“It’s okay that you don’t understand.” This comment came after I was frustrated with myself for not being born a genius at math. Usually, when you don’t know a subject or you don’t understand it enough, subject matter experts (i.e. your teachers/professors/mentors/etc) put you down for it. But this time was different because I had a real subject matter expert who cared about the end goal: students educated in math. And because of that, this moment proved to be life-changing. “We haven’t really communicated math in a way that allows others to understand how it fits into their lives and why it’s so important,” my professor said gently. “You weren’t taught it correctly and shown how to practically apply it and see its beauty.” He had just taken time out to sit with me and a few other students after class because he saw that we just weren’t getting it. “Oh. Thank you, that makes me feel better,” I said taking a second to step out of my frustrations. I was relieved to finally find someone who was speaking human. My professor went on to kindly explain the why's behind the numbers and mathematical concepts. He showed us how we can practically use some (not all) of what you learn in school. Because of this, he made it fun and inclusive. Instead of getting wrapped up in his passion for math and how it solves all the problems in the world, he showed us the meanings behind each number. He drew out the why's and how’s of problem-solving. He gave a few funny and engaging stories on how he used math in his life unexpectedly. When I interrupted him with a question because I wasn’t understanding something he had said before, he paused and took a moment to figure out how he would best explain the answer. Then his eyes lit up and he gave a detailed analogy of this mathematical concept that had previously made absolutely no sense to me. I thought I’d never understand something so unnecessary and complex, but when he took time to break it down step-by-step with relatable examples along the way, that feeling went away, and I was able to fully grasp what he was explaining. After his class, I could never safely say I hated math ever again. Many other students felt the same. I wasn’t being shown the sheet music and told to memorize the notes and all the parts of the instrument while learning how to play with my eyes closed. I was shown the music, the tunes and pitches, how each beat or note made me feel and how beautifully I could dance to a piece. I was shown the beauty that enabled me to maybe one day play with my eyes closed. My most impactful teachers, professors and mentors all had similar traits. They all met me where I was and guided me to where I desired to be. All of them. Because they knew that in order for me to “dance with my eyes closed,” I needed to understand the why's and how’s. I needed to be met where I was without judgment and shown how to apply it. They knew that obsessing over what I didn’t know or understand wouldn’t allow me to grow. Imagine if my professor said this instead: “You should get this! This is a basic concept and shouldn’t have to be drawn out and explained.” How many years of self-help, doubting and fear would I have to go through to even reach a third of what he thought I should know? I remain forever thankful.
“End users are the weakest link.”
This comment and idea are on articles, podcasts, training and conversations. Some of us may not bring it up when talking with people outside the security community, but we definitely show it in more ways than not. My professor who patiently sat down with us after class wasn’t thinking that we were dumb and incompetent. Because if he did, we wouldn’t have learned anything, would have thought we were terrible at math and would have gone on to different and unsatisfactory career paths. But since he decided to table whatever frustrations he might have had, he created a change in our lives and careers. Instead of us feeling like we hated math or it wasn’t for us, we walked away computer scientists, cybersecurity experts, ethical hackers, programmers, system admins and generally amazing and smart people. He did his job and he didn’t let anything get in the way of his goal. Our goal is to mitigate as much risk as possible and create a safe and secure world using processes, technology and people. All three have different roles to play in this “game,” but all are equally important. In our community, we can’t expect to create any behavior change if end users are uncomfortable with mentioning that they don't understand or, worse, are afraid to talk to us if an incident happens. The reason we say “end users are the weakest link” is because “you can’t patch a human.” The implication behind this idea gives the illusion that we aren't human as well. It also closes the door to effective solutions and conversations on how we can best raise awareness, understanding and ultimately a behavior change. Out of everything I say to people outside of our field, the comment that helps “end-users” to start being more aware and developing better security habits is this: “It’s okay that you don’t understand.”
About the Author
: Fareedah Shaheed is the founder and CEO of Sekuva, a cybersecurity coaching business, where she helps small business owners and families implement cybersecurity fundamentals in their businesses and lives. In her free time, she enjoys meeting new people, learning new things, and gaming. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
