Infosec Language Grows Up: The Bishop Fox Cybersecurity Style Guide
On February 15, Bishop Fox released their Cybersecurity Style Guide. I am absolutely stoked for them, and for the arrival of what looks like a new era in InfoSec language consistency.
I was lucky enough to get to speak to Technical Editor Brianne Hughes last week. “I polled the internal team,” she told me, “and got the https://willusingtheprefixcybermakemelooklikeanidiot.com/ sent back to me a few times. We need to be consistent as a department – Engineers want to know why, they want transparency, and they don’t want to be told what to do. We have lively dialog in the comments of our reports.”
She went on to say, “InfoSec merges hacker slang and military jargon in a corporate setting, and it’s hard to find middle ground. The language itself is a kind of slang, and the point of slang is to identify in-groups and out-groups, so there’s a definitely border built up that were looking to poke holes in to facilitate future conversations.”
Largely, those of us lucky enough to work for InfoSec companies enlightened enough to know that having editorial services available is a good thing, have mostly done our thing solo, and we’ve collected language that’s specific for our company. As a new editor in that position, there’s always that little moment of hesitation, where you try to decide what style guide to leverage. Microsoft, with its monolithic 1990’s tablet-down-from-the-mount style guide? Sun Microsystems, where once upon a time the collective Editorial staff met to decide the proper way to write “readme,” only to decide after four straight hours of heated argument that since the users knew what we meant, we would willfully refuse to standardize?
There’s the Yahoo Style Guide, the Salesforce Style Guide… everyone’s got one, and most editors have a favorite. But this is the first time I’m aware of that someone specifically in the world of InfoSec has taken a stab at creating something like unification, by not only creating a guide, but actively promoting it, and soliciting input from across the industry. “I made this for myself because I needed it,” says Brianne. “And I was lucky enough to have the skills and the support. It’s a beautiful environment where Bishop Fox has been around 12 years, but allows for passion projects.”
The second it downloaded, I sat down and read every word. You guys… this is superlative. Some highlights include:
- A technical formatting section simple enough to cover our needs, without going over the top to cover every possible contingency.
- An appendix explaining how decisions were made. This is particularly glorious, because mostly, we’re winging it. The Wild West style of InfoSec netymology has meant that most of us within our silos make a choice, and call it done. There’s been very little in the way of guidance about how to make those decisions. I think that if we, as editorial professionals, can help each other make consistent choices, the entire field will mature more rapidly, and that is all to the good for improving consistency and transparency of dialog between professionals and their clients.
- Another appendix for external resources. This is so beautifully thought-out, so comprehensive… I felt myself sighing in pure appreciation. I personally have somewhat different baseline preferences (we use Merriam-Webster at AlienVault, rather than Webster’s), but the majority of the resources cited are exactly what I’d have picked to share. I’m especially pleased to see the Conscious Style Guide in there. Brianne says,
“I’d love to frivolously tweet language puns. But I’m a real person in the real world, providing a platform and a voice to welcome those who aren’t being welcomed. I want to meet security where it is now… but here are some alternatives for how to start thinking about language. Think before you write…part of that is actively welcoming, not passively excluding.”
- The list itself. Anyone can make a word list, but this word list has humor, has verve… it’s clear that Brianne was having fun with this, as evidenced by the entry for QA:
QA: Short for Quality Assurance. Everyone needs an editor. :)
Is that not the coolest?
A guide like this does best with community buy-in, and community participation. The Editorial Team at Bishop Fox is accepting suggestions and comments here: style@bishopfox.com. I don’t know about the other InfoSec editors out there, but I’m standing on my chair cheering for the whole Bishop Fox team. Well done!