First, I received them as a set 2 1/2 years ago at The Best Single Day Class Ever, what I call Tufte's class. Tufte's class and written work present a single set of ideas and some material is presented from multiple angles in several books. This makes it congnitively difficult for me to review them individually. Second, I did not treat them like other books I read, meaning I did not mark them with my own notes and underlining. Frankly the books are like works of art and it would pain me to mark them up! That makes it tough for me to review my reading process and withdraw comments suitable for a book review. Third, so many people have already reviewed the books that I did not feel I would bring any real novelty or domain expertise to the discussion.
Rather, for this post I wanted to share a few ideas I learned from Tufte that I try to keep in mind when communicating. Some of these are reflected in my earlier post, but I'd like to share what has stayed with me during these past 2 1/2 years.
- Do not let the medium define your message. PowerPoint culture is endemic in my workplace and in many others. Rather than considering the message to be communicated, too many people concentrate on what the PowerPoint "pitch" needs to look like. I don't exclusively mean appearance, although that is definitely a factor. I'm referring more to what bullets are supposed to reflect a message to an audience. Rather than leading with bullets, determine what message you are trying to communicate, then select a medium.
- Replace "presentations" with conversations. I avoid delivering lectures as much as possible. Nothing kills the spirit like receiving a stack of 300 slides. That "deck" represents a plodding, instructor-paced, predetermined path where questions are more likely to be interpreted as interruptions of the "flow" of the class. After seeing Tufte in action in 2008, I stopped teaching my two day TCP/IP Weapons School class using slides. The second and now third editions of the class have no slides whatsoever. Instead I teach with workbooks, labs, and unscripted question-and-answer interactions with students.
- Carry the burden or stay off the field. It is NOT easy to teach "Tufte style." Too many "presenters" and "instructors" fall into the seductive embrace of reading slides, facing the screen and not the students, hoping to get to the end of the pitch as soon as possible.
Instead, imagine walking into a room with 100 or more people, giving each a paper handout with some possible discussion topics, and then asking what they would like to know about the security field. That is just what I did at the FIRST conference this year, and from what I heard, people liked it. I'll say now that it was a somewhat scary experience for me to focus purely on conversation and not just march through a 30 slide PowerPoint deck. However, this is the sort of approach we need to see in the field. I don't recommend it for every talk, but if you're up to carrying the burden, give it a try!
- Seek data and graphic representations where possible. For me, this is probably harder than the previous point. Whereas talking in an unscripted manner is rough because of the mental gymnastics required, creating data-driven figures is tough because of the amount of preparation required. We struggle with this in our CIRT. We have thousands of data points but the collection, analysis, interpretation, and explanation of that information is much more difficult than I expected. As we add staff who spend less time fighting operational battles and more time contemplating the overall picture, I expect us to deliver the sorts of graphics that speak volumes to all sorts of audiences.
- When the available tools stink, make your own. Tufte did this by publishing his books himself. He did not accept the limitations of the publishers who claimed he could not include the novel features found in his titles. We've encountered similar issues at work where existing data collection tools were just not suited for our needs. Several very talented and motivated team members built and continue to build new tools to get the job done. This is even more difficult than the previous point because it requires anticipating the sorts of data needed to describe, explain, and improve security operations. I expect a lot of progress in this area in 2011.
That's my "applied Tufte" for 2010. Here's hoping he publishes another book soon. The best New Year's resolution you could make for 2011 is to attend one of his classes, even if you have to pay yourself. You get all four books with paid tuition -- real books, not slide decks!