Cybersecurity Executive Communication and importance of Metrics

In my previous article I focused on the major cybersecurity areas/domains, and how business enabler mindset is crucial to drive the cybersecurity culture across an organization. In this article, I’ll focus on how major security domains generate metrics/KPIs-KRIs that are required to drive effective cybersecurity strategy and culture across the different stakeholders. Let’s focus on on effective communication first and metrics later in the article.

Communication: Let’s get it straight, we were not born knowing how to effectively write and talk, but we learn throughout our life via schools, hard experiences, or many other forms of learning. Effective communication is an art (storytelling) and science (metrics/context/data) that we constantly learn and adapt to get better (or worse) at it. One of my favorite quote on communication is by Robert J. McCloskey, former State Department spokesman, “I know that you believe that you understood what you think I said, but I am not sure you realize that what you heard is not what I meant”.

Eight Essential Components of Communication:

Source <-> Message <-> Channel <-> Receiver <-> Feedback

Environment — Context — Ethical — Interference

I personally add “Ethical” as 9th component which is extremely important as part of business communication and leadership. Many call it a “Golden Rule” which says to treat others the way you would like to be treated, ethical component is essentially extended into being egalitarian, respectful, trustworthy. This comes straight out of my MBA Business Communication class notes. Understanding transactional & contextual nature of communication is extremely important in a business setting. Context setting is often described into five categories as Intrapersonal, Interpersonal, Group, Public, and Mass communication. You as a communicator is responsible to make yourself prepared to satisfy the purpose of the communication and expectations of your audiences. As Anne Morrow Lindbergh said “Good communication is as stimulating as black coffee and just as hard to sleep after.”

Few years ago I read an article on “The Miscommunication Gap” which I absolutely recommend. Business Miscommunication can lead to loss of productivity, conflicts, scope creeps, inefficiency, etc. Being clear, concise, organized, and avoiding cliches, jargon, unwanted remarks are equally important. To improve your communication you must define your terms, choose precise words, consider/understand your audience, control your tone, check for your understanding (skills & experience), and aim for results. I consider myself an active listener, reader, critical thinker who can adapt to various perceptions and modify my writing capabilities. As someone said, You only learn to be a better writer by actually writing, you must practice it and build a format that works for you for your business environment. Having excellent verbal and writing communication skills can make a huge difference at any role you play in an organization. Review, Reflect, and Revise. As the famous Turkish saying goes Speaking is silver, listening is gold, listen, listen, read, read before you start writing.

Over the years, various organizations that I have worked at, I tend to particularly stick to my reduced version of famous twelve-item checklist mixed with SMART (goals and objectives) technique for my preparation in the writing process. I mix myself with Conductor-Coach leadership style out of this when I start verbal or writing communication.

1. Determine your purpose and outcome: Who, What, When, Where, How, Why
2. SMART: Specific, Measurable, Achievable, Relevant, Time-bound which maps to Realistic, Appropriate, Credible, Ethical areas of checklist.
3. Make sure to that you know your audience, their awareness of topic, anticipated responses based on the channel you choose as you do you your step 1.
4. Make sure the message reflects positively on your business. This is a very critical step for cybersecurity or security practitioners as most of your time you will deal with areas where negative news or outcomes are easily available for your audiences to see. How you present the lack of security practices to frame it in a way so that it eventually will make the the positive outlook to your business if security guidelines are followed as recommend.
5. Organizing Principles and outlining: Choosing the right organizing principle like Chronological, Compare & Contrast, Cause & Effect, Problem & Solution, Elimination are crucial when you are telling a cybersecurity story.
6. Argumentation strategies and Evidence: Verbal communications can offer make many defensive but when you are writing, choosing a right Argumentation strategy can actually help you clear your audiences mid with you providing proper evidence ( avoid fallacies). One of the popular method of choosing effective argumentation is called GASCAP/T which is Argument by Generalization, Analogy, Sign, Consequence, Authority, Principle, and Testimony.
7. Be prepared for the seek and receive feedback
8. Importance of Non-verbal communication: be mindful of various forms of nonverbal communication and uses them as its required or not required by the business and social construct of the communication — Space, Time, Physical characteristics, Body movements, Touch, Paralanguage, Artifacts, and Environment
9. Difference between Communicating to Inform or Communicating to Persuade
10. Practice your principles of persuasion all the time : I have way to remember them as RSA-CCL: Reciprocity, Scarcity, Authority, Commitment and consistency, Consensus, Liking

“Teamwork is the ability to work together toward a common vision. The ability to direct individual accomplishments toward organizational objectives. It is the fuel that allows common people to attain uncommon results” –Andrew Carnegie