In the course of sorting out the license formalities for a new customer, it occurred to me that there are several different ways of reading stuff:
- Skimming or speed-reading barely gives your brain a chance to keep up with your eye as you quickly glance over or through something, getting the gist of it if you're lucky;
- Proof-reading involves more or less ignoring the content or meaning of a piece, concentrating mostly on the spelling, grammar etc. with a keen eye for misteaks, specificaly
- Studying is a more careful, thorough and in-depth process of reading and re-reading, contemplating the meaning, considering things and mulling-over the messages at various levels. In an academic setting, it involves considering the piece in relation to the broader field of study, taking account of concepts and considerations from other academics plus the reader's own experience that both support and counter the piece, the credibility of the author and his/her team and institution, the techniques and methods used, the implications and so forth. To an extent, it involves filling-in missing pieces, considering the things left unstated by the author and trying to fathom whether there is meaning in both the gaps and the fillings;
- Plain reading could involve the other forms shown here, or it may refer to any of a still wider range of activities including personal variants - for example, I like to doodle while reading complex pieces in some depth, typically sketching a mind map of the key and subsidiary points to help fathom and navigate the structure. I add icons or scribble cryptic notes to myself about things that catch my beady eye, or stuff I ought to explore further, or anything surprising/counterintuitive (to me). I link related issues using lines or asterisks. I highlight important points. Sometimes I just make mental notes, and maybe blog about them when my thoughts crystallize...
On top of all that, there are many different forms of information to 'read', such as:
- The written, typed or printed word on paper (of various kinds) and/or on screen (in various formats);
- Diagrams, pictures and figures including those mind maps, sketches and icons I mentioned plus more formalized diagrammatic representations, mathematical graphs, graphics and infographics, conceptual diagrams or 'models', videos and animations, artistic representations etc.;
- The spoken word - presentations, seminars, lectures, conversations and many more, often supported by written content with words and diagrams plus (just as important) body language and visual cues from the people involved and the vicinity (e.g. a formal job interview situation in a stark office is rather different to a coffee-time chin-wag in a busy cafe);
- 'Situations' - it is possible to read situations in a much more general hand-waving sense, taking account of the broader context, history and implications, even if there are no words, diagrams or even expressed language;
- Language styles: stilted, formal language, especially that containing obscure words, terms of art and narrowly-defined meanings, is clearly different to everyday language ... or tabloid journalism ... or songs ... or casual street chat ... or ...
... which (finally!) brings me to my point. Security awareness and training content can support any or all of the above - in fact, the NoticeBored materials do, quite deliberately. The reason is that our awareness and training content is not addressing an individual but a diverse group, a loose and mysterious collection of people in all sorts of situations. Although we identify three specific audiences (staff, management and professionals), that's really just for convenience to make sure we cover key perspectives: those are not exclusive groups (e.g. a professional manager is also 'just another employee', hence all three streams may be relevant), nor are they totally comprehensive (you, dear blog reader, are probably not yet a customer, maybe not even employed in the traditional sense, just a random person who stumbled across this piece or NBlog).
Stirring the pot still further, an individual reader may have a preferred way of reading stuff but the details will vary according to circumstances. We expect different things when reading a contract, a newspaper or a blog, and we read them differently. We might skim-read a heading on a piece and move on, or continue reading in more depth, or make a mental note to come back to it later when we have more time and are less tired and emotional. Some of us gravitate towards the index or contents listing, the headings and subheadings, the diagrams and figures, the summary ... or flick from chunk to chunk perhaps following hyperlinks ... or simply start at the very top and work our way systematically to the bitter end.
Bottom line: it pays to consider the readers when composing and writing stuff, especially in respect of awareness content since reading is almost entirely optional. If we don't provide value and interest to our diverse audience, and on occasions evoke an emotional or visceral response as much as a change of heart or behavior, we're going nowhere. We've lost the plot.
Oh yes, the plot ... must dash: work to do on the 'detectability' security awareness materials for April.