Edward Marchewka says he hears it all the time from his cybersecurity peers.
Especially when they are trying to get cybersecurity buy-in from the organization or the Board of Directors.
"People say, 'Oh, they don’t hear me, they just don’t get it.' Well, maybe it’s how you’re delivering it. Or, maybe it’s their ability to receive it."
It also could be both of these things.
Marchewka, who is the Director of Information Technology for Gift of Hope Organ and Tissue Donor Network, spoke at SecureWorld Chicago about using brain hacks to get cybersecurity buy-in.
We interviewed him after his session, and here are some of the key takeaways that he shared.
Brain hacks to get cybersecurity buy-in?
[SecureWorld] Let’s talk about the idea of "brain hacking" first. What do you mean by that?
[Edward Marchewka] So, what I mean by that is understanding how our brain naturally functions in order to get the results that we want. For instance, one of the easiest examples is, people think of the idea of being "hangry." And this affects all of us, from children to adults, and even our beloved board members.
And I’ve lived this before, where I’ve gone in to ask a CEO for one FTE. And it was like two o’clock, when my session was up, and we went in, the CFO and I, and just got obliterated.
Well, turns out, he missed lunch, and the guy before us asked for like 30 more people. And so it just didn’t work out. And the idea is, don’t present to a hungry board, don’t present to a hungry individual.
Because what happens is all of that reasoning, all of those good ideas that make us human, that make us really intelligent, happen in the prefrontal cortex. And that’s where you start to have those good decisions being made, where reasoning happens. Well, when you’re hungry, the reptilian brain, the limbic system, starts to take over. Those natural, lower level functions of "feed me, feed me, feed me, and I don’t care about anything else."
[SW] And you were mentioning to me a moment ago you often hear your peers say, "They just don’t hear me." But maybe it’s because of the brain, the way you approach it or something, right?
[Marchewka] Absolutely. There are three types of intuition within our brains. And so there’s ordinary intuition, which is just what you do. Think of like riding a bike, or have you ever driven home and wondered, how did I get here? Like you just do it, it’s something you naturally do.
Then there’s expert intuition. And that is, think of a firefighter. This takes hours and years of training. You know, even in the Information Security world, we can look at a report or look at a threat and be like, "Oh, this is good, and this is bad."
Then there’s the last, which is strategic intuition. This takes time, and it doesn’t happen in the moment. It happens all of a sudden, but maybe a month later.
Have you ever been in the shower and been like, "Oh my God! I just figured out this thing that I’ve been trying to do for the last month!" That’s your strategic intuition.
So what can happen is, when a new idea is presented to someone that has no idea what you're talking about, it’s not hitting their strategic intuition, because that takes time and it's going to hit afterwards.
They’re clearly not an expert, you’re an expert in it. So what they’re relying on is this ordinary intuition trying to build in or bridge different experiences. And when someone doesn’t have an idea, or a real clue, or details of what you’re talking about, they’re relying on this gut instinct and these bad bridges within the brain.
And so when someone goes, "We should do this, it's a really good idea," and someone goes, "Well, I don’t know," it is delayed, until later on when we start to build that strategic intuition and someone goes, "Hey, this is starting to make sense, I get it."
[SW] That’s fascinating. Alright. And what about the visual aspect of things? Why do you believe in visuals?
[Marchewka] So the visual cortex is the single largest system in the brain. And visual processes happen from the eye, through the thalamus, which is a part of the brain that’s about 11 centimeters across. So, if you just think about throughput, it goes through the thalamus and into the visual cortex for processing. Speech, what you say, goes through the amygdala, which is about 1.42 cm. A much smaller throughput.
So what you see is so much more important to your story than necessarily what you say. And so, the story that you can tell with a picture is much more valuable and much more impactful. You know, they say, "A picture is worth a thousand words," and it really is when you’re trying to present something.
But it can’t be too complicated, and when you start making people do mental math, or different tricks with it, it can become an overload. Then the brain shuts down and that reptilian brain, that "fight or flight" aspect, acts up with, "I don’t know, I don’t get it, I’m going away." And so, it’s fully understanding how the brain is going to interact with your presentation to get your point across.
Can these ideas help you get cybersecurity buy-in at your organization? You might need to think about that for awhile.