day tablet with a long boney index finger of a left hand[3] poking at a virtual screen.

[1] Because of idiot LEOs and Prosecuters, trying to play infantile mind games we now have to add what is becoming an obligitory notice saying that we are talking hacking as it originally ment, not what they falsely try to portray to juries to make it sound like criminals... Which is why we have the term "cracking" for that sort of criminal activity.

[2] Which is why you get the two masks one sad one happy as a symbol of the theater.

[3] Why a left hand, well the simple answer is the left hand is "sinister" and like anti-clockwise is considered a sign of evil and has done for centuries. From Merriam-Webster's,

    "Sinister has an etymology that might seem a bit biased against the left-handed portion of the population, as this word, which has had naught but disagreeable meanings for over five hundred years now, comes from a Latin word of the same spelling that means “on the left side.” We find this root in other English words, such as the adjective sinistral (“left-handed”) and the adverb sinistrad (“toward the left side”). To make things even more unfair, the Latin word dexter (“on the right side”) has given rise to English words with largely positive meanings, such as dexterity and ambidextrous."

https://www.merriam-webster.com/dictionary/sinister

gordoJuly 31, 2019 12:33 PM

@ Bruce Schneier,

Don't know if you've tried here alteady ...

Harvard Law School
Graphic Design

The Office of Communications provides select graphic design support to the HLS community. Our services include print design for posters, brochures, invitations and graphics for campus video displays.

If you need a poster, either printed or for the campus video displays, or other graphic design support, please email ...

https://hls.harvard.edu/dept/communications/graphic-design/

Alyer Babtu July 31, 2019 2:50 PM

I know ! Use a picture of Anna Wintour seated at a desk! Perfect hacker look with those large black glasses, and so much more stylish generally. Or, ... yesss ... , suggest to her that the next Met Gala have a hacker/crypto theme - now that’s imagery!!

Clive RobinsonAugust 1, 2019 12:10 PM

@ Anders,

The paragraph from the article every one should realy realy take note of is,

    ... worked for Amazon [as] a systems engineer in 2015 and 2016. It is worth noting that Capital One’s server was hosted on Amazon Web Services which [Amazon]has been lately making headlines for exposing medical, influencers, social media, personal, financial and military data online

As was originaly said when the notion of cloud computing was thought up "security incentives will not be aligned".

As normal Amazon's name just keeps on poping up in all the wrong places if you have any kind of privacy or security in mind...

APAugust 1, 2019 3:00 PM

@ Clive,

It's hardly AWS' fault that corporations routinely fail to set up their S3 bucket permissions correctly, even when they render a big yellow PUBLIC icon next to credit_card_numbers.csv. Hosting your infrastructure on AWS is as secure as using any third party datacenter in the United States. The root cause of the Capital One breach was a misconfigured firewall allowing credentials to leak; it's only clueless journalists blaming this on Amazon.

Clive RobinsonAugust 2, 2019 10:29 AM

@ AP,

It's hardly AWS' fault that corporations routinely fail to set up their S3 bucket permissions correctly,

Actually it is AWS's fault[1] or atleast that is probably how the majority of the public will see it.

For various reasons Amazon is not popular at the moment, and they are believed to be "cash rich" and treating their employees badly. So much so some have said "Biggest Sweat Shop in the West" or similar. They also stand accused of not paying the taxes they should and half a dozen other sharp practices. None of which makes them attractive in "The Court of Public Opinion"...

Thus being technically not at fault is not the name of the game. Oh and being "technically right" does not absolve you of responsability under law. Have a look at the notion behind "An Atractive Nuisance". Likewise have a look at the Ford Pinto debacle,

https://www.tortmuseum.org/ford-pinto/

I'm fairly certain Amazon will have both adverse tests of AWS and paper trails effectively ignoring it etc. Or worse still they will be shown to have had them, but conveniently lost/deleted them or similar.

[1] Look at it this way, Amazon are charging for a service, irrespective of what their EULA says people will see them as the people with responsibility. If Amazon's service is deemed "not fit for purpose" then the law will be against them. The thing about "fit for purpose" is it's subjective when it comes to not just goods but services as well. The chances are a set of motivated lawyers could make something stick.

TDAugust 3, 2019 11:58 AM

How is this different from organizing the enormous word jumble that tries to cover the breadth of cybersecurity?

I'm not a professional market messaging person (and you really, really do need one to do this), but for the incomplete list of "end-users" listed in the Challenge, here's a quick & dirty:

Persona 1: Civil rights activist focused on cyber safety. - Use 4th Amendment (or local) legal concepts to develop images. Rights and privileges need to be adapted/derived from existing, tested and accepted jurisprudence, at least as a start.

Persona 2: Chief Information Security Officer at a large technology company - This is the most important cybersecurity role that is universally broken. Simply, managers aren't/can't manage it and the reasons fit in a book. Security is a designed-in quality and most large IT depts can't manage "quality" development (so no, they can't manage "security thru advanced surveillance," either). Use images showing chaos, lack of corporate will and apathy.
(Why limit to "a large tech co?" Any government and most corporations have just as important user data...)

Persona 3: Policy maker with strong influence in US data privacy laws - See Persona 1. (i.e. 4th amendment has long been used to protect postal content from surveillance (while address is considered "public"). Why isn't the same concept applied to email address vs body? We've technically been able to do this for 20 years.)

Persona 4: High profile business journalist - IDK, what's a good image for releasing the personal records of every credit card holder in the US? A sample image of a formatted "Jane Doe" bank record?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.