I spent nearly a decade in the coffee industry, working as a barista and a shift manager, a repair technician and managing service providers across the country. From each one of these stops along the way, one point was made abundantly clear: communication is essential. Whether it took the form of relationship building with customers, maintaining expectations with coworkers and stakeholders, or providing context and options to business owners, it was clear that to thrive, communication is key. This rings true not just in my former life as a barista, but today in my day-to-day life as a security professional.
The most insightful lesson on communication I learned from the brisk pace of the coffee business was the relationship between the pace of business and the need for context and communication. As a barista, being able to understand the needs of the customer, articulate those needs in a common language with fellow employees, and respond to those needs accordingly was the determining factor in the success of the business. There was a clear mission for the organization that was conveyed at every level and reinforced by every process: consistently and efficiently delivering on the customer’s specific needs. Though this seems simple enough, in practice there was quite a bit of nuance in how it was executed. For my example, the pace at which the business could operate was correlated with the pace at which we could communicate the orders as much as it was with the pace, we could craft beverages.
This became especially evident when systems like the drink label printers would go down. Because the store had to fall back to hand-writing the orders on cups, and since that introduced friction into the communication of orders across the store, there was significant operational impact. The value we provided to the customer was diminished because of long wait times and incorrectly filled orders. This resulted in wasted product and labor for the business as well as stress and frustration for employees and customers.
Specific pivots needed to be made during events like these: the prioritization of communication skills became more important– employees who excelled at written and verbal communication were placed in direct contact with customers – even when those same employees had a relative advantage in order production too. These skills also became something I prioritized when staffing decisions were made. This resulted in more efficient operations, but unexpectedly also decreased the time and energy needed to train staff; the same skills which enabled them to interface with customers also positioned them to consume institutional knowledge at an accelerated pace.
These same lessons have held true as I’ve grown my career in the technology and cybersecurity space. The rate at which defenders can respond to evolving risks is directly related to their ability to parse, understand, and synthesize information, and to relate that information to business owners. Only then can they respond to the associated risks.
But what can today’s cybersecurity professionals do to hone their communication skills? There are two things I can personally attest to improving my ability to communicate with stakeholders and colleagues.
The first way I improved my communication skills was to really engage with the practice of active listening. Our goal should be to have more than half of our communication activity be listening and absorbing information. The more information we can take in and distill down for our stakeholders, the more value we’re able to add to the communication and decision-making chain. In cybersecurity and technical fields, active listening is crucial for problem-solving, collaboration, and even adversary engagement. Whether it’s understanding a user’s security concerns, gathering intelligence from threat actors, or mentoring others, the ability to listen actively can be a game-changer. It helps build trust, improves communication, and ultimately leads to better decision-making.
Beyond listening, another unexpected practice sharpened my communication skills: meditation. I’d be skeptical too, if someone tried to tell me that sitting silently and staring at a wall was going to improve my communication skills. As Chen H. et al found in their study on operating room communication by surgeons; a regular, focused meditation practice can dramatically improve the speed and accuracy of communication during high-stakes situations. My anecdotal experience is that my meditation practice exercises the muscle of attention, which is key in both consuming information rapidly as well as expressing it and its’ relevance succinctly. I started meditating while I was working in coffee, and I noticed I was able to communicate better, more effectively, and (as a nice little bonus) more compassionately.
The pivots we, as an industry, must make are clear then. At every level of the talent pipeline communication skills must be prioritized and developed. Similarly, cybersecurity organizations must create and mature communication norms both internally and externally to facilitate the exchange of knowledge and accelerate their ability to respond to evolving threats. Industry-wide efforts to create standards for communications related to cybersecurity exist and deserve our support.
As a cybersecurity professional, I couldn’t begin to quantify the volume of information I’ve had to distill for stakeholders, the amount of time I’ve put into communicating with them, or the effort that has gone into executing on their vision. It’s been just as much a factor in this chapter of my life as the last.
In his book “Cybersecurity First Principles”, Rick Howard writes that the atomic mission of cybersecurity is to “Reduce the probability of material impact due to a cyber event…”. If our success as cybersecurity professionals is determined by our ability to execute on that mission, developing effective communication skills and strategies is an essential aspect of that function. The question remains, are we sufficiently investing in that skill for ourselves and our teams?