There are lots of cybersecurity experts

The best cops are generalists. The best robbers are one-trick ponies who know their trick very well. Which is the expert?
Written by Dana Blankenhorn, Inactive

Robert Cringely thinks cybersecurity experts are thin on the ground, so we're all doomed.

They're not. You just have to understand the term "expert" properly. Because you don't hire one expert, or 1,000.

You build an organization.  (Picture from KCBS, the CBS affiliate in Los Angeles.)

If your definition of expert means, as Cringely thinks, individuals who understand all the issues in cybersecurity, in context, know the state of play in all of them, and still have time to make themselves understood by reporters, then maybe he's right.

That's a rare combination of skills.

But if you're talking about people with a general knowledge of the whole field and specific expertise in one area, the world is filled with them.

Living in Atlanta, where one of the largest cybersecurity outfits has grown up (ISS, now part of IBM), I have been privileged to meet many such experts.

Some are expert on fixing problems as they emerge. Others are expert at deciphering new viruses. Some write monitoring software, still others are great at using it.

And a few, a very few, know how to explain it all.

This last may be the rarest skill. Managers in technical fields tend to come up from within the ranks. Within those ranks it's specific knowledge about narrow subjects that makes you valuable. Your ability to explain what you're doing is a bonus.

The best cybersecurity managers use English as their first language, and are enthusiastic fans of their colleagues' work. They're curious beyond their own area of expertise, and they're big on explaining just what is happening to others.

Of course as these managers are identified and promoted their specific knowledge tends to atrophy. Their view rises above the trees and they forget what alligators look like.

But this is true in every field. Academic researchers whose best days are behind them become administrators. The best of these know their organizational pyramid is upside down, and that they work for the people in the trenches, that it's not the other way around.

There is one more very important point such an "expert" once gave me. It was the basic difference between cops and robbers. Cops, he said, have to protect the whole perimeter while robbers just need to find one way in.

The best cops, in other words, are generalists, like those managers I described. The best robbers are specialists, one-trick ponies who know their trick very well.

So which is the expert? Cringely seems to think it's the robber. I think it's the cop. Even if he doesn't know all the robber's tricks, his respect for those tricks, his broad knowledge of the perimeter, and his ability to communicate in English are what set him apart.

You don't have to know everything to be an expert. If you can figure out who to ask, you're there.

This post was originally published on Smartplanet.com

Editorial standards