Exploring the security narrative in the work context

Abstract

It is a well-known fact that the language of IT security experts differs from that of non-security-related people, leading to a multitude of problems. However, very little work has examined the differences in perception between security experts within a single security department or company. The sociological theory of power relations and organizational uncertainties by Croizer and Friedberg suggests that uncertainties about the narratives used in a department can lead to potentially harmful power relations and dissatisfied employees. We conducted a qualitative interview study within two distinct IT security companies in order to research the impact of diverging security narratives within security departments. Our results show that there is indeed an uncertainty about the term IT security. However, one company we interviewed regarded this uncertainty as highly beneficial for team creativity, communication, and mutual education, while the other, more technical-focused company showed few diversions within the security staff, but a possibly uniting conflict with the company's IT department. Our results suggest that conscious shaping of a zone of uncertainty around the security narrative in the work context can be an important management skill for IT security practitioners. Furthermore, we show that the analysis of language uncertainties provides a powerful approach to studying the motivation of professional security groups.