The infosec pitch

A couple of days back I blogged about being more concise and focused in my writing. Today, with that in mind, I wrote the 'elevator pitch' on cyberinsurance. The whole point of the pitch is to get straight down to business so normally we manage to squeeze the key awareness message/s into about 150 words. 

This month's pitch is just over 100 words (700 characters) and I'm wondering how far we could squeeze it if we really tried. It is feasible to sum up, say, cyberinsurance in a single tweet?

Well, yes, I'm sure we could concoct a message of less than 141 characters ... but why? Are people honestly so snowed-under with information that they can only spare us a few brief seconds? 

Advertisers face the same issue, hence those lame tag lines we see/hear so often (in NZ anyway) tacked on the end of the ads - things like "The real thing" and "I'm lovin' it". They've reduced the message to the point that virtually all meaning is lost. They have become symbolic rather than literal. The primary purpose is not to express anything so much as to trigger brand recognition. I bet you know which products those tag lines are associated with, right? Ker-ching!

Advertising is different to security awareness, although we have a fair bit in common. We can't rely on monotonous, ad nauseam repetition of our awareness content - or can we? Actually, we can, but at a deeper level than commercials. Beneath the superficial layers, we are constantly circling around and refreshing core messages about information risk, security, privacy, governance, responsibility and so forth, important concepts and principles underpinning all that we do. In a sense, the rest is just fluff to fill the screen.

As to tweeting, Donald Trump is kindly conducting a live experiment for us right now. He's certainly getting plenty of coverage: his tweets generate a surprising number of column-inches, although a lot of the reporting and commentary seems distinctly cynical or sarcastic. Is it meaningful communication? I'm unconvinced.