Campaign for clear talking

Much of today was spent leading a workshop session for product management people on the subject of security and risk. The session went well and one particular point of feedback resonated: it was commented upon that the perception prior to the workshop was that it would be a day full of technical jargon for a technical audience and consequently attendence was under some duress. So, the person in question was pleasantly surprised to find that the topics were discussed at an easy to understand non-technical level and more suprised to actually learn something and take away some useful information.

Now – and hold on a moment while I get my soapbox out for this bit – talking up to non-technical stakeholders is pretty essential in my opinion if we want to ensure that security and risk are understood at a senior level. It’s where soft communication skills win over hard techie talk and I’ll be the first to admit that this is something that takes time to learn. I can chirp on all day about encryption algorithms, cross site scripting and denial of service attacks, and just watch the audience all reach for their blackberry’s simultaneously at only the third mention of the term “regulatory compliance.” What is wanted is some plain talking, business orientated discussion. In other words: here’s the problem, here’s a solution, this is how much it’s going to cost.

So, right here and now I’m kicking off my personal campaign for clear talking. No jargon, no technie twaddle. If we want to win the business over when it comes to security and get the right messages across, then clear talking wins the day!

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

While we're at it, can we make sure "clear talking" means no Dilbert-esque management speak either? I swear I'm going to have to throttle the next person who wants to "leverage the paradigm to acheive cross-functional syngery".
Quite! And please no more references to "Service Orientated Architecture" - but the best and most user unfriendly term I recently came across is: "production back-ends within purple networks"...
This plain talking issue is an annoyance and I think something to do with age. If your board or those in power are baby boomers - then a great deal of simplification will be needed. Sorry Chaps - but the old excuse of not understanding basic technical talk doesn't wash with me and is a no brainer. Sure one needs to be understood when trying to explain a technical process which will save money and improve efficiency for the business. However, as time moves on many of the young up and coming business executives will have technical knowledge - having grown up with computerised processes. Then we won't have to revert to 'babytalk' in order to convince stakeholders of the benefits of certain technical improvements.
A good point Tony. To some degree I concur with your opinion however, working within a large organisation where buy-in to security processes is not always readily achieved, getting the language right is the first step in the process. In my case, many of those people are publishers and content editors. They are all experts in their field but have little knowledge or even interest in mine. To some degree what I'm doing is a marketing pitch, so getting the language right is critical if I'm going to keep their attention.