I spent nearly a decade in the coffee industry, working as a barista and a shift manager, a repair technician and managing service providers across the country. From each one of these stops along the way, one point was made abundantly clear: communication is essential. Whether it took the form of relationship building with customers, maintaining expectations with coworkers and stakeholders, or providing context and options to business owners, it was clear that to thrive, communication is key. This rings true not just in my former life as a barista, but today in my day-to-day life as a security professional.

The most insightful lesson on communication I learned from the brisk pace of the coffee business was the relationship between the pace of business and the need for context and communication. As a barista, being able to understand the needs of the customer, articulate those needs in a common language with fellow employees, and respond to those needs accordingly was the determining factor in the success of the business. There was a clear mission for the organization that was conveyed at every level and reinforced by every process: consistently and efficiently delivering on the customer’s specific needs. Though this seems simple enough, in practice there was quite a bit of nuance in how it was executed. For my example, the pace at which the business could operate was correlated with the pace at which we could communicate the orders as much as it was with the pace, we could craft beverages.

This became especially evident when systems like the drink label printers would go down. Because the store had to fall back to hand-writing the orders on cups, and since that introduced friction into the communication of orders across the store, there was significant operational impact. The value we provided to the customer was diminished because of long wait times and incorrectly filled orders. This resulted in wasted product and labor for the business as well as stress and frustration for employees and customers.

Specific pivots needed to be made during events like these: the prioritization of communication skills became more important– employees who excelled at written and verbal communication were placed in direct contact with customers – even when those same employees had a relative advantage in order production too. These skills also became something I prioritized when staffing decisions were made. This resulted in more efficient operations, but unexpectedly also decreased the time and energy needed to train staff; the same skills which enabled them to interface with customers also positioned them to consume institutional knowledge at an accelerated pace.

These same lessons have held true as I’ve grown my career in the technology and cybersecurity space. The rate at which defenders can respond to evolving risks is directly related to their ability to parse, understand, and synthesize information, and to relate that information to business owners. Only then can they respond to the associated risks.

But what can today’s cybersecurity professionals do to hone their communication skills? There are two things I can personally attest to improving my ability to communicate with stakeholders and colleagues.

The first way I improved my communication skills was to really engage with the practice of active listening. Our goal should be to have more than half of our communication activity be listening and absorbing information. The more information we can take in and distill down for our stakeholders, the more value we’re able to add to the communication and decision-making chain. In cybersecurity and technical fields, active listening is crucial for problem-solving, collaboration, and even adversary engagement. Whether it’s understanding a user’s security concerns, gathering intelligence from threat actors, or mentoring others, the ability to listen actively can be a game-changer. It helps build trust, improves communication, and ultimately leads to better decision-making.

Beyond listening, another unexpected practice sharpened my communication skills: meditation. I’d be skeptical too, if someone tried to tell me that sitting silently and staring at a wall was going to improve my communication skills. As Chen H. et al found in their study on operating room communication by surgeons; a regular, focused meditation practice can dramatically improve the speed and accuracy of communication during high-stakes situations. My anecdotal experience is that my meditation practice exercises the muscle of attention, which is key in both consuming information rapidly as well as expressing it and its’ relevance succinctly. I started meditating while I was working in coffee, and I noticed I was able to communicate better, more effectively, and (as a nice little bonus) more compassionately.

The pivots we, as an industry, must make are clear then. At every level of the talent pipeline communication skills must be prioritized and developed. Similarly, cybersecurity organizations must create and mature communication norms both internally and externally to facilitate the exchange of knowledge and accelerate their ability to respond to evolving threats. Industry-wide efforts to create standards for communications related to cybersecurity exist and deserve our support.

As a cybersecurity professional, I couldn’t begin to quantify the volume of information I’ve had to distill for stakeholders, the amount of time I’ve put into communicating with them, or the effort that has gone into executing on their vision. It’s been just as much a factor in this chapter of my life as the last.

In his book “Cybersecurity First Principles”, Rick Howard writes that the atomic mission of cybersecurity is to “Reduce the probability of material impact due to a cyber event…”. If our success as cybersecurity professionals is determined by our ability to execute on that mission, developing effective communication skills and strategies is an essential aspect of that function. The question remains, are we sufficiently investing in that skill for ourselves and our teams?

Transitioning from Coffee to a Security Career

When I first started my career, I wasn’t thinking about firewalls, encryption, or malware. I was thinking about lattes, customer service, and how to make the perfect foam. My days were spent behind a counter at Starbucks, mastering the art of coffee-making and engaging with customers.

Fast forward to today, and I’m a cybersecurity engineer working to secure digital spaces from adversarial threats. This journey wasn’t linear, and it certainly wasn’t easy, but it was driven by a few key lessons that I’ve learned along the way.

Whether you’re considering a career change or just stepping into the world of cybersecurity, I hope these insights will inspire and guide you.

1. Curiosity and Passion Will Pay Dividends

The cybersecurity landscape is vast and ever-changing. From ransomware to zero-day vulnerabilities, there’s always something new to learn. Early in my journey, I realized that cultivating a sense of curiosity was my greatest asset. Instead of feeling overwhelmed by the constant stream of information, I embraced it. I let my curiosity guide me, diving into topics that fascinated me and exploring the many facets of cybersecurity.

Curiosity also makes the learning process enjoyable. I treated each new challenge as a puzzle to solve, and each piece of knowledge as a tool to add to my arsenal. This mindset not only kept me engaged but also helped me adapt quickly to the rapid changes in the field. If you’re new to cybersecurity, don’t worry about mastering everything at once. Start with what excites you, and let that passion drive you forward.

2. It’s Never Too Late to Branch Out

Unlike many of my colleagues, I didn’t discover my passion for cybersecurity in high school or even during my first attempts at college. It took years of exploring different paths and thinking critically about what I wanted to do with my life. My journey to cybersecurity began with a willingness to pivot and try something new.

I’ll admit, there were moments when I feel behind or out of place. But those feelings are fleeting compared to the excitement of finding a field that resonates with me. Your starting point doesn’t define you—your willingness to take the leap does. Whether you’re coming from coffee, construction, or coding, there’s a place for you in cybersecurity.

3. Know Yourself, Know Your Needs

The best piece of advice I received during my transition was this: “learn about how you learn best.” For me, understanding that I am a tactile kinesthetic learner changed everything. I thrive with hands-on experiences and do my best work when I can actively engage with the material.

This self-awareness allowed me to tailor my study methods to what worked for me. Instead of just reading textbooks or watching videos, I sought out labs, simulations, and real-world scenarios to practice my skills. I built a homelab, and frustrated my partner by over-engineering our home network. Knowing yourself—your strengths, weaknesses, and learning preferences—is key to making the most of your efforts.

4. Be Mission-Driven

Cybersecurity isn’t always glamorous. There are long hours, high-pressure situations, and moments when it feels like the work never ends. During those tough times, having a mission to fall back on has been my anchor. My mission is simple: to make digital spaces safer for people, so that they can focus on occupying and inhabiting them. It’s what motivates me to keep learning, keep pushing, and keep showing up even when the going gets tough.

If you’re considering a career in cybersecurity, think about what drives you. Maybe it’s protecting your community, fighting against cybercrime, or simply solving complex problems. Whatever it is, hold onto that mission and let it guide you through the challenges.

5. Make Connections, Ask Questions

Breaking into cybersecurity is often about who you know. My first opportunity came because someone was willing to take a chance on me—but that chance wouldn’t have come if I hadn’t made the effort to connect with others in the field. I spent many long hours messaging strangers on LinkedIn, asking for a cup of coffee and 30 minutes of their time. This isn’t just something I used to do, but something I have carried forward as my own goals have evolved.

I’ve found that people are generally eager to share their knowledge and experiences. Don’t be afraid to reach out, ask questions, and build relationships. Whether it’s attending meetups, joining online forums, or simply striking up a conversation on LinkedIn, connections matter. They can open doors, offer guidance, and become invaluable allies as you navigate your career.

Final Thoughts

Transitioning from coffee to cybersecurity was one of the most challenging and rewarding decisions of my life. It required curiosity, resilience, and a willingness to step out of my comfort zone. If you’re thinking about making a similar leap, remember: it’s never too late, and you don’t have to do it alone. Stay curious, stay driven, and don’t be afraid to ask for help. You never know where the journey might take you.

Wishing you all the best,

-Dylan