Using Anecdotes in Security Training

The skill of storytelling is one of the most successful methods of conveying a message. Public speakers, teachers, and mentors draw on personal experience to relate to their audiences. Performed with skill and confidence a story can enhance training by making tasks teachable and relatable to the audience. However when the message is misrepresented or poorly delivered with bad storytelling, the messenger becomes the focus as they lose credibility and the good message is obscured.

Storytelling for the purposes of this article does not necessarily mean creating a work of fiction or spinning a tale. The term storytelling is used as an example to assist with creating a logical flow of tasks conducted to complete a function. For example, a bad story teller may say, “protect classified information or else you could be fired or worse.” A good story teller will convey the task of introducing, using, storing, and destroying classified information throughout its lifecycle in a logical sequence. They could do so with such relevance that it is easily applied within the company culture.

The Story Setting

The speaker who speaks with or trains and audience of peers or having similar skill sets, gain almost instant credibility. The same profession, the same topic, and the same faces most often makes it unnecessary to cultivate a relationship from scratch. Everyone already has something in common as they share like interests. This setting can occur in a professional organization or club where everyone has a similar skill set or hobby.

On the other hand, a speaker who discusses topics to an audience of various expertise may have a harder time relating to their audience. For example, a college night school teacher may have an audience of skilled laborers of various disciplines and the only thing they have in common is the text book. In these instances, the speaker relies on their expertise in the subject matter and anecdotes to make the subject material relevant or teachable. It would be ridiculous for this speaker to try to engage in a topic they know nothing about. They will simply lose credibility the first time they misuse an anecdote.

Applying Story Telling to NISPOM

Beyond supporting a common corporate culture, a Facility Security Officer (FSO) could have difficulty conveying a message of protection to those who use classified information for a more specific purpose if they do not discover common ground. While the FSO is an expert at NISPOM, the engineer or practitioner is an expert at how the classified information is used. So what can an FSO do to create common ground and use that common ground to develop training anecdotes?

I’ll use a personal story. A few years ago I was invited to speak at an NCMS local chapter event. I wanted to discuss program protection, but went in heavy on explaining National Industrial Security Program Operating Manual (NISPOM) requirements. The briefing charts I developed just dripped with NISPOM requirements and I used the requirements to demonstrate the application and need form program protection planning. I thought I had a good presentation, but wanted to verify with a colleague.

His assessment was truth, but not what I wanted to hear. His explained that my message was wrong and I risked losing my audience. What I had inadvertently done was assert myself as a NISPOM expert when in reality I should be showcasing my program protection experience. He rightly pointed out that the room would be full of NISPOM experts that could argue any NISPOM topic interpretation to the detriment of my presentation. He further explained that the NISPOM could be our common ground, but the majority of the presentation should reflect my program protection expertise and get buy in on NISPOM interpretation. Thankfully I listened, resulting in a successful presentation and great question and answer sessions.

Establishing Credibility

FSOs are the experts at NISPOM and how to apply the classification management guidance at the cleared contractor facility. Cleared contractor facilities are required to designate a capable person to conduct the duties of the FSO. This can be interpreted as the requirement to pick an existing employee to perform the additional duties as an FSO. It can also be interpreted as the requirement to hire an additional person to conduct full time duties as an FSO.

Appropriate message

The primary purpose of the FSO should establish their credibility with applying NISPOM guidance to the defense contractor facility. In some situations where the FSO is a designated task bestowed upon an existing executive, engineer, or other professional, the FSO may be an expert in the development of a weapon system. They are an expert in the weapons system and may be able to beautifully weave security anecdotes into the fabric of weapon system development. In this situation, it would be a mistake not to showcase the expertise as a system engineer to relay the importance of apply security task to protecting classified information on the specific system. Every attempt should be made to discuss intimate details of performance, cost, and schedule and convey the security message while doing so. Being an expert in security and weapon system development and telling the story accurately using technical language and engineer speak will help fellow weapon system designers better apply security to protect classified and export controlled information.

On the other hand, a non-technical FSO attempting to lecture the engineer on specific details of the unfamiliar task of developing software would not be wise. Any attempt to do so could result in loss of credibility as terms might become misused or tasks communicated in a way to insult the professional. In this case the non-technical FSO could conduct security training and security tasks with the frame of reference that they are the experts at NISPOM guidance and the engineers are the weapon system and development experts. Together as a team they can develop an effective security program to protect classified information.

In the second scenario the FSO can establish credibility as a security expert and create captivating stories using the common ground of working in a cleared defense contractor facility and the facility’s core culture. Where the audience is made up of scientists and engineers, there is no need for an FSO to attempt to discuss areas they are not an expert in. This could unfortunately provide an opportunity for the audience to argue the FSO’s level of understanding of the weapon system outside of the scope of the security discussion.

The art of storytelling should be used in communicating the security message to help make it easily digestible to cleared employees. Storytelling is simply finding and using common ground to establish training or develop a culture in a relatable and logical flow. This is a great skill to practice and develop to help implement security programs to protect classified information.