Inspiration

Cybersecurity’s Move Away from Offensive Hacker Terms

Person in a hooded sweatshirt with hood pulled up hacking on multiple computer screens.

Problematic language has historically reinforced unconscious biases and created a hostile environment for marginalized communities across a wide range of industries. In many cases, it sends the message that certain groups are excluded or subordinate, which perpetuates exclusionary practices and hinders diversity, equity, and inclusion, or DEI.

By using more inclusive language and bringing topics such as ableism, racism, accessibility, and ageism to the forefront, companies across different sectors are cultivating a welcoming environment that respects and values individuals regardless of their race, ethnicity, or background. One notable industry currently undergoing changes to problematic language is cybersecurity, although the transition has not been without its challenges.

The Power of Tech Language

As part of the evolution toward an inclusive and diverse cybersecurity industry, organizations across the sector had to take a step back to recognize the impact of the language used in everyday situations. Problematic terms such as “black hat hacker” and “white hat hacker” have been used to refer to cybercriminals notorious for “computer hacking” and cybersecurity experts accordingly. Yet they draw upon racial connotations that reinforce stereotypes. Similarly, terms like “hacker” and “cracker,” which are used to refer to individuals who access computer systems and personal information without authorization, can perpetuate negative associations and fail to accurately describe the diverse range of roles within cybersecurity.

In the broader tech industry, “master” and “slave” are terms that can have different functions. They can denote the relationship between an original piece of code or a lead system (masters) and the derivations it manages (slaves). But more importantly, the terms are words seemingly based on enslavement and can be damaging and exclusionary. Even “grandfathered,” a word used to refer to tech, infrastructure, or policies that are not subject to change, is derived from historically racist events. Its original usage dates back to the Reconstruction Era in United States history and refers to the practice of excluding individuals from voting rights.

Igniting Change

Events such as the Black Lives Matter protests triggered the need for change throughout the tech space. They have led institutions to take initiative and stop the use of problematic and offensive language. The UK National Cyber Security Centre, a national security agency, was among the first major organizations to call for reform after it announced it would stop using “whitelist” and “blacklist” to refer to items with (white)  and without (black) access to computer systems, networks, personal information, and other tech elements. This was due to the harmful connotations surrounding the terms. However, the efforts for change were present well before that. In fact, open-source projects like Drupal, Python, and Redis withdrew the use of problematic language throughout the late 2000s.

As a way to kickstart the movement for reform, initiatives have been launched to review and revise industry terminology, ensuring it aligns with DEI principles. Plus, industry associations and conferences have adopted inclusive language guidelines, setting standards for communication and promoting respectful and inclusive discourse within the field.

But, while leading cybersecurity organizations and tech professionals have overwhelmingly recognized the importance of inclusivity and actively work toward change, the movement has also met opposition. Generally, those opposed to change either misunderstand the intent behind changes or are accustomed to the established terminology. According to them, terms such as “black hat hacker” and “white hack hacker” are based on Western movies and the trope that bad and good characters would often wear black and white hats respectively.

Change in Action

The ongoing conversations on change make it possible for new topics, concepts, and terms to be explored. Currently, some important changes of note include:

  • Deny List

    A list of items without access to systems, networks, or other elements — formerly “blacklist.”

  • Allow List

    A list of items with access to systems, networks, or other elements — formerly “whitelist.”

  • Main

    Used along with other terms such as “primary” or “default” to describe the main role in a tech scenario — formerly “master.”

  • Worker

    Used along with terms such as “peripheral” or “helper” to describe the secondary role in a tech scenario — formerly “slave.”

  • Legacy

    Technology, policies, or infrastructure exempt from change — formerly “grandfathered.”

  • Malicious/Unethical Types of Hackers

    Cybercriminals who code for nefarious reasons — formerly “black hat hacker.”

  • Ethical Types of Hackers

    Certified professional hired to detect security vulnerabilities — formerly “white hat hacker.”

Inclusivity is Change for the Better

Inclusivity creates positive change. Take Procter & Gamble’s 2019 efforts as an example outside the tech industry. Their Head & Shoulders Royal Oils Collection enlisted the help of their Black scientists to create hair products that addressed hair issues for Black consumers. The product’s marketing campaign used inclusive language, people, and imagery. In return, Procter & Gamble saw a 5% increase in organic sales.¹

In the workplace, inclusivity has been directly linked with a sense of belonging. According to a study from BetterUp, this sense of belonging has led to a 56% increase in performance and a 50% decrease in turnover rates.²

By actively promoting inclusive language in cybersecurity, companies and organizations can encourage an environment that values and respects diversity. This, in turn, can lead to more innovative solutions, as diverse perspectives bring fresh insights and ideas to the table. Plus, an inclusive industry attracts a wider range of talent, fostering a stronger and more robust cybersecurity workforce.

Be Part of the Change

Cybersecurity continues to evolve — from developing more inclusive terminology and enhancing DEI to building a modern workforce skilled in new areas like AI, machine learning, and Blockchain. The Kenzie Academy Cybersecurity program from Southern New Hampshire University strives to help diversify this tech workforce and can help prepare you to enter the field.

As a Kenzie learner, you’ll learn from a hands-on curriculum designed by the world-renowned EC-Council to teach with  real-world tools, technologies, and scenarios. It’s a demanding and rigorous program, but one that prepares you for entry-level jobs in cybersecurity known to be rewarding and meaningful. Are you ready to change your future? Apply today.


Sources:

¹ The Business Case for More Diversity, The Wall Street Journal on the internet (Viewed May 15, 2023)

² The Value of Belonging at Work: New Frontiers for Inclusion in 2021 and Beyond, BetterUp, on the internet (Viewed May 15, 2023)

Ready to Discuss Your Future In Tech?

Click the button below to apply!

WordPress › Error