The Saga Framework
A communication framework for security professionals who want their work to be understood, remembered, and acted on.
The Saga Framework is a storytelling methodology I designed to help security teams translate technical findings into narratives that decision-makers can follow, retain, and act on.
Most security intelligence fails not because it is wrong, but because it is forgettable. Dashboards blur. Spreadsheets fade. Critical warnings get buried under competing priorities. The Saga Framework closes that gap by anchoring communication in the oldest and most resilient cognitive system humanity has ever developed: myth.
This is not a metaphor exercise. It is a structured, evidence-based methodology built for practitioners who need credibility and clarity to coexist.
What’s Inside
A full whitepaper walking through the Saga Framework's foundations, methodology, and applications
The Seven Archetypes with framing templates, real-world case studies, and practical exercises for each
The Mythology Dial, a calibration tool for adjusting narrative intensity to match your audience
Applied playbooks for incident response, risk reporting, security roadmaps, and executive briefings
Worksheets, a guided mini-workbook, a 15-minute quick path for urgent situations, and a technical-to-Saga cross-reference for practitioners new to the framework
Who It’s For
Security leaders (CISOs, VPs, Directors) seeking to influence boards and executives
Practitioners (engineers, analysts, responders) who must frame findings for leadership
GRC and risk teams presenting to auditors, compliance committees, and executive stakeholders
Educators and trainers building awareness programs and security culture initiatives
Anyone who believes that communication is as critical to security as the controls themselves
Why I Built This
After years of watching excellent security work fail to land, I became convinced that the problem was rarely technical.
Great programs stalled because executives could not see the story. Important findings were ignored because nobody understood the stakes. Brilliant engineers struggled to influence decisions because their message got lost in translation.
I built the Saga Framework to answer a question I kept coming back to: what if security professionals were taught to communicate like storytellers? What if incidents, audits, and risk assessments were structured as narratives instead of bullet points?
The framework is my attempt to bridge the gap between technical depth and executive understanding, without sacrificing the rigor that makes security communication credible in the first place.
What This Shows About How I Think
This project reflects how I approach security leadership and communication design:
Communication is a core security control, not a soft skill
Adoption and influence matter more than technically perfect documentation
Story is one of the most powerful tools available for driving organizational change
Security succeeds when strategy, execution, and communication are aligned
The Saga Framework sits at the intersection of security, cognitive science, and systems thinking. It is published under Basilisk Security Consulting and represents the methodology behind my Cyber Lorekeeper work.
Explore the Framework
If you are interested in experimenting with narrative as a security leadership tool, you can download both the full framework and the Practitioner's Toolkit below.
I welcome feedback, comments, and collaboration. Each document allows inline comments, and I am always glad to hear how others are adapting the archetypes in their own programs.