Finding The Hidden InfoSec Story

Geordie Stewart

Geordie Stewart, MSc, CISSP, is an international speaker and keen innovator in the area of technology risk communication. His award winning masters thesis at the University of Royal Holloway Information Security Group examined information security awareness from a fresh perspective as a marketing and communications challenge. In his regular speaking appearances at international information security conferences such as RSA, ISACA and ISSA he challenges conventional thinking on risk culture and communication. Geordie is particularly critical of the “Death by a Thousand Facts” approach to influencing security behavior which has been failing now for over two decades. He has held senior security management roles in large UK organisations and his security governance experience includes retail, transport, finance, telecommunications and government. Geordie’s regular security awareness column for the ISSA international journal is reprinted here.

Why I Joined The Analogies Project

“I’m excited about the Analogies Project because it’s a radical departure from the stale old method of dumping facts on an audience and hoping that their behavior improves. Instead, the Analogies Project is fantastic step forward in framing security issues in a context that audiences can relate to and avoids overloading the recipients with multiple topics. Stories are a great way of making someone else’s experience real for the listener in a way that’s both contextual and credible. There’s a reason why Coca-Cola and Nike don’t just tell you ‘the facts’ about their products. The Mad Men know this and have been using stories to sell products for years. It’s about time the information security profession caught up. Facts don’t sell. It’s the features narrative (the story!) that does.”

Share This Post On