Communication is a skill vital to every role in an organization. Without it, we make assumptions, and breakdowns occur in processes and workflows. It’s often the leading reason for dysfunction in a group. It has equal importance in cybersecurity. However, cybersecurity communication skills are often poor or nonexistent.
When communication fails, your cybersecurity provisions and safety nets can, too. It raises risk and creates distrust in the group. It’s also the most vital soft skill that organizations seek in hiring, according to a recent industry survey.
So, there’s no argument from the field that cybersecurity communication skills are critical. The problem is that most companies aren’t doing anything to develop it in their people. If they are, the training may be obsolete or ineffective, such as online learning classes. Can you really hone your communication skills by watching a video? The answer is likely no. It requires interactive exercises and a strategic approach.
Further, companies often put communication skills in a box that doesn’t apply to all facets. For example, being a great communicator isn’t simply about being articulate. Many technical people are. Yet, communication failures still occur. Communication is a multi-faceted skill that includes being aware of others and their perspectives, understanding nonverbal cues, being active listeners, and communicating to be inclusive (versus lots of jargon and tech-speak).
Communication is step four of the Secure Methodology, which is a seven-step guide I documented in my book, The Smartest Person in the Room. Its purpose is to help cybersecurity leaders transform their people with soft skills to work together more effectively to combat cyberattacks.
In this post, I’ll break down each element of communication and offer tips to develop those in your people.
Cybersecurity Communication Skills: The Four Facets
There are four components of becoming a great communicator as a technical professional. Consider all these when crafting a program that lifts soft skills.
Technical people have a reputation for talking in jargon that only “insiders” understand. They do this for several reasons. First, it makes them feel more confident and that they have control of the conversation. They feel comfortable with the geek speak as a nod to their superiority over all things cyber-related.
Using this language also means that others are less likely to call them out, which they secretly fear. If other people understood what they were saying about risks, threats, and solutions, they might receive more questions and requests for explanations. They would see this as losing “control” of the interaction.
Ultimately, this type of communication helps no one. Your technical people don’t get better at defining threats and solutions, so you don’t improve in that area. Also, they won’t be able to convey critical information to leadership, which could impact funding and resources. As a result, the entire organization suffers from greater risk exposure. These patterns are the hardest to break but pivotal because shared language leads to success.
Understanding Nonverbal Cues
A big part of communication is the things we don’t say. Body language presents context around what people say. Often, words don’t match these cues. According to Mehrabian’s 7-38-55 theory, most comprehension is via body language (55%). So, what does that mean exactly?
Focusing only on the spoken words can be an opportunity to miss the message. Ignoring body language as a part of communication causes communication breakdowns. When interacting with others, we need to pay attention to body language because it conveys more than words.
Body language can change suddenly in a conversation, and catching those clues is critical. When a technical person speaks to someone who isn’t, they often use a lot of jargon and acronyms. As the other party takes in this information, they may say little. The body language, however, may say more. They may become guarded or disinterested. This matters because your cyber professionals are talking to their clients (whether internal or external). If they shut down because they don’t understand what the person is saying, it’s not good for anyone. It causes silos between groups, and no one knows the biggest priorities.
There can often be inconsistencies between spoken words and body language. Facial expressions that seem opposite to what words are said or failure to make eye contact indicate the person isn’t comprehending the message. That’s not a good place to be with cybersecurity. This can happen between co-workers and with cybersecurity professionals and leadership.
Tone of Voice
Another aspect of Mehrabian’s 7-38-55 theory is tone, which is 38% of the communication bubble. Tone is the way you speak, which adds context to the words. There is a variety of different tones that people use. Here are some examples
- Assertive: This tone represents a declarative approach where the person speaking is not amiable to moving their position. It’s often considered rude and curt and is usually counterproductive.
- Respectful: The person speaking is careful with their words and does not let frustration or bias impact what they say. It can motivate others in the conversation to feel they are free to voice opinions or concerns.
- Accommodating: This tone promotes collaboration and cooperation. It’s like respectful but even more non-threatening.
- Dismissive tone: This tone of voice is harmful in that the person speaking is flippant about the situation and anyone else’s position on it. In this category, technical folks are posturing, often speaking quickly, believing no one else could understand.
We can all relate to sentences having different meanings depending on the tone. For example, the simple response of “I don’t know” could have many connotations. An assertive tone could communicate anger. If said dismissively, it could come off as sarcastic. On the other hand, if said with a respectful or accommodating tone, it could be a starting point to go deeper and find the answer together.
Tone interpretation can lead to assumptions, resentment, and disillusionment when negative. If positive, it can change how people respond and interact. It clarifies and conveys meaning.
The last component of cybersecurity communication skills is the ability to be a good listener. In many cases, people listen to prepare their response, either as agreement or dissension. That’s the first obstacle to overcome. Active listening is making a conscious effort to hear the words spoken and the tone to receive the message.
Becoming an active listener takes practice, and several techniques are valuable:
- Pay attention to the speaker by giving them eye contact and removing distractions from the environment.
- Illustrate you’re listening with body language gestures, such as nodding, smiling, having an open posture, and encouraging the speaker to continue with comments like “uh huh.”
- Reflect on what’s being said by paraphrasing back to the speaker (“I’m hearing you say…), asking questions for clarity, and summarizing what you hear.
- Allow the speaker to finish their points before you interrupt, as that only frustrates the person and creates a negative experience.
- Be honest and open with responses, opinions, and other information in a respectful manner, even if you have differing perspectives.
Remember that your people will only improve if they take the need to change seriously and practice it consistently. Every conversation they have should include active listening!
Cybersecurity Communication Skills: More Tips and Tricks
Within each realm of communication, you now have a view of what impacts communication. Each aspect requires practice and work. Making this part of your organization’s foundation is crucial for your team to be cohesive. Here are some more tips to consider:
Encourage Transparency in Communication
Do you think your people are afraid to say things? Some avoid transparency to keep the upper hand, but others may be apprehensive because they’re concerned about questioning things. You want people to question stuff and look outside typical approaches. Thus, you’ll need to create a space to “question.” Show your employees that you appreciate and expect honesty. It can improve communication and trust levels.
Lead by Example
How are your communication skills? Do you need to practice what you preach? You have to be the ultimate example to your staff. As they see you leading as a strong communicator, they’ll realize that you are taking this seriously, and it can immediately begin to improve rapport in the group.
Ask Them to Consider Perspective
When technical people communicate with others outside the field, they should keep in mind their perspective. They should think about what this person’s role is in cybersecurity. Is it to support the team? Provide funding? Manage risk? Have visibility into the threat landscape. From perspective, your employees can better manage tone in conversations. What they say will mean different things to different people, and making these adjustments drives better communication.
Communication Is the Most Vital Skill to Develop
Throughout my book, I harp on communication. The emphasis on it is deliberate because it’s where most things go off the rails. In the book, you’ll find exercises, tips, and techniques to develop your staff into effective communicators. Read it today to get started.