Talking Out Both Sides of Your Mouth: Streamlining Communication via Metaphor
As Security is a relatively new field, we are still learning how to communicate what we know with those outside of it. When communicating with non-experts, we often fall back on simplification and analogy to make our points understood. These techniques are fundamentally based on metaphor.This paper explains how metaphors are classically used, drawing on works in the field of linguistic philosophy, communication theory and neuro-linguistic programming. It then explores classic metaphors used within the Security community, analyzing publicly-available incident reports. Finally, the paper proposes some techniques that can be used to discover metaphors that are likely to work, thereby streamlining communication with those outside the field.This approach can make it easier to convey issues related to incidents quickly and accurately. It can be useful to streamline resource acquisition to implement technology or processes to prevent recurrence. It can be used to help educate junior co-workers and to report to management. Fundamentally, the proper use of metaphor can dramatically shorten communication cycles and free up time for action.
34365 (PDF, 2.18MB)
4 Oct 2013Related Content
SANS 2025 Security Awareness Report
Research PaperNow in its 10th year, the SANS Security Awareness Report remains the definitive, practitioner-built resource for understanding and managing the human side of cybersecurity.
- 12 Aug 2025
- Lance Spitzner
Be a DLP Hero: How to Quickly Deliver Value from Your DLP Program and Set It Up for Future Success
Research PaperDownload this paper and learn how to launch or strengthen your data loss prevention (DLP) program.
- 3 Jun 2025
- Kevin Garvey
Resiliency and Business Continuity in the Cloud Era
Research PaperIn this white paper, Dave Shackleford unpacks today’s evolving cloud threat landscape.
- 21 May 2025
- Dave Shackleford
SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape
Research PaperThis paper explores results from the SANS 2025 CTI Survey, with insights into how cybersecurity...
- 20 May 2025
- Rebekah Brown, Andreas Sfakianakis
Collaborative Mobile App Security Development and Analysis
Research PaperIn this tactical, insight-rich review, Jeroen Beckers shares how to overcome mobile app security challenges and modernize your testing with Corellium’s virtual device platform—built for real-world conditions and faster results.
- 19 May 2025
- Jeroen Beckers
A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments
Research PaperLog fidelity is crucial for Incident Response Teams to investigate and contain cyber incidents but can be difficult to optimize in containerized environments.
- 17 Apr 2025
- Zach Salva
ARMO’s Behavioral Cloud Application Detection and Response (CADR) Platform
Research PaperThis paper explores how ARMO Platform is attempting to solve the challenge with the industry’s first behavioral cloud application detection and response (CADR) product.
- 18 Mar 2025
- Moses Frost
ASPM: Understanding the New Application Security Landscape
Research PaperMalicious actors continue to prey on the challenges of rapid software development cycles and cloud computing adoption. This paper examines where an application security posture management (ASPM) solution comes in.
- 18 Mar 2025
- Chris Edmundson, SANS Institute
2025 ICS/OT Cybersecurity Budget: Spending Trends, Challenges, and the Future
Research PaperThis white paper explores the findings of the 2025 SANS Survey on ICS/OT Security Budgets.
- 3 Mar 2025
- Dean Parsons
Empowering Responders with Automated Investigation
Research PaperThis white paper investigates how Binalyze’s AIR platform reduces the overhead of forensic investigations by automating the process of collecting artifacts, triaging the data, and identifying next steps.
- 18 Feb 2025
- Megan Roddie-Fonseca
Google SecOps: The SIEM’s Third Act
Research PaperDiscover how SecOps is ushering in the "SIEM's Third Act" by addressing the limitations of traditional SIEMs and empowering security teams with cutting-edge tools for threat-informed defense.
- 21 Jan 2025
- Mark Orlando
Unveiling the Dependency on Network Telemetry: Optimizing Lateral Movement Detection
Research PaperThis study investigates the dependency on network and endpoint telemetry for identifying lateral movement attacks, focusing on the Remote Services technique from MITRE ATT&CK.
- 17 Jan 2025
- Kyu Jin Therrien
Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success
Research PaperThis paper defines one method of network security monitoring in an organization to find these existing indicators.
- 7 Jan 2025
- Cory Keller
Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords
Research PaperAs digital threats grow increasingly sophisticated, traditional password-based authentication systems are proving inadequate, leaving enterprises vulnerable to phishing, credential stuffing, and other cyberattacks.
- 23 Dec 2024
- Rich Greene
Protecting the Poor: A Deep Dive into EBT Skimming and Solutions to Combat It
Research PaperThis paper examines why EBT cards are vulnerable to skimming and explores potential preventive measures.
- 23 Dec 2024
- Anthony Vespa
Metrics-Driven Information Security Framework as Part of Information Security Management
Research PaperThis paper presents a model of creating an actual accurate metrics-based security reporting model that is tied closely to the security management model used at the company.
- 22 Mar 2022
- Kirill Filatov
Denial of Service Deterrence
Research PaperDenial of Service has been a very useful practice for attackers and continues to remain prevalent...
- 1 Apr 2015
- Ryan Sepe
Practical El Jefe
Research PaperEl Jefe is open source process monitoring software for Windows. With this tool, incident handlers...
- 31 Mar 2015
- Charles Vedaa
Using Influence Strategies to Improve Security Awareness Programs
Research PaperEven companies with extensive, well-funded security awareness programs fall victim to attacks...
- 25 Oct 2013
- Alyssa Robinson
Information Risks and Risk Management
Research PaperThis brief will cover the various exposures that companies now face as they increasingly rely on...
- 1 May 2013
- John Wurzler