I am working on a paper on the use of metaphor in the Information Security industry. While the paper isn’t out yet (still in review), I did do a preview at the Secure360 conference last month. I finally got around to prepping my recording and getting it up on YouTube. The sound quality isn’t the greatest, but I think it’s good enough.
Here’s the original description:
There is a divide between the so-called “security/technical” people and the “business” people. We’ve all heard about how we need to “speak the language of business” and “get soft skills” to succeed. However, even after decades of trying, the divide still exists. Why does it seem that we never make progress? Are we truly not improving? Is the goal receding as we chase it?
This presentation posits that we’ve been making a fundamental error in trying to explain things to people outside our field. One thing that people-oriented people do naturally and technically-oriented people do not is communicate with others using the target’s metaphors. By taking this approach and translating issues into different frames of reference, more time is spent exploring the issue instead of arguing over why it matters.
By focusing first on being understood and second on the specific issues, rapport can be built and, over time, you can get the resources you need to win more battles.