Re: RE: Infosec isn't about "cool"
Captain Underpants has it about right. I work in a totally different field to IT*, and face a similar problem trying to get people interested in the stuff that I do; simply jumping up and down an shouting "this is important - you have to listen to me, however bad I am at communicating it!" doesn't seem to work very well, and you just get sidelined by more interesting alternatives, which is a bad result for everyone.
Of course not every IT bod has to be a polished communicator; the underlying technical skills are way more important. But someone, somewhere, has to work out how to do for infosec what Brian Cox has done for astrophysics and actually get ordinary people engaged with it, using language and imagery that they can understand.
*I do tax policy. Sometimes I liken tax systems to an oil refinery - everyone can have an opinion on where it should be built, and what you'd like it to do (pollute less, focus on certain outputs), but when it comes to the actual design you should defer to the guys with the qualifications who actually know which valve should go where, and why you need to use high grade steel and not just leftover bits from your kid's Lego Technics to build it with. I'm working really, really hard to try to get some of the important messages about how tax systems work, and fail, across in accessible language in a desperate attempt to raise the tone of the debate, and it sounds like Captain Underpants is trying to bring a similar level of professionalism to infosec. (Yes, I find it deliciously ironic that we're getting lectures on professional conduct from Captain Underpants - but that doesn't affect the validity of the message.)