We are in the back to school phase of the year, as an ex-educator, I still love the sense of fresh starts that this period brings. I always feel that we return to work and school with enthusiasm and I wish organisations capitalised on that more. It is easier to build goodwill at this time of year than later on, when cold evenings and dismal commutes are making people less optimistic. September is a really optimal time to recruit champions, get buy in for ideas and bring sponsors on board for any change.
In my workshop in Vegas, I encouraged participants to give themselves permission to do what they feel is right. And that was something they thanked me for saying, which was good but unexpected. I do feel that security awareness can be a tricky role, as it can be so many things to so many people. But if you feel that you have an idea and that it can make a positive difference, even if it is not a common idea, please do pursue it.We need less metrics and phishing and more meeting humans where they are.
For those of you interested in gamification, there is some useful research by Mazarakis and Bräuer on elements of successful gamification. I think gamification is an over-used term, we tend to see rather patronising or useless activities called “fun” because they are “gamified”. This research investigates what gamification is, and how to secure outcomes for your gamified activity- notably via narratives. The research is useful to anyone who understands that gamification helps with engagement BUT that to ensure outcomes, you need to have good communications around the work. And it needs to be tied to relevant objectives. We focus too much on engagement, which is just clicks or likes, and we should be focussing on what people learn or understand and how that can be shown.
Words carry weight, and this blog, by Ruth Mottram, about just that topic will be enjoyable reading for many of you. The blog uses the word “normal” as an example of how our assumptions and perspectives about that word can be harmful. I agree, I think we say normal to mean what is common or expected to ourselves, but that might not be the same for others. In the same way, our use in cybersecurity of military terminology can be harmful to our messaging. Attack, threat, war game etc can be very offputting or negative to hear. Similarly, shields up means very little to the average organisation. What do I do to put my shield up that I wasn’t doing before? Why and for how long?
I love privacy work,and this research on consent models and social licence is really interesting . I think we need to evaluate the current models of consent, what they mean and how we work with consumers and clients. It is certainly interesting to consider a model where the public are more involved with how their data is used.
Podcast corner
Ethical voices discusses multicultural communications
A slight change of plans has an important episode on the science of regret.
Tech won’t save us discusses the SBF trial and other issues.
The Cyber Ranch Podcast interviews people at Black Hat
I also checked all your cloud storage while I was in the USA, and your photos are all fine and secure. You are welcome
Have a great week and stay cool
M