Cybersecurity & Technical Communication: A New Field to Consider
BY DR. JACKIE DAMRAU | STC Fellow and BEN WOELK | STC Associate Fellow & Past President, STC
A new field for technical communication professionals to investigate is that of cybersecurity. Just the word itself can cause some to think hard as well as to question: Is it cyber security or cybersecurity? We’re not sure that there’s a true distinction, but it does mean protecting a company or an individual’s information from the bad actors gaining momentum over you and your identity.
A few of our STC members have been in this field for some time; others are new to it. Ben and I proposed this special issue to share with you this field and what it takes to enter it. It’s not as difficult as one would think. Those in a company setting have been or should have been exposed annually to cybersecurity training of some type. For those that are independent consultants or freelancers, perhaps not as much—yet you should be aware of how any information you put out can be misused by the bad actors.
We have selected authors that are well-rounded within the cybersecurity field to present you with articles that cover the basic cybersecurity fundamental and the training one needs to consider. They conclude with how and what it takes to work in the cybersecurity field.
In This Issue
In the area of cybersecurity fundamentals:
- In “Technical Communication & Cybersecurity,” invited author Adam Coreil covers the universal principles that it takes to communicate effectively (regardless of audience or subject), why there is a need for cybersecurity, and the challenges within it.
- In “At the Intersection of Cybersecurity and Technical Communication: Frameworks Hold Opportunity for Technical Communicators,” Dawnell Claessen, CISSP and STC senior member, investigates the frameworks that govern cybersecurity as pathways that use a technical communicator’s abilities to establish and adhere to guidelines and standards as a logical career progression.
- As an introduction to cybersecurity, Jessica Behles (“How to Cyber: A Cybersecurity Quick Start Guide”) describes how cybersecurity should be a “priority for anyone using internet-connected technology.” She describes how to enter the field, and how she created a quick start guide to help her. In this article, Jessica defines many of the introductory cybersecurity terms which one should become familiar with.
Leaving the introduction phase, we go into training within cybersecurity. Here we have:
- Liz Herman’s “Developing Engaging Cybersecurity Training,” where the basis of her article comes from interviews with two experienced training managers and a social media survey that she conducted to collect additional perspectives. This article reviews cybersecurity training from a general to a narrower focus. The survey results show a diversity of opinions about corporate training on cybersecurity to individual thoughts on how companies should reconsider the type of cybersecurity training they engage in to ensure that the employees are not just breezing through the content to satisfy an annual corporate training goal.
- Rounding out this section is, “Beyond the Weakest Link: Maturing End User Information Security Education to Bolster Organizational Defenses.” Authors Valerie Vogel and Joanna Gram, share their perspective on cybersecurity as being broken into essential components of people, processes, and technology (a standard technology discipline). They cover the aspects of a company’s information security program: what it is, what it is not, how to “approach information security more strategically by focusing on the people and human risks.”
The final section in this special issue shares experiences of how these technical communication professionals became involved in the cybersecurity field. Of course, all our invited authors came into this field from other careers and have shared bits of that in their articles. The goal here is to share the journey taken to break into the cybersecurity field with you, our readers.
- Kat Reierson shares in “Intersection of Technical Communication & Cybersecurity” what it takes to consider a career in compliance. Compliance is more than just documenting processes and knowing the rules and regulations for a specific industry. She says technical communicators are unique in that we have the technical skills to work with SMEs; see what others do not; understand working with policies, procedures, and standards; and can train others on these topics. Kat shared examples of job titles and skill requirements, to see where your skills might lead you into a different career path.
- “Cybersecurity & Documentation: Security Considerations for Authors” by Bridget Khursheed examines the best practices, risks, solutions, and mitigations that technical communicators can put in place now to protect their companies, teams, and themselves. Her article comes from a TCUK 2018 presentation that Bridget has updated to include the latest information. This article also includes perspectives on how companies view security and why your APIs and documents may already be targeted by the bad actors.
- Ben Woelk’s “A Great Adventure: Working as a Security Awareness Professional in Higher Education” looks back on his 17 years of work at the Rochester Institute of Technology in the Information Security Office. He has taken his techcomm skill set, applied it to his daily work in cybersecurity, and spends much of his time in cybersecurity training and awareness. Ben takes you on his journey and shares the skills he acquired, the impact he has with and receives from teaching, and what it takes to be in the cyber security field in a higher education setting.
- In “A Short Career Sojourn into Cybersecurity,” Dr. Jackie Damrau shares her short journey in this field moving from a role as a senior business analyst into a senior risk analyst/project manager for a global commercial real estate company. During her time, she spent hours researching and reading various regulations and standards, eliciting information from her peers and managers, and continuously absorbing all she could. Her journey interestingly was cut short due to COVID-19 staff reductions; however, her experience has opened her eyes into the world of protecting an individual’s and/or company’s information in a world of bad actors wanting to take your personal or corporate identity.
This guest-edited issue would not have been possible without the support of Ben Woelk. Jackie reached out to Ben with her thoughts of wanting to do this issue as they were both in the cybersecurity field at the time. Ben still is in this field and is a consummate professional. Many of the invited authors were recommended by Ben.
Together, we have strived to bring you into the world of cybersecurity by sharing how you can enter this field, what you need to know, the training or certifications you can achieve, and our own personal journeys, to show the possibilities.
Enjoy this issue! Reach out to Ben and me as we’d love to know your thoughts on the world of cybersecurity.