Share these talks and lectures with your colleagues
Invite colleaguesResearch paper
The curse of knowledge can damage awareness programmes: Here's how to defeat it
Cyber Security: A Peer-Reviewed Journal,
6
(4),
311-319
(2023)
Abstract
Now, more than ever, cybersecurity professionals need their messages of security to reach the people who work for their organisations. But a phenomenon known as the ‘curse of knowledge’ may be standing in their way. This ‘curse’ – knowing so much about a subject that explaining it to beginners is difficult – plagues many human risk programmes, according to industry reports, and can actually damage programmes and negatively affect the credibility of those who run them. This paper shows how cybersecurity practitioners can overcome the curse of knowledge by examining its destructive path and identifying key steps to manage it. Techniques like removing certain terminology from cybersecurity messaging and tools like the De-Jargonizer can bring practitioners in line with their audience and lead to successful programmes and more security for organisations.
Keywords: human risk; cybersecurity awareness; awareness programme; terminology; cybersecurity messaging
The full article is available to subscribers to the journal.
Author's Biography
Kerry Tomlinson is a cyber news reporter and editor-in-chief of Ampere News, a news organisation with a mission of translating the world of cybersecurity for people of all technical skill levels. She worked as a television news reporter for three decades, winning multiple Emmy awards and going undercover for investigative stories. She gives more than 40 talks a year, and spoke at RSA 2022, the 2022 Industrial Security Conference in Copenhagen, and the 2022 Industrial Cybersecurity Center Congress in Madrid. She is a certified security awareness professional through the SANS Institute and has authored a paper on how to create an industrial cybersecurity awareness programme.
