A decade ago, I spent an amazing day on location in Manhattan shooting episodes of an early web series I helped produce called Trumpeter Swans. The star of the show was advertising legend Jerry Della Femina, along with host Kit Hoover, who you might know from Access Hollywood, where she sat next to Billy Bush for several years (ahem). You can still view the series on-line at http://techchannel.att.com/play-video.cfm/2009/3/12/Trumpeter-Swans:--Vintage-Ads.
The name of the show was inspired by David Ogilvy’s coined term for people who combine creative genius with inspiring leadership. “Wanted by Ogilvy and Mather,” the Master wrote once in an iconic ad, “Trumpeter Swans.” Today, if you visit my office, you will see Ogilvy on Advertising on my bookshelf adjacent to Donald Knuth’s volumes. I do this because I believe both works to be equally applicable in the pursuit of proper security for the enterprise.
So, OK – let me explain: We all know that technology, procedures, and processes are defined by CISOs to reduce cyber risk. One reason this risk is never zero is the unimaginable strength of our capable adversaries – Trumpeter Hackers, if you will. The other reason risk is not zero, however, involves the gap that exists between implemented controls and our reliance on humans to make good decisions. (And we all know what happens when we rely on human decisions.)
As a result, cyber security awareness programs now exist in every business, and these are typically controlled by the CISO team. Now, I do not know you, dear reader, but I suspect that if you have a CISSP, or an MS in CS, then I would bet that you absorb information a certain way. And dare I say that this might be different from how other employees ingest their learning: Programmers make lousy security awareness designers. This is not a controversial statement.
CISOs have thus begun establishing more creative teams for communicating their training messages to the company. And vendors have also taken note. Look at the wonderful security awareness videos available from my good friend Michael Madon at Ataata. His customers are being taught to make decent cyber decisions using modern visual methods. This shift to more creative cyber learning is one of the most exciting trends in our industry today.
As for my own contributions, I’d present to you Exhibit A: Charlie Ciso. Sketched each week by the great Mad Magazine Illustrator Rich Powell based on vignettes sent by two experienced professional cartoon writers – Ed Amoroso (uh, me) and Matt Amoroso (uh, my son) – the toon series is designed to deliver cyber messaging in a unique manner that can be ingested immediately by anyone. It’s a delight for Matt and me to work with Rich, and I hope you enjoy our results.
So, now: If you would like us to help improve your own security awareness program, we’ve begun to take commissioned Charlie Ciso requests from customers. One large enterprise, for example, wanted to improve their patching message, so we tailored some original content that showed Charlie recommending patches, culminating in a fun exchange with a janitor in the last panel next to a leaky water cooler (you can fill in the punch line). I personally help clients integrate the original cartoons into their programs.
Our pricing is still evolving as we take on our initial clients, but please drop me a message here on LinkedIn if you’d like to see the world-famous Charlie Ciso help bring your enterprise security awareness program to life. I cannot promise that the result will be as good as Ogilvy’s Trumpeter Swans ad, and I also cannot promise to deliver Billy Bush. But I can promise that you’ll have fun, and that the effectiveness of your security awareness activities will improve.
Give us a call.