Category: Cybersecurity

Categories
artificial intelligence Cybersecurity Technical Communication

Optimizing Remote SME Interviews with Top Collaboration Platforms

Starting out in software documentation, the entire team would sit around a table and talk with the PM and divvy out sections of the project. Then we’d break off and scatter to do the work. My work entailed jumping around to those who held all legacy knowledge and expanding wisdom – the subject matter expert (SME). Reaching this group with their full schedules and meetings required a lot of flexibility in scheduling and note taking. Though I am an extrovert, and interviewing was one of my favorite parts of my job, I did wonder if taking notes and outlining along with any specific details that may have been missed while I was simultaneously writing and listening could have been streamlined.

My wishes were granted.  Though artificial intelligence has been around for a while, it’s only been within the last year that it’s really taken off. Advanced transcription tools and platforms designed for remote interviews have become available on a large scale. Along with the benefit of tools and platforms, attitudes about various perspectives and the inclusion of multiple voices have made the creation of products that serve everyone more accessible.

New Tools

AI-driven transcription and analysis tools have become more sophisticated, allowing for real-time transcription with higher accuracy. Tools like Dialpad and Otter.io provide either in-platform or ad-in services that offer advanced features like sentiment analysis and keyword extraction. These tools provide deeper insights from interviews. Greater detail in the transcripts can aid technical writers when adding more specific information to the documentation.

Reaching Out…Remotely

During most of my freelance work, I became used to the video conference platforms (but I know everyone got a crash course in 2020!). Being familiar with Zoom or Microsoft Teams allowed me to easily interview SMEs from anywhere. Now with the shift towards remote and hybrid work environments having accelerated, making virtual SME interviews more common. Platforms and tools have been specifically designed or updated for remote interviews, now offering better video and audio quality, seamless scheduling, and integrated collaboration features. Google Meet and Zoom both have collaboration and scheduling options.

Options to include chats to interview SMEs have also been considered.

Listening to Everyone

Within the last few years, there has been an increased emphasis on ensuring diverse and inclusive representation in SME interviews. Organizations are more conscious about involving a wider range of experts from different backgrounds, ensuring a broader spectrum of perspectives and experiences are documented. Interviews can be extended to the employees outside the usual user-group to test the software and review the documentation. User acceptance testing of the software may include an evaluation of the documentation and provide a different perspective on written assumptions.

Categories
Cybersecurity

Implementing Data Privacy Policies: Key Steps and Procedures

Through my experience with security assessments, it was most often policies that prevented the controls from being fully implemented. Documentation, like policies, that focuses on protecting personal information from unauthorized access, use, or disclosure can assist with addressing any gaps in security plans.

Policy sets expectations clearly.

Policy addresses how data is collected, used, and protected. Stakeholders, users, and employees can be made aware of the security risks through review and acknowledgement of these policies.

What should be the first policies?

Organizations need to begin with general policies that address privacy, data retention, and access control. Guidelines that state how data is to be collected, used, and protected as well as how long the data should be kept will provide a basis to build other policies.

Topics include:

  • Encryption to protect data in transit and at rest
  • Limiting access to authorized personnel
  • Using role-based access controls
  • Implement multi-factor authentication (MFA)
  • Set standards around user passwords
  • Remove or obscure personally identifiable information (PII) to reduce risk of exposure
  • Data minimization to collect only necessary information for a specific purpose
  • Data retention

Training and Awareness

Through documenting policies, organizations can further define and create a training and awareness program to educate employees on data privacy policies, security best practices, and the importance of protecting personal information. These policies, along with any training, regularly remind employees of their responsibilities regarding data privacy and security.

Response Procedures

A breach notification policy is needed to ensure notification to affected individuals and regulatory authorities in the event of a data breach. Along with policies, procedures would need to be developed. Among these would be an incident response plan for responding to data breaches and other security incidents.

Categories
artificial intelligence Cybersecurity

AI in Technical Writing: 3 Ways It Disrupts the Process

I am greeting Artificial Intelligence into my technical writing world with open arms. Truly, it’s been the companion on my writing journey that I’ve been looking for since I started writing in the early 2000.

With this innovation, documents can be customized and written with fewer errors. I know that these options have always been possible with some current platforms (like Madcap Flare, RoboHelp, Clickhelp) and a team of subject matter experts (SME) to review. But why not let the robots be helpful assistants?

Automate Content Generation

If we can let the robots help with creating first drafts from initial SME interviews or from data that already exists and verify that the tone and style are consistent, this reduces editing and proofing time. With this, the document development life cycle could move into the second draft phase quickly and allow for greater turnaround and more timely releases.

Enhance Content Accuracy

By using AI and conducting grammar edits more effectively (think: Grammarly), it will take less time to get to the final product. Add to this that once the documentation is written and compiled, if needed, AI will translate the content for a global audience that ensures consistency and technical accuracy (like Google Translate).

Improve User Experience

AI provides users and customers with a better experience as well with interactive documentation and personalized content delivery. Additionally, these tools analyze user interactions with the documentation and identify areas of improvement where writers can expand the content to help users better understand it.

With AI taking care of the basic reviews and verification of current information, it would allow for more time for customization, learning more about the products themselves, working closer with subject matter experts and researchers, and spending time in testing new, more innovative products.

A Better Companion

Through providing efficiency, consistency, and customization using automated content generation, in-depth reviews, and the ability to improve the user experience and engagement, AI can prove to be a great fellow traveler on the road to creating more accessible documentation.

Categories
artificial intelligence Cybersecurity

Technical Writers vs. AI: Unveiling Unique Human Capabilities

AI is designed to perform specific tasks and answer common questions based on its programming and the information it has been provided. So, at its core, the reason AI will not replace technical writers is that AI cannot think independently.

It seems that there will always be a need for writing and documentation due to the fact that technical writers prioritize understanding and underlying needs over technology itself. We are always looking for more efficient processes and approaches to convey what users need to know.

AI is a tool.

Artificial intelligence is like any other writing device, like a computer keyboard, digital notebook, or a pen and paper; it simply makes writing easier. And like past technological advances – home computers, iPads – didn’t replace writing.

However, an implement of writing cannot replace the ability to be creative, utilize experience, think critically about a project, or communicate effectively. These assets belong exclusively to human writers.

Technical Writers understand people AND process

Technical writing is still about understanding – understanding designers, and developers, and having empathy for the users.

AI will not:

  • Attempt to understand the process
  • Show feeling for those reviewing documentation
  • Perceive the significance of a certain piece of information
  • Determine which parts mean more than any other.

Technical Writers will:

  • Distinguish what is to be included to make user-friendly documents
  • Reflect the voice of the organization
  • Ensure consistency
  • Solve problems quickly regarding information
  • Be user advocates
  • Adjust to any changes

Most notably of all of these is that technical writers are adaptive. Writers can recalibrate interview questions or modify documentation as needed. When interviewing SMEs or surveying users, this adaptability is crucial to providing a product that is accessible. Technical writers have the ability to take an answer or interview question and expound upon it to pull more information from the interviewee. AI can only rely on legacy information to predict the responses.

Categories
Cybersecurity NIST

Adapting Technical Writing Skills to Evolving Cybersecurity Fields

Technical writers by their very nature excel at research, organization, and communication. Cybersecurity documentation includes all of these aspects. The main directives of the National Institute of Standards and Technology (NIST) are to “identify, protect, detect, respond, and recover and aid organizations in their effort to spot, manage, and counter cybersecurity events promptly.”

I was first introduced to the NIST framework on a freelance assignment with a cybersecurity agency. I spent the next two years working with them and their clients to document the assessment process. I found the framework interesting because it could be customized based on the organization, and depending on the company, the depth of adherence depends on how strict the company wished to be with the control standards. It was that flexibility and opportunity to find the weaknesses and then create a plan to remediate those deficiencies that appealed to a documentation specialist.

Tapping into a technical writer’s innate abilities to research, organize, and communicate information, writing around this framework is a natural fit. The assessment process began with the engineer’s evaluation of internal systems and concluded with interviews to document the findings. At this point, the technical writer provides a report from the meetings for remediation steps, and any subsequent documentation (incident response, risk assessment, disaster recovery, etc.). Technical writers act as a bridge between technical experts and non-technical stakeholders, ensuring that security policies, procedures, and risks are clearly communicated.

Processes always involve documentation. Usually, policies and procedures that include complex concepts, protocols, and technologies. Additionally, it requires that each control be broken down into clear, understandable instructions. The complexity of this information requires tailoring content to different audiences, whether they are IT professionals, management, or end-users.

As a technical writer, I find assessments and cybersecurity fascinating because they are rapidly evolving fields. These fields require a documenter to learn at the same pace as well as understand the new tools and technologies which will ensure that documentation is relevant and accurate. Those with extensive experience in the technical writing fields see this constant evolution as a great challenge since they have strong research skills and can keep content current with the latest threats, technologies, and best practices.