Talking InfoSec with Strangers on a Boat (Or, “How I Spent My Recent Vacation”)

It’s common when taking a cruise that you are seated with fellow passengers in the dining room. I exchanged pleasant conversation with my fellow diners, when the seemingly innocuous question was asked that I had been dreading. “What do you do?” asked the couple across from me. I froze and glanced sideways at my husband. My mind raced while deciding if I should come clean and tell the truth, knowing that a series of questions would ensue. I made a decision. I smiled and said quietly, “I work in cybersecurity.” The couple exchanged excited glances and turned back to me to say, “Oooh! We have questions!” I reached for the bread basket and smiled again, “Sure. How may I help?”

Most of my fellow cruise passengers were retirees. I’m not saying that automatically means that they aren’t tech savvy. I met many who retired from STEM-related careers. (See this Twitter thread about the woman I met who oversaw the mainframes for her employer.) There were many people I encountered who had a curiosity to learn more about the tech they were using. As much as I wanted to be off the grid and away from InfoSec on this vacation, I felt that I had a great opportunity to educate people in a relaxed environment of willing listeners.

So, I was truthful about what I did for a living and listened to their questions. Without any judgment, and as FUD-free as I could, I gave tips to  everyone who asked. Tidbits that I thought they could take home with them as a cybersecurity souvenir from their trip. There was one woman to whom I briefly explained the strength of having a minimum of a 15-character password. For the remainder of the cruise, every time she saw me on board, she pointed at me and exclaimed, “15 characters!” It warmed my heart.

I ate lunch solo one day struck up a conversation with nearby diners who quickly asked “that question” and my dispensing of advice began as soon as I sat down. In the midst of me explaining Two-Factor Authentication, I realized that I was holding court. People came from across the cafe to sit around me to listen and ask questions. To be honest, it felt pretty amazing. I thanked them all for their curiosity and willingness to listen. Who knew cruisers wanted to enjoy scenic views and listen to me go on about VPNs?

I get that not every InfoSec professional wants to “talk shop” while on vacation. I tried my best to keep it light and stuck with the easy concepts that I know so that it was fun for me also. I admit that I don’t know it all, but I feel confident that I know the basic tips the help the average end user. I realized that I had an amazing opportunity to communicate with a willing audience and in the end, it might help a person or two.

Even though I didn’t spend my vacation “Hacking the High Seas”  (a @ChadDewey con talk), I do feel as though I helped move InfoSec forward by sharing what I know with retirees and seniors, a group that often gets overlooked when it comes to matters of tech and security. It made for a fulfilling vacation.