Cybersecurity is more than just technology—it’s communication
Why communication is crucial for cyber defenders and what we can do about it.
Let’s talk about something we don’t address often enough: how communication shapes the entire cybersecurity landscape—inside organizations and even within the underground world of cybercriminals.
When communication breaks down in cybersecurity teams, the results can be disastrous.
Misaligned goals, mistrust, and unspoken disagreements can undermine even the most sophisticated defenses.
On the flip side, cybercriminals thrive on efficient, focused communication to achieve their objectives.
Today, we’re diving into why communication is critical for cybersecurity professionals and what lessons we can learn from the other side.
Why Communication is the Core of Cybersecurity
1.) Aligning Teams Around a Common Goal
In an ideal world, cybersecurity professionals collaborate seamlessly across teams. But in reality, office politics, leadership disagreements, and miscommunication often create silos and friction.
For instance, a SOC analyst might identify a recurring vulnerability but face resistance from a leadership team focused on budget constraints.
Meanwhile, IT might push back on implementing patches that could disrupt operations.
Without clear, empathetic communication, these conflicts can delay action, leaving organizations exposed to preventable threats.
Some other examples where cybersecurity managers, directors, and executives have different goals for their careers and teams.
There are leaders who just wants to get credits to justify their position to the company, or kept throwing in more work to the team for utilization, or just don’t simply agree with each other because they have ego and pride to protect.
2.) Breaking Through Leadership Barriers
In some cases, incompetent leaders worsen communication issues.
They may prioritize their own agendas over the organization's security or dismiss technical insights because they don’t fully understand them.
For cybersecurity professionals, this can feel like fighting an uphill battle.
I once ran a Workplace Security initiative where we issue security violation if you leave your laptop unlocked, no kensington cable attached, or completely unattended.
Yes, we are inside the office and it is almost impossible for someone to take your laptop away or read through your chats and emails exposing different conversations and sensitive information.
What we are practicing is how we can avoid that from happening by doing these best practices to improve everyone’s mindset.
However, most of the time, it is the leaders of the companies who violates these practices and get away with it easily.
I took an unattended laptop before while doing my worksplace security rounds, unlocked and nobody is watching over it. The laptop happen to belong to a person with a title of Vice President. I did’t hesitate, I was doing my job, and followed every protocol. I confiscated the machine, left a note that he can go to my workstation to claim it after signing the workplace violation form. My manager approached me to let this slide since the person is a VP and we don’t want politics or complaints to start happening.
I was disappointed, but that’s the reality.
To succeed, we need to:
Frame technical risks in terms of business impact to bridge the knowledge gap.
Build relationships to gain trust and buy-in from all levels of the organization.
Clear, respectful communication is the antidote to these challenges. It aligns teams, resolves conflicts, and ensures everyone is pulling in the same direction.
As a cyber defender defending an organization, we will have to have buy-in from all leaders in the organization and get their commitmment that they will lead an example to follow the policies set for the entire organization.
How Cybercriminals Master Communication
Now, let’s contrast this with the cybercriminal underground, where communication is both efficient and ruthless.
Cybercriminals may operate in the shadows, but their ability to organize is impressive:
Forums and Messaging Apps: They use forums, Telegram, and Discord to recruit, train, and share tools and strategies. Messages are often concise, action-oriented, and free from corporate jargon.
In-Person Meetups: Some even meet in real life at hacker conventions or private gatherings to build trust and strategize.
Unified Goals: Unlike office environments, they eliminate politics and focus purely on their shared objective: exploiting weaknesses.
While cybersecurity professionals may be bogged down by office dynamics, attackers communicate with clarity, urgency, and purpose. They understand their audience, stay focused on their goals, and act swiftly—lessons we can and should learn from.
The Danger of Office Politics in Cybersecurity
Office politics can dilute critical security efforts. Consider this:
A vulnerability report gets buried because it’s not a priority for leadership.
Teams avoid escalating risks to avoid blame or conflict with other departments.
Key decisions are delayed because of internal disagreements.
Each of these scenarios creates gaps that cybercriminals can exploit. Meanwhile, attackers face none of these barriers—they’re united in their purpose and act with precision.
What This Means for Cybersecurity Professionals
If you’re a newcomer:
Understand that technical skills are just part of the equation. To thrive, you must learn how to navigate team dynamics, influence decision-makers, and communicate effectively.
If you’re an experienced professional:
Reflect on how internal dynamics might be slowing your team down. Can you build stronger relationships, clarify your message, or advocate more effectively?
Key Takeaways: Lessons from the Underground
Cybercriminals have mastered what we often struggle with:
Clarity: Their messages are direct and actionable.
Collaboration: They set aside differences to work toward a shared goal.
Urgency: They execute without hesitation or bureaucracy.
As cybersecurity professionals, we must adopt these strengths while maintaining our integrity and ethical standards.
What You Can Do Today
Build Trust Across Teams: Take time to understand and empathize with other departments' goals.
Simplify Your Message: When communicating risks, focus on the “why” and “how” it impacts the business, not just the technical details.
Call Out Communication Gaps: Don’t let office politics or unclear expectations linger. Address them openly and constructively.
Final Thought
Communication in cybersecurity isn’t just about relaying information—it’s about connecting people to a shared purpose. Cybercriminals understand this deeply, and they leverage it to devastating effect.
If we, as defenders, can master communication within our teams and organizations, we can turn it into one of our greatest strengths.
Let’s continue the conversation—how do you think communication impacts cybersecurity in your organization?
LET’S BUILD TOGETHER
Your feedback and questions will be invaluable in shaping this newsletter.
If there’s a topic you’re curious about, let me know.
I want this space to be as collaborative as possible, so please feel free to reply and share what’s on your mind.
I’m here to help you grow, learn, and succeed in the world of cybersecurity.
Thank you for joining me on this journey.
Here’s to learning, sharing, and making an impact together!
With you on this cyber path,
Jeff