I have flown many times in my life, but I’ve never really known the difference between a Boeing 747, 787, or whatever the numbers are.
It’s not that I’m not interested in planes. I still look up in the sky when I see one flying overhead and ask myself where it’s coming from and going to. Flying is really a marvel of engineering, and it blows my mind every time I get on a flight.
You can enjoy flying without being an aeroplane nerd.
Airlines understand this too. Have you ever seen an airline advertise its planes by the type of engine it has, the suspension of the landing gear, or by the mechanism with which it connects to the passenger tunnel.
Sure, those things are important to some people, just not most people, who like me, are more interested in the food, the service, and the movies that are available.
I may sometimes pick up on small things in a plane, like the availability and position of a USB charging socket, or whether the fabric of the seat feels new. But beyond that it’s more about the experience. If I have a good overall experience, I couldn’t care less if the engine rolled off the factory last week or over a decade ago.
Why is any of this important and what has any of this to do with security?
Well, it’s more a case of user experience and understanding the people who are impacted by security.
It can be tempting to lead with facts and figures – choose a certain kind of password and a quantum computer won’t be able to crack it for 32 million years. This product is powered by machine learning, AI, and pixie dust. Or how you too can improve the security of the organisation is you read this 32 page single-spaced document.
Look, all of this is technically correct (the best kind of correct) but it’s like someone telling me how the new engine will cause 1.4% less turbulence on the flight. It doesn’t really mean much. I want to know what my experience will be like and how many hours can I expect to sit in my seat before the fasten seatbelt sign is illuminated again in preparation for landing.
Anyone that doesn’t work in security won’t really care about how many bits your encryption is hashing using AI. What they will care about is how security impacts their experience.
If we lead with thinking about their experience, things may be better.