You clicked on what?

Check out this piece of conference swag.

A cybersecurity vendor gave out these T-shirts at a conference last year.

Initially this shirt made me laugh, but just wondering if we should try not to make fun of “the stoopid users” so much.

Are people really the weakest link in the cybersecurity chain?

Lance Spitzner prefers the phrase:

“People are the primary attack vector.”

This subtle change in messaging reframes the conversation, and moves the blame away from the user.

He encourages all of us to stop blaming others and figure out how to enable instead.

“After all, how many operating systems do you know of that self-report when they’ve been hacked?”

Just wondering if there are other ways to shift the conversation when we engage with ordinary consumers / end users without talking down or making them feel “less than” for their lack of technical skillz?

Cybersecurity savvy isn’t evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don’t even know it.

Lance Spitzner is a board member of the National Cybersecurity Alliance and Director, SANS Security Awareness.

— Anthony Collette

Scroll to Top