Lazy Man’s Load: Credentialing and Education That Never Fails
It was a hot, muggy summer day in central Iowa. 1966. We were visiting my uncle’s subsistence farm as a family. I was sleeping in a tent camper and using the detached “unflushable” bathroom with all the other family members. There are just some smells you never forget.
I was standing by the bank barn with my father and younger brother, idly kicking at clumps of dirt with my shoe. My father summoned me to the barn door, pointed to a stack of building materials and asked me to transport the lot to an outbuilding a hundred yards away.
“We’re going to help your Uncle Sam (yes, I had an Uncle Sam and am proud of it) fix up a pen for the pigs. You can bring these boards and fencing over while you brother and I prepare the area.” I looked down at the pile of dangerous materiel: old boards with rusty nails, sharp edges on tin sheets, pointy edges on old fencing. My brother glanced over his shoulder and stuck out his tongue at me. I guess he felt he got the better of the two jobs for young boys. I responded in kind, vowing to find a way to reassert my sibling superiority in this situation.
After rejecting a straightforward plan to make several trips carrying these deadly objects in my arms, I cast about the barn for other options. I eventually settled my gaze onto a couple raw wood poles just inside the door. I recalled a recent episode of The Virginian I had watched at home and had an idea. I was going to make a human-powered travois. Of course, I wouldn’t have known the word for a couple years, yet, but I had seen those Native Americans hitching two teepee poles behind a horse to drag an injured colleague to get help. I could make one I could pull.
My father watched with mild alarm as he saw me pulling the poles he did not request from the barn. His facial expression evolved from this mild alarm, to curiosity, to outright mirth as he watched my project unfold. I dragged the poles next to the pile, crossed the ends and fastened them together with a hitch knot (my father was a Navy veteran). Once the basic frame was built, I started loading the entire pile onto my makeshift sled, then went around to see if I could pick up the conjoined ends. It worked – sort of.
As I pulled away, several pieces of my load slipped off, but I had already decided to make this thing work, Hell or high water. One load, one haul. I stopped, reloaded my sled, shifted my weight, and set off again. I made two more stops to pick up other wayward pieces, but I made it to the place near the shed where my father waited. I unloaded my travois, piled up the building materials, glared at my brother, and set off with the empty poles to return them to the barn.
As I returned, my father was laughing heartily, and said, “You, know there is a reason I give you certain jobs, don’t you? You have to be the laziest boy I know. That is what we call the “Lazy Man’s Load.”
I was crestfallen. I was waiting to be congratulated for ingenuity. Lazy was such a damning pejorative in my family. My father saw the darkness cross my face.
“Hey, that wasn’t meant to demean you. You always look for the easiest way to do a job. We just call that the Lazy Man’s Load. You never fail.”
I was still feeling the sting of the word lazy. I would be so for many years while I didn’t really see the simplicity and honesty in the remark. It ended up becoming a prism to help me perceive many events I experienced in my professional life.
One of the most significant cases of the Lazy Man’s Load I dealt with professionally was the on-going myth of a cybersecurity jobs gap. Various industry organizations have, for years, documented and tried to explain the purported millions of open jobs asking for cybersecurity skills and qualifications that go begging for lack of qualified applicants. The hot takeaway is almost always that anyone with any degree of cybersecurity skills and training can land a big-bucks gig. Digging deeply into the data revealed an interesting application of the Lazy Man’s Load.
While analyzing data points and researching the sources of information, I noticed recurring sets of words and descriptions obviously cribbed from other writings. As a former graduate school lecturer with two decades of experience, I have a finely-honed ability to quickly spot plagiarism. I was seeing it everywhere. The same words and phrases, cut-and-pasted into different job descriptions and vacancy posts.
(Side note: I once had a student submit a paper with plagiarized content. When called on it, he asked how I found out. I showed where he had copied material FROM A BOOK I WROTE.)
Let’s face it, why would someone go to the trouble of doing a job/task analysis, skills assessment, and compensation review when you can just copy something you barely understand into your corporate template and call it good? The Lazy Man’s Load in this case is being carried by hiring managers, HR personnel, and recruiters the world over — even in large companies and consultancies. People are grabbing a job description online, doing some light editing, and posting the requirement. The comical result has become an enormous paper gap being touted by journalists and technology companies alike as some type of major impediment to effective information security programs worldwide.
The fallout from these flawed studies has also ensnared the highly-profitable and ever-expanding education industry. In a scramble for student dollars, every [dot] edu and related institution has set up a cybersecurity curriculum promising rich, rewarding careers to graduates who have soured on questionable degrees in biology and psychology. Credentialing organizations, vendors, and trade groups are offering certifications that also promise a breeze through the HR screening process and a quick entry into the well-paying corporate ranks. Their product- or subject-specific certifications are a form of packaging one’s knowledge and/or skills into a recognizable package to function as the Lazy Man’s Load for hiring managers and recruiters: pre-packaged knowledge to fit neatly into a pre-packaged job description.
Where are these institutions getting their detailed cybersecurity curricula given that so many educators don’t even have any industry experience? It’s another case of the Lazy Man’s Load. Many educational institutions build their programs directly on the back of industry credentialing organizations. It’s far from uncommon to see a university require successful achievement on a credentialing examination from trade group. They are basically offering the student a two-year version of the one-week boot camp with more coursework. Why spend the innumerable hours hiring experienced practitioners, developing industry-specific educational materials, and validating their applicability when you can simply copy someone else’s work?
What we have now in cybersecurity are educational institutions copying materials from trade groups, vendors, and each other; each trying to quickly package the Load in a way to attract students and sell them on a career. The desired outcome is certainly laudable. However, the way the Lazy Man’s Load is invoked has meant a distinct lack of innovation and relevance. Taking the lazy way isn’t always a bad idea — unless everyone is doing it.