Strike a chord: What cybersecurity can learn from music
I recently watched my team composing some music for a cybersecurity awareness project and using it to take an immersive Dark Web Mission Control Centre to a whole new level. It got me thinking about what we – i.e., the cybersecurity industry – can learn from music.
Music is a massive part of popular culture and is universally loved across the globe. Conversely, cybersecurity is inapproachable and abstract to most people and is often seen as a blocker of productivity. People aren’t engaged with cybersecurity and this has led to a huge number of security incidents occurring as a result of human behavior. Most people have very little interest in learning about cybersecurity – awareness training is a chore, rather than a positive experience, and this is a huge part of the problem.
To make cybersecurity more engaging for laypeople, we could start by making it as memorable as music often.
Tell a different story
As we sat in our live composing session between London and New York and were being guided by the award-winning composer Michael Vignola, I started really listening to the sound and thinking about music and why it makes human beings feel the way they do when they listen to it.
Firstly, music makes use of storytelling. Music has been used to impart wisdom, remember lessons, pass on messages or say what you feel for millennia. As a species, we are drawn to music, and even music without lyrics can be used to elevate a story, create tension and suspense, build anticipation, and make something that is bland much more engaging.
Cybersecurity as an industry must also look to harness this power and tell a different story so that it can become more relatable for the audience. To get the security message across, we have to make use of storytelling to make the subject matter easier to understand.
Strike a chord
Watching Michael play his keyboard in the dimly lit studio, what struck me was the aesthetic of the music – what it takes to make sound, not just noise. For music to sound good, it needs multiple different notes to come together. When notes are played correctly, they create melody. All the keys have to be played in sequence – the black keys and the white keys. The notes – both high and low in range – have to pull together. When all of these elements come together and strike a chord, and then a sequence of chords, it makes music sound beautiful.
Cybersecurity must do the same, because at the moment we are just creating noise with one note. We have to invite people of all ethnicities, all genders, all disciplines, all neurodiverse thought processes into the industry. By increasing diversity of people, you increase diversity of understanding and message, and the noise becomes music – it is instantly more appealing to the layperson.
People that feel they sit outside of the industry see others like them taking part in cybersecurity and they start to listen. We should be inviting more diversity in so that we can reach as many people as we can with a new, engaging cybersecurity message.
Change the narrative
Finally, music has a structure and science to it. Music uses intros, choruses, hooks and bridges to keep the listener engaged. In this respect, the cybersecurity industry is similar – it is also very structured and scientific, but it doesn’t yet apply these same tools to draw people in and engage them. Music also does a great job of portraying this science as creativity.
Instead of being described as “formulaic” or “structured,” music is described as “visionary” or “creative.” In truth, it is all of these things, and you often hear musicians describing the formula that makes a great song. But the music industry does a great job of portraying its formulaic structure as a positive, making it more attractive and engaging for people.
The cybersecurity industry has to start doing a better job of showing off its creative side and of making itself more inviting for people to enter into, otherwise it’ll never attract the much-needed talent that other industries are currently taking advantage of.
Things must change
If we don’t do more to appeal to the layperson as an industry, then we will never truly see engagement in cybersecurity improve. We will continue to see more and more security incidents occur due to human error, because at the moment the message simply isn’t getting across.
Those of us working in cybersecurity must make some changes and do more to engage and inspire people, making learning an experience that they remember, as opposed to something they endure or click through as fast as possible. We have to get creative, break through the noise, and learn from music so that we can strike a chord with our audience.