Welcome to the SecAware blog

I spy with my beady eye ...

16 Mar 2017

NBlog March 16

Distracted by some amusing mathematically-inspired comments from friends relating to Pi-day, I've stumbled across an infamous article about the magic number 7, originally published back in 1956 by George A. Miller, a cognitive psychologist.

Not being a cognitive psychologist myself, I skimmed through it ... but the final few words caught my eye: George said "I suspect that it [meaning the obsession with 7] is only a pernicious, Pythagorean coincidence".  What a nice way to put it! 

If you too are not a cognitive psychologist, you might find the Wikipedia version more accessible.

It is often suggested that we should stick to 7 things when presenting in the sense that 7 is allegedly the most points we should expect an audience to appreciate and hopefully remember. It could be called an urban legend. Some people say the magic number is 5 or 3 or 10 ... so I guess the more general version is is "a small number" or "a handful" of things, and that's fine by me (assuming an audience lacking in savants anyway!). 

That's not all though. There's more to this than the number of things, which usually equates to the number of bullet points on a slide or a paragraph in a document. Their complexity, length and content all matter, along with things such as the font, font size, color and contrast. 

Or to put that another way, the things that matter are:
  • Their complexity
  • Their length
  • Their content
  • The font
  • The font size
  • Color
  • Contrast
If you've ever suffered through presentations or reports prepared by inept presenters and authors (and who hasn't?!), you'll know what I mean. Anything can be reduced to a handful of bullet points, a simple list format, but that's not necessarily a good idea. Like all things, it's best in moderation.

Sometimes, for instance, it is important, necessary or worthwhile to expand on the detail and explore the subject in more depth than is feasible or sensible for bullet point lists. In place of this very paragraph, I could have added another bullet to that list above, perhaps something like "Level of detail" or "Depth" ... but it's not immediately obvious so I prefer to explain it. Looking back, several of those bullet points are distinctly ambiguous. What did I really mean by "Their complexity"? Complexity in what sense?

Already we see that the urban legend about sticking to "about 7 points" is decidedly lame and potentially misleading. 

It gets worse still if you accept that the context is at least as important as the content. A novice presenter who flatly reads out the words on the slide is adding no value, destroying it in fact since the tedious monologue is distracting: the audience is generally better-off reading and contemplating the words without the presenter's drone. The opposite applies too: if the presenter goes off at a tangent, that creates a dissonance between the spoken and written words which again can be distracting and confusing.

So far I've only been blabbering on about the style or manner of the communication. Its content is also an important factor, and the audience another. It's easy to cover something simple and superficially with a few bullet points. Not so easy to cover quantum cryptography, for a topical example. Depending on the specific audience, they may: 
  • Not know the term 'quantum cryptography' at all, having never heard it before
  • Have a vague idea about it, a crude understanding, incomplete and possibly inaccurate
  • Know it quite well
  • Be experts, quite possibly more expert than the author or presenter.
This whole blog piece may be quite narrow and obscure, but I'm getting at some of the factors we take into consideration when preparing what we hope are effective and valuable security awareness materials. There are other factors too, and maybe one day I will pick up and continue this thread. If you'd like that (or equally if not!), please comment below. What aspects would you like me to go further into? What are your challenges in this area? What advice would you offer to those preparing security awareness content?


No comments:

Post a Comment