Communication skills are some of the most fundamental learned in life. Whether in written, verbal, non-verbal, or visual form, the ability to communicate clearly and effectively is quickly becoming a top prerequisite for cybersecurity jobs. In fact, it’s become so highly valued that Hays’ first global cybersecurity report, released in 2023, identified communication as one of the top five most desired soft skills in cybersecurity.
“Cybersecurity professionals are certainly aware of the need for regular technical upskilling, but people and communication skills haven’t always been considered as high a priority in the past,” Adam Shapely, managing director of technology at Hays Australia and New Zealand, tells CSO. “However, this is changing in many parts of cyber, with senior stakeholder engagement becoming a more critical part of a cyber candidate’s skillset.”
The value of good communication during an incident
Underpinning the need for cybersecurity professionals to improve their communication skills is the growing interest in cybersecurity at all levels of business, according to Abbas Kudrati, Microsoft APAC chief cybersecurity advisor. Cybersecurity has become such a big deal that even the World Economic Forum has listed cybercrime as one of the biggest global risks faced today, alongside extreme weather, the cost of living crisis, and societal and political polarization.
Given that cybersecurity professionals are on the frontlines every day fighting off threats and dealing with hackers, they possess important knowledge and understand the best strategies to deal with cyberattacks, says Kudrati, and it’s critical that they are able to pass this technical knowledge on to other parts of the business. “They need to be able to translate technical language, including information about vulnerabilities, into something that business teams can understand,” Kudrati says. “If they can’t do this, it can have severe and negative impacts as it delays organizations in taking the necessary actions to improve their security posture.”
Keri Pearlson, executive director of the research consortium Cybersecurity at MIT Sloan, says the way in which cybersecurity information is communicated can make or break decisions necessary to keeping an organization secure and resilient. “To make sure non-cyber peers, managers, and leaders really understand the threats their organizations face, understand the risk those threats create to their business, understand the options to manage those threats, and understand the consequences of the available options, a cyber professional must speak the language of the listener, not the language of the cyber professional,” she tells CSO.
This means cybersecurity professionals must be able to translate their expertise into the language of business, Pearlson emphasizes. “For example, telling a non-cyber leader about the number of controls necessary to secure a system is less effective than translating that into the business risk of failure to set up proper controls and the business impact should those controls be improperly set.”