Breaking down cyber security communication skills
You may be tired of hearing by now that communication is crucial in cyber security – but it’s true and we’re going to keep saying it. But it’s not true that communication is just one skill – it's a series of different skills which will be important to varying degrees in different sections of the profession.
Let’s break down a few common communication skills, what they mean, where you might develop them and where they’ll be most useful.
Writing formal reports
Formal reports are often the output of certain cyber security projects, including audits and security tests. They are often written with very specific guidelines and must include specific pieces of information. They may be used in legal contexts such as criminal investigations, civil proceedings (i.e. someone being sued), or for insurance purposes, so it’s important they don’t contain mistakes.
You might be able to develop this skill in a university module.
You may already have a general version of this skill if you are a career changer. Surveyors and inspectors do a non-cyber security version of this, as do non-cyber security auditors. Safeguarding reports in an education/childcare context may also prepare you.
Here are some resources: LinkedIn multi-expert top tips; A guide on technical report writing (non-cyber specific); and these blogs with templates on security testing reports from HackTheBox 1 2.
This skill will be particularly useful in Digital Forensics, Security Testing, Governance & Risk Management and Audit & Assurance.
Explaining complex technical information to people with limited technical understanding
As a cyber security professional, many of the people you interact with will not be cyber security or even technical professionals. They may be users, process managers, executives or those with budget responsibilities. It is very important to make those people understand why a cyber security issue matters even if they do not understand cyber security terminology.
You may be able to develop this skill through volunteering with older or vulnerable people to promote digital inclusion or personal cyber security. You may be able to develop this skill through writing blogs or articles for a general audience.
You may already have a general version of this skill if you are a career changer. You may have developed it working in, for example, a specialised retail environment such as a DIY shop or pharmacy. People who already work in customer facing IT roles such as on helpdesks are in a very good position to demonstrate this skill.
This skill will be particularly useful in Network Monitoring & Intrusion Detection, Security Testing, Cryptography & Communications Security and Identity & Access Management.
Sharing information quickly and accurately
In high pressure situations, speed and accuracy is crucial. Formal documentation and convincing people may be less important in these situations. You will need to make sure you’re giving only the necessary information and make judgements on what is relevant under pressure.
You can develop this skill by familiarising yourself with common cyber security acronyms and key words, and by partaking in time-bound team based cyber security simulations like the Cyber Leaders Challenge or UK Cyber Team.
You may already have a general version of this skill if you are a career changer. Emergency professionals particularly have this skill, but you may have also developed a version of it in hospitality, kitchen or events work.
This skill will be particularly useful in Incident Response.
Influencing
Influencing isn’t just selling Huel, it’s the ability to convince someone to do something you want them to do. You need to be able to persuade people rationally, by understanding their incentives and priorities and positioning cyber security as part of that. You also need to be personable, friendly and easy to work with so people are inclined to listen to you.
Public speaking and debate can be a good foundation for building this skill, and if you are a university student there is probably a free debating or public speaking club available to you. You may also wish to study game theory and/or formal logic.
You may already have a general version of this skill if you are a career changer. Sales professionals practice this every day, as do individuals in consulting and advisory roles.
Some people will also have a natural “knack” for influence. Do people tend to come around to your suggestions on where to go for dinner, what to name the dog and the best house party themes? That’s a good sign.
This skill will be particularly useful in Cyber Security Management and Governance & Risk Management.
Writing plans, processes or instructions
Plans, processes and instructions are different kinds of documents, but they share that they convey enough information for someone to carry out a task, activity or function, or to create something.
You will probably develop this skill during university studies.
You could also develop it in your personal life or a voluntary context, for example writing simple instructions for people who need to change passwords, alter permissions etc.
You may already have a general version of this skill if you are a career changer. Project and programme managers do this a lot, as do architects, planners and engineers. Teachers will have experience of writing lesson plans, which may also be transferable.
This skill will be particularly useful in Security Testing, Identity & Access Management, Secure System Architecture & Design and Secure System Development.
Maintaining records and logs
Recordkeeping is crucial in a lot of environments. Records and logs need to be true and complete histories of activities and changes and need to be understandable even if you are not there, but they also need to be concise and should not include unnecessary detail.
You will probably develop this skill during university studies. You can also practice keeping thorough records during simulated cyber security activities or while programming, designing or developing in your own time.
You can study up on the legal requirements here.
You may already have a general version of this skill if you are a career changer. Banking, hotel and call centre environments often involve detailed recordkeeping. Teaching and safeguarding professions also require logging of incidents like injuries.
This skill will be particularly useful in Secure Operations and Data Protection & Privacy.
Customer service
Many cyber security roles are customer facing and will require regular engagement with customers. Good customer service ensures users are happy to interact with cyber security teams, making them more likely to comply with policies and report incidents or suspicious events. Customer service requires all the above about non-technical audiences, as well as personability and friendliness.
This is a skill where career changers and those who have had retail/hospitality/customer service student jobs shine. It is one you will be particularly adept at if you have worked on an IT service desk, which is a great place to start a cyber security career if you don’t want to go through formal education.
This skill will be particularly useful in Identity & Access Management.
Asking questions
Everyone can ask questions, but asking good questions is a skill. You need to ask the right questions to get the answers you want- the wrong question might get too much information, too little, or something irrelevant. You might be asking questions to understand what a client or boss wants/needs, or what is currently being done.
Here is a guide on the basic strategies.
This is a skill you need to practice with other people. Try working with classmates or peers to practice scenarios from your preferred areas of cyber security.
You may already have a general version of this skill if you are a career changer. Sales, technical troubleshooting and consulting roles all do variations of this.
This skill will be particularly useful in Secure System Architecture & Design, Governance & Risk Management and Audit & Assurance.
Challenging colleagues
It can be difficult, but challenging people you work with or for is a valuable skill. You’ll draw on elements of influencing and asking the right questions to constructively challenge risky practices and poor cyber hygiene.
This is a skill which will come with time, and it’s best to start building it now so it is a habit when you are in a role responsible for best practice.
This skill will be particularly useful in Governance & Risk Management.