What I Learned During My Summer in Security
I remember getting the letter in the mail. It wasn’t a question of if, but when. A data breach had occurred, and my data was potentially impacted. Almost everyone I knew had already received their letter and set up their monitoring accounts. The day arrived when I got mine, and I was reminded that in today’s highly interconnected world, we’re all vulnerable. And I felt powerless. After all, just to be part of organizations, to gain employment, to make transactions online, offering personal information is often the prerequisite.
As citizens, employees, students, consumers, we put a lot of trust into organizations each day, and, consciously or not, accept the associated risks. Until something goes wrong, it’s easy to take that risk calculation for granted. Before the letter arrived, I hadn’t ever considered how at risk I am all the time, and I doubt I’m alone. Many of us simply don’t know the questions to ask or where to turn to learn more about cybersecurity.
It’s with these personal experiences, and the constant headlines about data breaches, on my mind that I entered summer 2022 as a Security Communications and Engagement intern with Salesforce.
As many of you may already know, trust is Salesforce’s number one value. Not only does trust mean customers can depend on our security, performance, and transparency, but trust is also built into a strong internal culture of security awareness that begins on day one for each employee. And this summer taught me the intricacies of how we ensure it stays that way across audiences.
What’s in it for Them?
In my academic life in Communication and Media Studies, I’ve spent a lot of time pressing the importance of understanding one’s audience into the minds of the undergraduate students I’ve taught or tutored. We often learn and teach about Elihu Katz’s “uses and gratifications theory” from the 1970s. Katz asserted that individuals have differing motivations (uses) for the various media they engage with and these motivations often impact the function of the mediums themselves. Whether it’s a social media app, an email campaign, or a learning platform, people have different uses and get different forms of gratification from the media they interact with.
I experienced this firsthand working within the Security organization at Salesforce, which has many audiences — both internal and external — and many channels through which to drive messaging and communications. One of the greatest takeaways I have from this summer has been further understanding how to write for different audiences, including how to identify the unique values and motivations that might prompt them to engage with or act from what I deliver. For instance, a customer’s security needs might be quite different from an employee’s, but we can better tailor our interactions by asking, “what motivates these audiences to care about what I write?” or “what is in this for them?”
I Can Speak Clearly Now
Beyond audience considerations, I’ve learned just how important it is to engagement to ensure precise and concise communication. We’ve all done it; underestimated the thought and strategy that goes into all those messages in our inboxes, simply swiping them away or hunting down that hidden “unsubscribe” button.
But have you ever stopped to think about who is helping shape the direction of those messages within those companies? An undergraduate professor I had always emphasized that “words matter,” and this summer was the perfect opportunity to see how this is applied within Security contexts. Confidence and clarity go a long way towards helping employees adopt best practices and stay up-to-date on the latest and greatest information.
And for our customers, it means clearly communicating what you need to know and how we can help serve you. As I drafted various content, I would ask plenty of questions and get lots of helpful input from various stakeholders. Thankfully, Salesforce has highly-experienced and knowledgeable teams of people working around-the-clock to ensure we continue to earn the trust we know we can provide.
Security is Complicated
As I worked on understanding what Salesforce Security professionals do and what they think about, I was continually reminded of how big their jobs are, how niche and yet broad their work roles could be, and how much they are constantly learning. For me, it often felt like drinking from a firehose in the best way.
My conversation with Saša Zdjelar, about Zero Trust, opened my eyes to the ways I can better protect myself beyond my time here, the best-practices of security in other organizations, and the context surrounding the implementation of multi-factor authentication. It can sometimes seem frustrating to jump through so many hoops to gain access to my own data or accounts, but my chat with Saša and the breach letter I got in the mail reminded me of how important it is to have my data secure and why we should be embracing these extra steps.
Perhaps the most important thing my summer in Security gave me was the encouragement and knowledge I needed to better understand my own security and follow best practices like those at Salesforce. After all, each one of us is responsible for owning our personal cybersecurity, even if we don’t have a career in it. And hopefully, learning more about security will help us each feel more powerful, instead of powerless.
For anyone interested in diving deeper, Salesforce has partnered with the World Economic Forum Centre for Cybersecurity to develop the Cybersecurity Learning Hub. This free online platform can help you skill up with guided learning paths, career insight, and professional resources.