Finding The Hidden InfoSec Story


Workshop Testimonials


Richard Corbridge – CIO, NIHR CRN

“The Analogies Project delivered a full day workshop to the virtual Information Governance team from the NIHR Clinical Research Network. The workshop was used as a kick start for the organisation to move to a new phase of assurance for the governance and security across the whole organisation (10,000 funded staff across the NHS). The Analogies Project was able to bring concepts relating to Information Security alive for a group that were quite new to the subject. The workshop was also a great way to build the teams confidence in how to present concepts relating to Information Security. The workshop was successful as the team were able to go away with detailed action plans for how to use the new skills gained from the workshop. The NIHR Clinical Research Network recommend the approaches used by the Analogies Project for engagement in the Information Security arena with staff in all areas of operations.”


Simon Plummer – E.ON IT UK LTD

“We engaged with Bruce who offered to provide us with an insight “mini workshop” based on the ‘Analogies platform’. We found this approach to be very engaging and different from the everyday ‘stand-up presentations’ most of us see on a daily basis. The use of these analogies and the thought process involved meant that it made everyday security topics (that are discussed so often) a reality by stimulating discussion and debate amongst colleagues. I can only imagine that a full workshop would add benefit enabling further understanding and appreciation of the impacts of everyday activities on information security. This approach in my opinion could work at all levels within an organisation and would certainly provide some benefit as part of any awareness programme.”


Project Testimonials


Jack Matthews, Marketing Assistant at Commissum

“The Analogies Project was introduced to me by a work colleague early on in my current job. I was starting to feel overwhelmed at the scale of the infosec world, and the analogies on your site and are a massive help for me when wrestling with the myriad topics related to information security, which at first seemed alien but with the help of The Analogies Project become more and more familiar.”

Neira Jones, Senior Vice President Cybercrime for the CSCSS

“Our own internal initiative at Barclays (The Consequences book) drew on fiction to illustrate best practice and has been extremely successful. The Analogies project first interested me as it proposed to draw parallels from our vast cultural heritage, art, theater, history to position the role of information security and communicate to varied audiences in a way they can relate to. The combination of the use of different platforms and themes not traditionally associated with security makes for an innovative approach and I look forward to contribute to it.”


Rik Ferguson, Global Vice President of Security Research at Trend Micro

“The Analogies project is a long overdue means to expand the security conversation to include those who work outside of its normal sphere of interest. Security and Privacy are now so deeply embedded into everything that we do that it is imperative that all of us, using whatever service are alive to the possibilities to protect our digital lives and the reasons why it is important to do so. As the work becomes ever more interconnected and always-on, as the volume of digital information we each generate continues to multiply, a real, plain-language, universally inclusive security conversation is indispensable, I will be proud to be a part of that.”


Wendy Goucher, Senior Security Consultant at Idrach Ltd

“I am joining this project because I know that stories work because they seep into the cracks between stress and disinterest of the working day.  However, just like the ‘right’ jokes for the best man’s speech at a wedding, many can use them but not everyone can make them up.  This is a resource that will enable those who don’t have the time or the imagination to devise good stories to find them and adapt them.  Through that we can help to bring secure practice with computers into the culture and normal practice of ordinary users.”


Dwayne Melancon, Chief Technology Officer at Tripwire, Inc.

“In my work on technology projects, I find myself spending a lot of time ‘translating’ technical aspects of information technology into language that is more easily understood by non-technical, business stakeholders. Stories and analogies are my preferred tools for this kind of translation so when I found out about the Project, I knew I’d found kindred spirits and was drawn in immediately.”


Andrew Moloney, Managing Director at Artisan Southwest Consulting

“Over the years of working in Infosec I’ve seen the same debates, approaches and rhetoric come from all four corners of the industry time after time. The Analogies project is different. In fact, it’s unique. It has the potential to drive a fundamental shift in understanding of the challenge not only within the industry, but in society as whole. It’s great to be able to do my part in achieving that.”


Sean Pollonais, Information Security Advisor at BD&F Information Security

“I am happy to be part of the Analogies Project because I believe that in all walks of life there are advantages in keeping secrets. The myriad methods used to protect those pieces of information serve as excellent analogies of what Information Security is trying to achieve in IT. They can also provide new paradigms for improving how data protection is approached.

The Analogies Project has made an excellent start in reaching out to businesses and establishing the appetite for the story of Information Security to be told to as many people as possible. I will be thrilled to have my stories contribute to this body of work.”


Tom Fairfax, Managing Director at Security Risk Management

“When I read through the analogies, some made me smile, and some made me think about something that has been central to my life for over two decades from a new perspective.  This is the type of initiative that changes Information Security from a chore to an enabler.  That must be a good thing!”


James Chappell, CTO at Digital Shadows

“I think it’s of critical importance that we security folks get *way* better at communicating and this is the only decent work I’ve seen in this area for some time.”


Thom Langford, Director Global Security Office at Sapient Ltd

“The Infosec community has struggled with finding a single, cohesive source of education and awareness aids that can be universally and effectively used to help people understand how information security affects all of our lives to one extent or another. Our industry desperately needs this single, go to source, of material that will helps us educate people in a way that avoids the traditional, classroom based teaching approach. The Analogies Project has very quickly become the obvious place to make this happen.”


Andrew Bycroft, Information Security Strategist, Advisor and Presenter at The Security Artist

“For many years I have used a combination of visual cues combined with analogies to help senior executives understand the importance of taking a risk based approach to information security and I was delighted to see “The Analogies Project” as the ultimate vehicle for delivering the same messaging to the general public. Everyone has some information that could be considered an asset worth protecting, thus information security is pertinent to everyone; now everyone has the chance to embrace a fascinating collection of easily relatable stories and factual anecdotes whilst learning how to protect their most precious assets.”


Andy Jones, Global Director of Information Security for Unilever

“The role of people in protecting information is often under-estimated in favour of technology and flashing lights. Engaging people in this topic is hard, but the Analogies project focuses on a universal  technique that has stood the test of time – story-telling.”


Matthew Martin, Sr. Information Security Analyst

“Upon completion of a recent Leadership Communications program at Harvard University, I had a desire to work towards making information security more easily understood universally. This was when I was exposed to the Analogies Project. It seemed like a perfect place for me to contribute, and work towards achieving my goal of demystifying information security. I am honored to be working on this project, and can’t wait to see the impact it has on the world.”


Javvad Malik, Senior Analyst at 451 Enterprise Security Practice

“In a world where information is rapidly becoming a viable form currency; securing this information has become a challenge of enormous proportions. No longer can protecting information be the sole responsibility of a few individuals, but rather there is a shared responsibility amongst the wider population. However, educating and raising awareness amongst the non-specialist community has always been a challenge for security professionals. The analogies project is taking a different perspective by not only by utilizing stories that seek to engage and inform users, but also by making these freely available. I look forward to contributing towards the project and seeing how it develops in the future. “


Anne Wood, Senior Consultant at Sysnet Global Solutions

“At university I studied Linguistics; the science of language. Throughout my degree we were reminded that how we communicate and the language we use can have a profound effect on how others respond to us. In my information security career to date, I have seen and heard on countless occasions from the industry the argument that the business doesn’t care or doesn’t understand why security matters or how it works. The challenge I see is that, as a profession, we are poor at translating our concerns into those of our colleagues, and in communicating the concepts that our industry lives and breathes every day. I have a passion for helping people understand security, and in doing so, seeing them become increasingly engaged with it and this is why I wanted to be part of the project. The Analogies project provides a mechanism to help break through these barriers by offering tangible, accessible images to security professionals that they can use to explain often dry and inaccessible concepts to their business partners.”


Constantina Katsari, Author / Historian / CEO & Founder at Teaching Portals

“I support wholeheartedly this new private venture that raises awareness of our collective past, while it provides concrete information on information security. The project is original, useful, practical and will certainly achieve wider impact beyond the strict academic domain.”


François Amigorena, Founder & CEO of IS Decisions 

“Without a doubt, a layered defense strategy consisting of technologies, procedures and policies has the potential to dramatically improve the security of any organization’s infrastructure.

I know from working closely with our own clients, that to achieve this, IT professionals must demonstrate to their organizations what vulnerabilities exist and how to limit these security risks. Whether speaking with senior executives to secure budget or educating the workforce on security awareness, clear and more effective understanding on security issues is sought through real-world examples or drawing parallels to real-world events.

The Analogies Project is a unique initiative that aims to help IT professional’s effort to communicate more effectively and provide them with a tool to thus implement better policy, better procedures or secure better technology.”


Keith Wilson, Former CISO at TIAA-CREF

“I am thrilled to support The Analogies Project in it’s mission to simplify the message around security and to help people relate to complex security challenges through simple and memorable everyday analogies that everyone can relate to. We use analogies inherently in our everyday lives as security professionals; but never really consider the power of these analogies and how they can be expanded upon to help people of all technical levels relate to the complex world of Information Security. Embracing these natural parallels through analogies will not only help clarify our message but it will also help make the core security messages easier to recall at that critical time when the security professionals are no longer in the room!”