Daily English
Cultural English
Practical English

536 Topics: Ask an American – Corporate Data Security; consulting versus consultancy; to conduct versus to operate

Complete Transcript
You’re listening to ESL Podcast’s English Café number 536.

This is English as a Second Language Podcast’s English Café episode 536. I’m your host, Dr. Jeff McQuillan, coming to you from the Center for Educational Development in beautiful Los Angeles, California.

Visit ESLPod.com and become a member of ESL Podcast, and when you do – oh yes, when you do – you will be able to download the Learning Guide for this episode. This Learning Guide, that you will be able to download, has a complete transcript of everything I say, so you can follow along as you listen.

On this Café, we’re going to have another Ask an American segment, where we listen to other native speakers talking at a normal rate of speech – at a normal speed, that is. We’ll listen and then explain what they are saying.

The topic today is corporate data security, something that is important to all of us. Are companies keeping your private information private? And as always, we’ll answer a few of your questions. Let’s get started.

Our topic today is “corporate data security.” “Corporate” (corporate) refers to a corporation, which is another name for a large company. “Data” (data) refers to information, such as would be found on a computer. “Security,” of course, refers to keeping things safe. So “corporate data security” refers to keeping electronic information safe on a computer, especially the computers of a company. We’re going to listen to some of the problems that companies have keeping your information safe.

We’ll start by listening to a gentleman by the name of Hugh Thompson. He works for a “security firm” – a company that tries to keep corporate data safe. He’s going to talk about one very clever, very intelligent way in which certain people, whom we would call “hackers,” try to get access to computer information – or information on computers, I should say – by tricking or by trying to fool some of the people who are responsible for keeping the computer information safe. Let’s listen and then we’ll go back and explain what Mr. Thompson has said.


“People like system administrators, and then going online to social media and finding out what their favorite restaurant is, what their favorite sports team is, and then crafting an email that looks so painfully normal that you would really think that it is from a friend or it is from a colleague.”

[end of recording]

The first part of what Thompson says is a little confusing because it seems as though we are coming in somewhere in the middle of a sentence. He is talking about what people called “hackers” do. A “hacker” (hacker), as I explained earlier, is a person who tries to get access to a computer illegally, or without permission. One of the things that hackers do is investigate the people who are responsible for protecting corporate computers, people called “system administrators.” A system administrator is a person who is responsible for the computer system in a company or large organization.

What hackers do is they investigate people such as system administrators by finding out what these people like. How do they do this? Well, they go online. They go onto the Internet, to social media. “Social media” refers to websites such as Facebook or services such as Twitter. These people, the system administrators, have Twitter accounts and Facebook accounts, and people are able to look at those accounts and find out sometimes what the favorite restaurant of the system administrator is, what the favorite sports teams are of the system administrator.

Then these hackers craft an email. The word “craft” (craft) can be both a noun and a verb. Here it’s used as a verb which means simply to write or create something. In this case, it’s referring to creating an email or writing an email. The hackers “craft” – they write carefully – an email that looks, as Thompson says, “painfully normal.” “Painfully” (painfully) is an odd word to use here, but it just means “very normal.” It’s used for emphasis, to show you that this is so normal you wouldn’t even think that it might be coming from a hacker.

They write these emails that look very normal to the person receiving them. So “that you would really think,” Thompson says, “it is from a friend or it is from a colleague.” A “colleague” (colleague) is a person who works with you. So, the hackers find out information about the system administrators and then they write an email from, say, a friend or a colleague, saying it’s a friend or a colleague, and the person thinks that this is a real email because it may mention their favorite restaurant or it may mention somewhere they went last night and posted a picture on their Facebook account about.

This is why social media sites can be somewhat dangerous when you give people information about your life. That’s exactly what hackers use in order to fool system administrators into thinking that the email is real, and of course, the system administrator might respond to that email, giving information away that he should not or she should not.

Let’s listen again to Mr. Thomas explaining how this works.


“People like system administrators, and then going online to social media and finding out what their favorite restaurant is, what their favorite sports team is, and then crafting an email that looks so painfully normal that you would really think that it is from a friend or it is from a colleague.”

[end of recording]

Tricking or fooling system administrators is just one way that hackers are able to sometimes get access to computer data. We’ll listen now to another person who works for a company that tries to keep corporate data safe. This person’s name is Mr. Gong. He’ll describe other ways that hackers are able to get access to computers. Let’s listen.


“So, they can get hold of a lot of tool kits, just a lot of attack techniques and solution[s] get packaged, so they are easily available to them.”

[end of recording]

Mr. Gong begins with the word “so.” “So” can mean “therefore” when you are concluding something, when you are making a conclusion. However, in the last few years, it has become common, especially among younger speakers of English – that is to say, people younger than I am – to use “so” in the way that people used “uh” or “um” or “well.” It doesn’t really mean anything. It’s just what we would call a “filler (filler) word.”

Mr. Gong’s English is somewhat accented. He may not be a native speaker of English, but he speaks English just fine. Mr. Gong says, “They,” meaning hackers, “can get hold of a lot of tool kits.” “To get hold of” something means to get access to something, to be able to actually “obtain” (obtain) something. It means, really, to get it. But “to get hold of” usually implies that it requires some work to get.

These hackers get “tool kits.” A “tool” (tool) is anything really that you use for a specific purpose. A computer is a tool that you use to get information or to communicate with other people. A pan is a tool that you use in the kitchen to cook with. The word “tool,” however, usually refers to things that you use to build other things with – a hammer, a screwdriver – all of these are tools.

The word “kit” (kit) here refers to a collection of things – a group of things that would be used for some specific purpose. So, a “tool kit” would be a group or a collection of tools used to do something. The term has become popular in the world of computers, especially “computer software” to refer to a group or a set or a collection of computer programs or pieces of software that are able to accomplish or do certain things.

Mr. Gong says that these hackers can get a hold of tool kits to help them get into computers. These tool kits, these collections of software, have “a lot of attack techniques and solutions.” In other words, they have a lot of ways of getting access to a computer. These solutions, these ways of solving a problem or ways of getting an answer to a problem, are often packaged. “To package” (package) something is to put it together, or at least that’s one meaning of the word “to package.” It means to collect things together in something that we might call a “kit.”

So, a “tool kit” is a packaging together or a putting together of different software programs that are used by hackers in order to attack a computer. Notice the use of the verb here, “to attack” (attack). “To attack” someone usually means to hurt them or to harm them, by hitting them or perhaps shooting them or causing them some sort of injury. “To attack a computer” means to get access to a computer when you’re not supposed to have access to that computer. And that’s what hackers do. They attack computer systems.

These packaged software tool kits are easily available to hackers, according to Mr. Gong. They can get them very easily. Let’s listen to Mr. Gong one more time.


“So, they can get hold of a lot of tool kits, just a lot of attack techniques and solution[s] get packaged, so they are easily available to them.”

[end of recording]

Finally, we’ll listen to Andy Steingruebl of PayPal. You’re probably familiar with PayPal. It is a payment processing service that is used to pay companies. Mr. Steingruebl has what he thinks is some good news for those of us worried about corporate security. Let’s listen to what he has to say and then we’ll explain it in a minute.


“Because of the work I do, I’m actually kind of an optimist, on . . . on a lot of this, about how well – uh, at least some companies are doing, uh, in upping their game, in developing better next-generation defenses, um, and the way technology and innovation are leading the way, um, on keeping companies and their customers safer.”

[end of recording]

Steingruebl begins by saying, “Because of the work I do” – he works in corporate security for PayPal – “I’m actually kind of an optimist.” An “optimist” (optimist) is a person who always sees the good in the situation, who is always positive, who thinks that good things will happen. The opposite of “optimist” is “pessimist” (pessimist). A pessimist always thinks that bad things will happen – a person who always sees the bad in a situation thinks that things are going to get even worse.

Our Mr. Steingruebl thinks things are not bad. He is an optimist. He thinks that things are going to be okay when it comes to corporate data security. He says, “I’m actually kind of an optimist.” He’s “kind of” an optimist means he’s sort of an optimist. Maybe he means he’s not a complete optimist. I’m not sure. This expression “I’m kind of” is used a lot in conversational English.

When Steingruebl says, “I’m kind of an optimist,” or “I’m actually kind of an optimist,” I think he’s just saying “I’m an optimist” or “I’m somewhat of an optimist” – perhaps he is trying to say that he’s not a complete optimist here. Steingruebl says he’s “kind of an optimist on a lot of this.” And then he explains what he means by “this.” “About how well – uh, at least some companies are doing.” He’s an optimist about how well some companies are protecting data. He says these companies are “upping their game.”

“To up (up) your game” means to get better at something, especially some sort of performance or activity that you are doing. Usually it is used in the world of sports to refer to someone who is doing better at that particular sport. Nowadays, however, you will also hear it in general conversation, especially in business, to refer to people who are performing better or perhaps have to perform better. If your boss says, “You have to up your game,” she’s telling you, you have to get better at what you are doing or you have to do better at what you are supposed to do.

Steingruebl thinks that companies are getting better at corporate security. He thinks they’re getting better “in developing better next-generation defenses.” “Next-generation” here would refer to a technology that is better than what we have now. “Defenses” refers to protection. So “next-generation defenses” would be technologies that are better than the ones we have today.

Steingruebl is also an optimist about the way technology and innovation are leading the way on “keeping companies and their customers safer.” “Innovation” (innovation) is creating something new, doing something that hasn’t been done before. Steingruebl is talking, I think, here about the way that companies are trying to develop new ideas and invest money in new ideas to help keep customers safer. “Customers” (customers) refers to the people who buy things from a company or who buy services from a company.

Let’s listen to Mr. Steingruebl one more time.


“Because of the work I do, I’m actually kind of an optimist, on . . . on a lot of this, about how well – uh, at least some companies are doing, uh, in upping their game, in developing better next-generation defenses, um, and the way technology and innovation are leading the way, um, on keeping companies and their customers safer.”

[end of recording]

I’m not sure if you feel better now about your private data in the hands of, or on the computers of, the companies that you give that information to, but we’ve done our best.

Now let’s listen to some of the questions you have for us – and more importantly, the answers.

Our first question comes from Alessandro in Italy. Alessandro wants to know the difference between “consulting” and “consultancy.” “Consulting” (consulting) comes from the verb “to consult.” “To consult” means, in the business world, to offer some sort of professional or expert advice or help. “To consult” can also mean simply to get the advice or opinion of another person.

But in business, “consulting,” coming from the verb “to consult,” usually refers to help or advice that you get from another person or perhaps even another company for some problem that your company is having. The verb “to consult,” when used in this way, usually is used with the preposition “for.” “I consult for a company.” That means that I get paid by a company to give them advice or help or expertise in some area. A person who does “consulting” is called a “consultant.”

The word “consultancy” (consultancy) refers to a company whose primary activity is to consult for other companies. So, a consultancy is a company of consultants – a company that gives advice to other companies.

Our next question comes from Sweden, from Haji (Haji). The question has to do with two verbs, “to conduct” and “to operate.” “To conduct” (conduct) has a couple of different meanings. One of them is to plan and do some things, such as an activity. This verb is often used in particular circumstances – for example, when we are doing an investigation, when we are trying to find out information about some mystery or some problem, we would use this verb “to conduct.”

“I’m going to conduct an investigation.” “The police conduct an investigation into a problem.” Notice the preposition “into” goes with this verb and the word “investigation.” “The police are conducting an investigation into a crime,” into something that happened. They’re trying to find information out about it. They’re trying to find out who did the crime – who “committed,” we would say, the crime.

We also use this verb with “research.” “The scientist is going to conduct research.” The scientist is going to investigate, look into something by doing experiments and other activities in order to get an answer. You can see there’s a relationship here between “conducting an investigation” and “conducting research.”

“To conduct” is also used in a very different sense for someone who is leading a group of musicians or singers. We call the person in front of an orchestra, who leads the orchestra – a large group of musicians – a “conductor,” because what that person does is “conduct” the orchestra. He or she leads the orchestra, tells the orchestra what to do and when to do it.

The verb “to conduct” can also be used to refer to someone’s behavior. “I must conduct myself in a very polite manner,” in a nice way. A teacher might say to a student, “Learn how to conduct yourself” – that is, learn how to behave, how to act properly or appropriately.

There’s also a noun which is pronounced somewhat differently, “conduct.” Notice the difference between the verb “conduct” – where the accent is on the second syllable, or part of the word – and the noun “conduct.” “Conduct” refers to behavior. So, it’s related to this third meaning of the verb “to conduct,” as in “to conduct yourself.”

There’s a fourth meaning of the verb “to conduct,” which means to guide or lead someone through a place. We talk about a person “conducting” a tour. A group of people are led by a certain person who explains the important facts and information about a place. That is the “tour conductor.” You can see a relationship here between the use of the verb “to conduct” a tour and “to conduct” an orchestra. There’s a sense of leadership there.

We also talk about the person on a train who is responsible for driving the train, if you will, as being the “conductor.” He is the person who “conducts” the train, who leads the train, who guides the train.

The other verb Haji wants to know about is “operate” (operate). “To operate” can also mean to run something or to control something. So you might say the conductor “operates” a train or the conductor “conducts” a train.

There is some similarity in meaning in that particular definition of “to operate,” but “operate” has a much broader, more general meaning, which is to use or to control something. You operate a machine. You operate your computer. You operate your car. You operate the oven. “Operate,” then, can be a very general term to refer to using and controlling any kind of machine.

“To operate” can also mean simply to function or to act or to behave. You could say, “I don’t like the way our new boss operates.” I don’t like the way he does things. I don’t like the way he behaves. “To operate” can also mean to be the leader of, especially if we’re talking about a business or a program or an organization. If you ask, “Who operates this department?” you mean who is the leader of this department, who controls this department? Again, there’s similarity in meaning here with the other definition I’ve given of “operate.”

There is one special use of the verb “to operate” in medicine. In medicine, “to operate” means to perform something called a “surgery” (surgery). A surgery is usually when a doctor does something to your body – cutting into your body in order to cure you or to heal you of some illness or problem.

If you have a heart attack, if there’s some problem with your heart, the doctor may need “to operate on your heart.” Notice the preposition “on” is used in this sense of “operate.” The doctor may need to “operate on” your heart. The doctor may need to actually open up your chest and go in and do something to your heart in order for you to survive, in order for you to live longer.

If you break your leg, the doctor may need “to operate on your leg.” He or she may need to cut into your leg and do something to your bone so that you are able to walk on your leg again someday. Another way of referring to this activity of “operating,” in a medical sense, would be “to perform surgery.” The person who “operates,” or performs surgery, is called a “surgeon” (surgeon). A “surgeon” is, we hope, a doctor. Not all doctors are surgeons, but we hope all surgeons are medical doctors.

If you have a question or comment – if you’d like us to operate on your English – well, email us that question at eslpod@eslpod.com and we’ll do our best to fix whatever problem you have.

From Los Angeles, California, I’m Jeff McQuillan. Thank you for listening. Come back and listen to us again right here on the English Café.

ESL Podcast’s English Café is written and produced by Dr. Jeff McQuillan and Dr. Lucy Tse. This podcast is copyright 2015 by the Center for Educational Development.

system administrator – a person who is responsible for the computer systems within a company, controls who has access to programs and information within a company, and has passwords for most or all of the software used within the company

* No one can view customer data without authorization from the system administrator.

social media – websites where people make connections with others and share information within their network

* Why do so many people post pictures of their breakfast on social media?

to craft – to write something; to create something

* How long did it take you to craft that speech?

painfully – a word used to emphasize that something is so extreme that it actually creates a problem

* That lecture was so painfully slow that we thought it would never end!

tool kit – a collection of tools, methods, or techniques that allow one to do something

* They’re selling an entrepreneur’s tool kit that supposedly gives a step-by-step guide to starting a business.

attack – a sudden attempt to cause harm, damage, or death

* Run and hide! We’re under attack!

technique – a particular way to do something

* Adrian’s violin teacher taught him a new technique to produce a softer sound.

solution – something that works; something that solves a problem

* If the door squeaks, then the solution is simple: just put some oil on the hinge.

packaged – presented to potential buyers in an attractive way

* Quentin’s invention is impressive, but it needs to be packaged better so that more customers can understand what it does and why they should buy it.

optimist – a person who is positive and cheerful, and believes that good things will happen; not a pessimist

* Mia is an optimist, who believes that bad times will never last long.

to up (one’s) game – to improve one’s performance, especially in sports

* Hannah is upping her game at work to compete with new employees by taking night classes in a master’s degree program in business.

next-generation – belonging to the newest and most advanced technology

* These next-generation cars are able to drive themselves.

defense – a way to protect oneself from danger or attack

* Mariah is taking a karate class to learn defense techniques.

innovation – the process through which people come up with new ideas, test them, try to implement them, and continually improve them over time

* Innovations in energy should help to reduce our dependence on oil and coal.

consulting – the business of offering professional or expert advice to people in professional or technical fields

* Their consulting firm specializes in marketing through social media.

consultancy – a company that gives professional advice to other companies for a fee; the business of offering professional or expert advice in a particular field

* They opened a consultancy that serves local dentists and orthodontists.

to conduct – to plan and do something; to direct the performance of musicians; to guide or lead someone through or around a place, usually while giving a tour

* The inspectors will conduct a thorough examination before writing their reports.

to operate – to function or behave in a proper or particular way; to use and control something; to have control of something, such as a business, department, or program; to perform surgery

* Did you take a class, or did you teach yourself to operate the equipment?

What Insiders Know
Hacker Terminology

Most people think of “hackers” as people who “seek” (look for) and “exploit” (take advantage of) “flaws” (errors; problems) or weaknesses in computer systems. Some hackers do this for fun, but others do it to create “mischief” (problems for other people that provide entertainment for others) or to “steal” (take without permission) money from “unsuspecting” (not aware that there is a problem) consumers.

Because the word “hacker” can describe such a “diverse” (made up of many different kinds) group of people, the terminology is “confusing” (unclear) and “controversial” (the basis of many arguments). Some people try to “clarify” (make clearer) the terminology by referring to hackers as “black hats” if they are using the hacker abilities for “criminal” (against the law) activities, and as “white hats” if they are security experts who use their hacking abilities to make companies aware of their “vulnerabilities” (ways in which hackers could create problems for the companies and their customers).

Other people argue that “hackers” are people who have a deep understanding of computers, but do not “break into” (enter without permission) computer systems. They argue that anyone who breaks into computer systems should be called a “cracker.” But the “media” (newspapers, magazines, TV news shows, etc.) generally continue to refer to all people in this area as “hackers.”

Another, related term is “samurai,” which is used to refer to people who are paid to break into computer systems to test their security. By using a “samurai,” a company can be sure that their systems are “impenetrable” (not able to be entered), or as impenetrable as possible with current technology and “know-how” (knowledge).