AW: [WEB SECURITY] Talking to non-technical folks

christian.folini at post.ch christian.folini at post.ch
Tue Jan 20 01:24:02 EST 2009


Hey Prasad,

Just a brief statement here: Meet your audience where they are.
If they are not techies, then do not speak tech.

Instead, use only the most important tech terms and explain them
with examples from their every day life.

For phishing, you could use hard copy letters as example:
It's very simple to forge a return address on a hard copy letter.
It's hardly done in practise though, because for the scam to come
off, you need to send out a lot of forged letters and this adds up
to a lot of stamps. Now with emails, there are no stamps. That's
why you can send out as many forged letters as you please at
virtually no cost. ... You get the idea.

People seem to like numbers. But what they really love is
numbers embedded into stories. Be narrative and try to
dress your statistics and metrics in the story of people they
can link with.

regs,

Christian

-----Ursprüngliche Nachricht-----
Von: Prasad Shenoy [mailto:prasad.shenoy at gmail.com] 
Gesendet: Montag, 19. Januar 2009 23:31
An: websecurity at webappsec.org
Betreff: [WEB SECURITY] Talking to non-technical folks


Pardon me if this looks like an OT posting but I thought its best to get advice from gurus on this list rather than any place else. As the subject says, I am looking for some informative articles, reading material, experiences, quotes etc. to educate myself on communicating Information Security/Web Application Security to a non-technical audience in a way that would make sense to them.

Any references, personal experiences etc would be greatly appreciated.

Thanks
Prasad Shenoy

--
Ah! the joy of hacking....

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list