Editor's Note: This is a guest Blog Post from Matt Beland, the Chief Security Officer at the law firm Davis Wright Tremaine LLP. Below is a description of his upcoming talk on "Selling Enthusiasm" at the Security Awareness Summit 10 Sep in Dallas.
Everyone's familiar with the old saying - "There are three things that matter in property: location, location, location." Well, in Security Awareness, we also have three things that matter - "communication, communication, communication". After all, the whole point of Security Awareness is communicating the things our users need to know - the threats, the tools, the responses. But communication is hard. Our users have their own priorities and interests, they're often awash in a sea of communication on dozens of topics - how do we make ourselves heard, and not just heard, but understood? The key is engagement. If you can get the user community engaged in the problem, hold their attention for just a few moments and then fill that time with valuable information, you can get your point across. Your communications must be focused, impactful, and hold the user's interest - without disrupting their day. A law firm is a challenging environment for effective communication. The audience is intelligent, interested, and engaged in the operation of the firm - but also determined, focused on their own productivity, and quick to dismiss anything they perceive as "wasting time.” If you can get your messages heard here, you can get them heard anywhere.
At the Security Awareness Summit, I'll be showing examples of programs that worked, and programs that didn't. We'll talk about the things that make these campaigns heard through the noise, and how the ideas behind them can be adapted to fit your needs. Most importantly, we'll also take a look at the metrics we use to measure our impact - and how that feedback shapes our campaigns for the next time. See you in Dallas!
BIO: Matt has over 20 years of experience in information technology, including 10 years in the legal technology industry. His areas of responsibility include all physical and information security operations, policy, regulatory compliance, incident response, training and awareness. Matt works closely with administrative departments and attorneys across the firm to assist with the reinforcement of strong policies and a culture of effective information security at Davis Wright Tremaine.