Communication skills are some of the most fundamental learned in life. Whether in written, verbal, non-verbal, or visual form, the ability to communicate clearly and effectively is quickly becoming a top prerequisite for cybersecurity jobs. In fact, itâs become so highly valued that Haysâ first global cybersecurity report, released in 2023, identified communication as one of the top five most desired soft skills in cybersecurity.
âCybersecurity professionals are certainly aware of the need for regular technical upskilling, but people and communication skills havenât always been considered as high a priority in the past,â Adam Shapely, managing director of technology at Hays Australia and New Zealand, tells CSO. âHowever, this is changing in many parts of cyber, with senior stakeholder engagement becoming a more critical part of a cyber candidateâs skillset.â
The value of good communication during an incident
Underpinning the need for cybersecurity professionals to improve their communication skills is the growing interest in cybersecurity at all levels of business, according to Abbas Kudrati, Microsoft APAC chief cybersecurity advisor. Cybersecurity has become such a big deal that even the World Economic Forum has listed cybercrime as one of the biggest global risks faced today, alongside extreme weather, the cost of living crisis, and societal and political polarization.
Given that cybersecurity professionals are on the frontlines every day fighting off threats and dealing with hackers, they possess important knowledge and understand the best strategies to deal with cyberattacks, says Kudrati, and itâs critical that they are able to pass this technical knowledge on to other parts of the business. âThey need to be able to translate technical language, including information about vulnerabilities, into something that business teams can understand,â Kudrati says. âIf they canât do this, it can have severe and negative impacts as it delays organizations in taking the necessary actions to improve their security posture.â
Keri Pearlson, executive director of the research consortium Cybersecurity at MIT Sloan, says the way in which cybersecurity information is communicated can make or break decisions necessary to keeping an organization secure and resilient. âTo make sure non-cyber peers, managers, and leaders really understand the threats their organizations face, understand the risk those threats create to their business, understand the options to manage those threats, and understand the consequences of the available options, a cyber professional must speak the language of the listener, not the language of the cyber professional,â she tells CSO.
This means cybersecurity professionals must be able to translate their expertise into the language of business, Pearlson emphasizes. âFor example, telling a non-cyber leader about the number of controls necessary to secure a system is less effective than translating that into the business risk of failure to set up proper controls and the business impact should those controls be improperly set.â
Good communication skills can boost career development
Furthermore, while many cybersecurity professionals excel in their technical skills, Kudrati adds that communication skills are equally important if cybersecurity professionals want to take their careers to the next level. âTheyâll need to learn how to coach a very technical member of their team, participate in business decisions at the executive level, or even be asked to present to the board of directors,â Kudrati says. âExcellent communication skills can help them refine messages for the right audience.â
Kudrati, who started his career as a systems administrator and AI auditor, understands the importance of having good communication skills firsthand. âTo move to a management grade, it was expected that I had the skills to act as a conduit between the technical team and the business team,â he says. He recalls that he was given a chance to deliver a few presentations but âfailed dismallyâ, pointing out that he got caught up in jargon and technical details instead.
How to brush up on those communication skills
Exactly how can cyber professionals go about improving their communication skills? According to Shapley, many people prefer to take short online learning courses. On-the-job coaching or mentorships are other popular upskilling strategies, providing quick and cost-effective practical learning opportunities.
For those still early in their cybersecurity career, there is the option of building communication skills as part of a university degree. According to Kudrati, who teaches part-time at La Trobe University, many cybersecurity students must complete one subject on professional skills as part of their course. âThis helps train studentsâ presentation skills, requiring them to present in front of lecturers and classmates as if theyâre customers or business teams,â he says.
Homing in on communication skills at university or early on in a cybersecurity professionalâs career is also encouraged by Pearlson. In a study she conducted into the skills of cybersecurity professionals, she found that while communication skills were in demand, they were lacking, particularly among those in entry roles. Based on her observations, she found that âtech professionals skip the communications classes in their education program, figuring itâs less important than learning more tech skills. Entry-level cyber professionals are likely guilty of the same short-sighted thinkingâ.
Professional associations such as Toastmasters, as Kudrati suggests, are another possible option for cyber professionals to sharpen their communication skills. It was the one that Kudrati personally used to improve his communication skills. âI joined as soon as I realized that I wasnât going to move up to a managerial level until I perfected these skills,â Kudrati says. âI regularly participated in their sessions, and in six to eight months I was able to get comfortable in front of an audience, pass on the message, learn those skills and quickly made the manager grade.â
Kudratiâs journey with Toastmasters continued for another eight years. âItâs not just a one-off training session, but rather something that you can and have to practice regularly. I find that itâs the most effective way to sharpen these communication skills.”
Toastmasters CEO Daniel Rex cites how the association has structured its programs to cover a variety of communication skills relevant to business, including knowing how to understand who the audience is, public speaking skills, providing and responding to feedback, and impromptu speaking.
Rex adds that Toastmasters has helped organizations break down silos amongst different departments and business units who would not typically interact, as its programs are not department-specific — itâs open to anyone in business who wants to improve their communication skills. This tactic, he said, is another lesson in the art of teaching someone how to improve their communication skills.
Through establishing these relationships in Toastmasters, people become more comfortable working with those outside their usual teams or communities, which can then translate back to the workplace and help different groups understand each other better, Rex tells CSO. âPeople that have an area of focus tend to become accustomed to their own language, their own jargon, and sometimes they try and impose that jargon on others. That’s where we start running into problems in business if we’re not cognizant of our audience.â
Shapely recommended cybersecurity professionals take advantage of the wider community, including meetups and events run by the likes of ISACA, BSides and the OWASP. âThese events offer both exceptional networking opportunities and demonstrate a cyber professionalâs passion to be immersed in the cyber landscape, learn from peers and their genuine interest in keeping up to date with the latest trends and threats,â Shapely says.
From a written communication standpoint, Kudrati points to AI tools such as Copilot, Security Copilot and ChatGPT that have emerged and can help simplify technical language with a few prompts, significantly aiding cybersecurity professionals in doing their job. âI encourage cyber professionals to explore and use these tools in their day-to-day wherever appropriate,â he said.
Find ways to continuously practice communication skills
Ultimately, it will come down to practice — and a lot of it. âPractice, practice, practice,â Pearlson says. âFormal communication classes that give a professional the opportunity to practice is a good option. Just jumping in and communicating, then asking the listener what they heard to be sure the message got across, and even asking the listener how the cyber professional might improve their communications to make the message even clearer — in words asking for feedback so you can learn while doing — is another way to improve skills.â
Practice with a bit of strategy by trying to understand the goals of the audience, is Kudratiâs advice as he wrote in a Microsoft blog. âWhat are their challenges? Can you frame security communications in terms that will help them overcome those challenges? Take a moment to put yourself in someone elseâs shoes before meetings, hallway conversations, emails, and chats.â