The Biggest Challenge in Cybersecurity: Communication
In our jobs, we’re trying to keep up with new attacks, new vulnerabilities, new enabling technologies, and a cybercrime industry that’s learning how to monetize their skills at a frightening pace.? As a result, we focus on technical challenges—emerging threats, knowledge gaps, and advanced threat actors, and we love our #shinynewtecnologies.
With all this effort, we don’t address our most critical failing: our inability to effectively communicate the relevance and tractability of cybersecurity to decision-makers, business partners, and colleagues.
Knowing the answers to the six most common cybersecurity questions will power the newest or most introverted security leader to chart a path to improvement, influence, and stability.? Key is creating and practicing these individual answers at less than 30 seconds each.? Answering all 6 should be, in a rush, less than 5 minutes, and those 5 minutes will expand your community, your supporters, and your impact.
Here they are:
How’s our security?
Generic, high-level, question, typically from a senior exec who cares deeply but not specifically about cybersecurity.? Your answer?? Create simple categories (we like preparation, operation and response) and have one metric on-hand for each.? Relatability will provide clarity.
How do you know?
This is a natural follow-on, or an initial question from someone trying to rationalize cybersecurity spend and process.? Build trust by briefly explaining your visibility and the data and events you’re gathering about your systems and the threat landscape in terms stakeholders understand.
What’s been happening?
Cybersecurity is interesting and this question is an opening to create a new fan.? Share a specific and relatable story about threats, incidents, or successes, and you’ll make cybersecurity engaging and relevant.
领英推荐
Are we getting better?
This question can trip up the best leaders if they’re not prepared. ?The answer is always yes, because in our industry, understanding where things are weak or needing critical improvement is the definition of getting better.? Highlight improvements in protection where you can and visibility where you can’t, using clear business-centric examples to show progress.
What should we do next?
Welcome to the doorstep of success.? This question means that you’ve created enough interest, and demonstrated enough credibility, that your audience wants your advice.? You are almost home.? Offer actionable recommendations in straightforward language that is grounded in organizational objectives, not the blurry world of risk, and you’ll be better understood and valued.
Why does this matter?
It’s always been a surprise that most non-cybersecurity people don’t connect gaps in cybersecurity, and even the results of most attacks, to core business issues.? Avoid the temptation to overstate the risks or the impacts, and come up with simple, digestible, consequences.? Where you can, reframe one or two security measure to demonstrate value through resilience, improving trust with stakeholders, or financial and strategic benefits that you can measure.? The key here is to remember that cybersecurity will always compete with new technologies, competitor momentum, interest rates, sales, and market events, for attention and support.
And There You Are
The way we communicate will make (or break) our ability to generate support and internal champions. By tailoring our language, focusing on relevance, and framing cybersecurity in terms of business outcomes, you will build relations and awareness among the types of executives that can magnify your voice and create lasting change.
#CybersecurityLeadership #Communication #BusinessStrategy
?
Cyber Security Recruiter | Podcast Host |
2 个月Jack Danahy communication Is everything is life and in security. Merry Christmas Jack hope you’re well and looking forward to a strong 2025! :)
Clear communication is key in cybersecurity! Those six questions are a great way to build trust and get everyone on board.
Marketing Director
2 个月Love this! Such a tactical way to break it down—introvert to influencer in 6 questions. ????
Senior Technology Leader | MS in Software Engineering | Empathetic | Heuristic | People Focused
2 个月It feels like there are a lot of parallels here between how business decision makers decide on where and when to spend their money, and the amount of money being pumped into business enablement around specific subjects. Take AI, where many business leaders have firm belief that it will help them to do so much more than the technology is capable of delivering. They have subscribed to trusted sources and those sources have said, spend money here. Those same sources don't put a lot of or not enough emphasis on the preparedness of investing into Cybersecurity, instead most of what tends to make it out there is about the impacts and results of not having "enough" without fully qualifying the need. That means the communication and educative approach you are mentioning is the only way to gain ground with those who do not possess the technical background necessary to parse their business enablement sources. While this might pose as a task that feels exhausting, I think the right people with the right passion behind them are energized by a challenge like this. It is easy for me as someone who grew up with tech in my veins to take for granted the real challenges in fostering the right mindset with decision makers who need it.
Americas Lead - Security & AI Strategy at Microsoft | IEEE Senior Member (Cybersecurity) | Podcaster | Board Member | Public Speaker
2 个月communication is indeed critical in cybersecurity. how do you see security leaders improving their message delivery?