I have been distracted lately. By lately I mean 3 years! That’s some distraction you’re thinking!? It’s meant that I haven’t added anything to my blog for a long time. But I’d like to think that I’ve been able to add something to the industry debate on the metaphorical elephant in the room. By this I mean the most advanced and persistent threat in the information security domain …… people.

Nearly 4 years ago I started research into the root cause of the people issue that the industry was reluctant to tackle without the use of more technology. My research identified a lot of causes behind the malaise and lack of progress being made with the security industry’s audiences. Some of these causes security professionals will recognise, some they may not and some I suspect they definitely would not have considered. Some of these will be welcome insights and others will ask serious and probing questions of us as individuals but also the industry more broadly. I’ll be sharing my findings , with you, through my blog, key notes, workshops and my coming book “Discretionary Effort”.

Part of what I learned from over 600 hours of research highlighted why my personal use of  analogies, when communicating with audiences, from the Board to the reception, has been such an effective tool. I call this The Science Behind The Analogies Project. When I realised this it inspired me to establish The Analogies Project its self as a means to leverage the power of analogy to help better engage and influence audiences on the subject of information security.

The Analogies Project was established 3 years ago and it has maintained gradual momentum and growth. It’s focus has been the building of a library of information security analogies, drawing security and non-security folk together and promoting the potential that analogies can bring to influencing positive security behaviours.

The Analogies Project now has contributors from around the world, writing in 7 languages, drawing on their own local environment and experiences to find information security analogies and share them with the broader security community. They all share a common understanding of the challenges and an openness to the need for new ideas and a belief that telling the infosec story by using a context your audience knows and understands is far more likely to prove successful if you intend to engage and influence people effectively.

So you see. I’ve not been sitting on my hands all this time!

Have you found that you resort to using analogies when trying to explain something to someone? Have you got any favourites that you turn to time and time again? If you have one that’s related to information security, we’d love to hear it over at The Analogies project! Maybe you’ve heard an analogy recently that really DID IT for you… let me know in the comments.