Are your communication skills holding your information security career back?
Learn Reporting and Communication
In this course, five videos take you through the details of reporting and communication. This skills course covers
FREE role-guided training plans
⇒ Post-report activities
⇒ Report writing
⇒ And moreStart your free trial
Introduction - Going Beyond "Talking Techie"
Back in 1999, the Mars Climate Orbiter came to a crash-and-burn end. Why? Because there had been a serious miscommunication concerning the units of measurement used in the calculations. One team was producing and calculating in United States standard units, while the other was working on the metric system. The two sides had not communicated well, and the result was a literal disaster.
People who work in the technology sector often worry about not being technical enough. Sometimes it feels like you have to “talk techie” to be taken seriously. However, our industry has been plagued with a lack of good, clear communication in years past. We should be worrying about the ability to communicate effectively.
This concern has opened a debate around the need for soft skills. Soft skills typically refers to non-technical skills, such as being able to communicate across multiple team disciplines; being able to work with team members effectively; and even being decisive. Other skills, like problem-solving and being able to communicate these ideas, come under the soft skills umbrella as well.
Before we continue, a quick note. Instead of using the term “soft skills,” I will continue this piece using the phrase “communication skills,” as this is what it all really boils down to.
The softer side of cybersecurity
The field of cybersecurity has changed a lot in the last 25 years. There is certainly much more of an emphasis on the human factors used by cybercriminals. But this is not really what the use of communication skills is about. Communication skills, both spoken and written, are becoming more important. But why is this so?
A report from the University of Baltimore titled “Skills and Characteristics of Successful Cybersecurity Advocates” came to some interesting conclusions. One of these was that there was a lack of recognition that the industry was, actually, service-oriented, and good communication was therefore crucial. The paper pointed out that there needed to be a “dialogue about how the cybersecurity community can augment current security and education efforts to develop these [cybersecurity] advocates”.
While the study accepted that technical understanding was needed, this has to be augmented with great communication skills, being able to “sell” cybersecurity being key. What does “selling security” mean? Well, it involves being able to clearly communicate the benefits that having a security-aware organization brings. If you are a security professional, at some point you will have to be able to promote the ethos and importance of cybersecurity across the board.
Communication skills are also likely to improve your chances of employment as more employers recognize their importance. A Tripwire report showed that 60% of employers look for good communication skills in IT security candidates.
7 communication skills that can help you boost your profile in cybersecurity
So what kind of skills are needed and how do you best address any gaps you might have as an individual in these areas? Below, I’ve outlined seven key areas to focus on:
1. Know how to write concise reports that are accessible to management
A good writer can convey complex subjects succinctly. Cybersecurity professionals need to learn how to communicate, often using highly technical details, in an accessible way. For example, you may need to sell security awareness training to the board to obtain your budget. It’s a testament to your technical knowledge to be able to clearly articulate ideas for a non-technical audience.
When I used to write technical user manuals, I would give them to my 12-year old daughter. If she could understand them and use the software they described, I felt that I had created a good user guide.
Test out how you describe cybersecurity ideas and issues on people who are not technologists. Work out the best language to use, what level of understanding to target and whether images can help. Use these findings when you create presentations for management.
2. Choosing which communication channel to use in different contexts
Sometimes, a picture is worth a thousand words. Know which type of channel to use to communicate. This also depends on who you are communicating with.
The use of visual tools such as Venn diagrams, charts and other graphical images can help convey dry metrics. Infographics are also a great way to show an at-a-glance set of related statistics.
When communicating security awareness issues like password hygiene to a mass audience, consider things like security awareness training posters.
3. Being assertive to get a point across
Being assertive is a very effective way to communicate. However, there is a fine line between being assertive and being aggressive. Assertiveness is easier if you have self-confidence. Assertiveness is about firmly presenting your ideas in a respectful manner.
One way to become more confident in yourself and your ideas is to truly understand your work. Spend time learning all about the area you work in and build your confidence; assertiveness will follow. As an example, if you have a view on something, using assertive methods would include evidencing your claims, bringing in advocates of your idea and clearly articulating it — an aggressive communication would try to force a view without evidence.
4. Communicating across the levels
As you progress through your career as a security professional, you will find you work with folks across all levels of the business. Security is a cross-department/cross-company issue. This will bring you into contact with managers of teams throughout the organization. Having an assertive manner and great written and verbal communication skills will help you sell security to everyone.
5. Learn to communicate technical concepts well
Being a good teacher is important in a cybersecurity landscape where human beings are a vector. If you understand a subject deeply enough, you should be able to communicate it so that anyone can understand it.
Effective communication of technical concepts does not mean that you should blind someone with science. The famous physicist, Richard Feynman set out to take the subject of particle physics and make it understandable to students with little background knowledge. Feynman said:
“When we speak without jargon, it frees us from hiding behind knowledge we don’t have. Big words and fluffy ‘business speak’ cripples us from getting to the point and passing knowledge to others.”
Remember language is about communication, not obfuscation.
6. Build your profile as a domain expert through good communication
You are your own advocate, so become so. Build your profile in your company and externally as being the person to go to about X, Y or Z. How you do this depends on your organization, but if you get opportunities to educate your coworkers, do so. This is a good way to practice your general communication skills.
Other things you can do to increase your profile as a cybersecurity guru:
- Create a cybersecurity newsletter for internal employees about the latest issues — with a tip of the month
- Do regular roundtables with department heads to go over security policies
- Offer to do regular briefings on the latest scams and social engineering issues facing your industry
7. Be socially aware
And last but not least, dip into the social realm. Social media isn’t for everyone, but it can be useful. Use it to connect to other security professionals to keep up to date with the latest happenings in the cybersecurity world. You can also use it to build your domain expert profile by promoting your external work if you speak at conferences or write a security blog.
Conclusion
Many people who choose to go into the technology sector and cybersecurity specifically may well be more on the introverted side of the personality spectrum. I freely admit to being towards that end myself. However, being able to communicate across different channels is very important if you want to get ahead in the profession, especially if you want to move into any management position.
FREE role-guided training plans
Sources
- Haney, J.M., Lutters, W.G. Skills and Characteristics of Successful Cybersecurity Advocates
- Survey Says: Soft Skills Highly Valued by Security Team, The State of Security
- Assertiveness, Psychology Today
- Learning From the Feynman Technique, Medium
In this Series
- Are your communication skills holding your information security career back?
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity