If you’ve been to the BuboWerks website before, you might notice that it’s a bit more colorful this month. That is because June is Pride Month, and BuboWerks is a huge believer in the importance of the LGBTQ+ community. Our mascot, the wise owl, is not a very flamboyant creature, instead relying on earth tones to blend in, much like a good security program will blend into its organization (too much, and people complain they can’t get their work done; too little and eventually you’re going to have a really bad day), so our website will just have to pick up the slack.
There are a couple major reasons to celebrate Pride Month. The first is just that it’s the right thing to do: everyone should be accepted for who they are regardless of the differences in how we look, where we came from, or how we identify. The second is that these differences are powerful in information security. Information security is a cat and mouse game where attackers are constantly developing new and novel techniques — as well as relying on some tried and true attacks — to steal whatever they can get. Defenders benefit from leveraging a diverse staff where everyone brings a different perspective, increasing the chances of heading off attackers and themselves developing new and novel defense strategies.
Everybody has something that makes them unique and different, but some differences are more compelling when it comes to developing better solutions to problems. I have had many friends and colleagues who may have looked different than me, but had a very similar upbringing, and consequently would likely approach problems the same way as I would. The world looks very different to my LGBTQ+ friends though; while we have made remarkable progress in LGBTQ+ acceptance these past few years, there are still many legal and social hurdles. Even here in Chicago — one of the most accepting cities in the US, LGBTQ+ people remain guarded and cautious as to when they can be their authentic selves. This caution serves one well in information security: someone with a good defensive mindset understands that most people are not out to harm your organization or its information, but all it takes is one miscreant to result in a lot of harm. A defensive mindset means having a better intuition for when something is amiss (and often it is that intuition that uncovers serious problems).
Hopefully, someday, everyone will accept LGBTQ+ people without question. Hopefully, someday, who someone chooses to love and how they identify themselves will no longer prove to be an asset when an organization is trying to protect its information. Until that day comes, we will leverage every edge we can get over the attackers, and fly our colors with pride. After that day comes, we’ll still fly our colors, because it’s the right thing to do.