April 2018 - Blog - SoCal Cyber Cup 2018: Communication in Cybersecurity

Cybersecurity: Communication is Key

May 2018

Cybersecurity encompasses complex techno-social problems that require as much knowledge about humans as it does about technology…
~Fer O’Neil

As businesses are increasingly aware that clear, plain communications in cybersecurity are vital, internally and externally, the SoCal Cyber Cup added a new “communications element” -- a forensics challenge that highlighted this importance.

CyberSecurity.jpg

As was explained in the previous blog “SoCal Cyber Cup 2018: Communication in Cybersecurity,” there is a need for effective communication in cybersecurity. For example, speaking ahead of The Telegraph Cyber Security conference, Chris Taylor (CIO, The Telegraph) recently wrote, “We need to educate but we need to do it in a way that is engaging. Far too many cyber [communications] are either too technical or designed to terrify. People don't respond well to that.” Businesses, governments, and cybersecurity professionals all recognize the important role communication has in the industry, and the presentations the students in this challenge make to a panel of expert judges that represent both the technical and business sides of a real-world audience, reflect this.

Technology and Communications in the 21st Century

I want to take a step back and recap the first 2000 years of communication theory, starting with Socrates…I'm just kidding, I'm not going to do that. However, I think that's how many people in technology perceive communication or rhetorical theory, as something old that doesn't apply to how we use and interact with technology today. But that's not true. In many respects, either enabling communication, or needing to improve communication and collaboration is exactly what is missing and we need to help the new technologists understand how, and when, to communicate.

Knowing your audience is key

Audience - CyberSecurity.jpeg

The rubric and strategies for communication included in this year’s challenge come from my field of technical communication and rhetoric (TCR). TCR is multidisciplinary and encompasses professional communication that is often found in business writing. The four main components of TCR and how these relate to cybersecurity communication:

  • Human factors/HCI -- how people can physically receive information
  • Cognitive science -- how people understand, learn, and gain knowledge—the focus is on reaching the reader, not emotionally or intellectually, but cognitively to convey information that the reader can assemble, in their thought, into useful and accurate structures of understanding
  • Usability and user experience -- how to design and iterate artifacts (such as communication artifacts, presentations, talks, etc.) using feedback from actual users, or using expert heuristics
  • Linguistics, language arts and communication theory -- readability (such as reading level), using plain language for general audiences (or the appropriate language for the intended audience) and how to structure information

The culmination of each of these is to compose, write, and deliver information for the reader's understanding and circumstances at the appropriate time and location.

The Four Cs of Technical and Business Writing

Technical Writing - CyberSecurity.jpeg

A quick definition of what technical communication attempts to achieve is to “offer clear and accurate information while requiring the lowest reasonable effort.” There are a few tips and tricks to writing well, such as not using many clauses together in a sentence, using paragraphs and other visual demarcations (such as lists) to break up information, or minimizing jargon by using plain English.

For the communication rubric, the important communication elements can be broken down into what is called “the four Cs” of technical and business writing:

  • Clear -- Clarity ensures your reader understands your communication without any difficulty. This means there is no jargon or obscure words used; there are no extraneous words that hide the real message, and there is a logical flow to the communication.
  • Concise -- Conciseness is using as few words as possible to get the message across. Keep your sentences simple and to the point.
  • Complete -- Completeness is ensuring that the reader has all the information they need to understand the message, make a decision, and take action. If you leave out something, the reader might make an incorrect decision.
  • Correct -- Correctness is imperative. Do not mislead your reader. Reread your message before you send it, whether it is an email message, letter, report, proposal, or any other document. Incorrect information can cost your company thousands, even millions, of dollars.

Effective Communication in Cybersecurity

Communications - CyberSecurity.jpeg

Along with writing clearly and concisely, effective communication aims to avoid ambiguity in order to aid understanding. One of the most important considerations is to take into account the audience’s needs, biases, and prior understanding. The purpose of communication is to present information to help solve a problem or gain a better understanding of a situation and the goal is to communicate highly technical, complex, or specialized information in a way that is easy for a non-technical reader to understand.

These communication skills will enable anyone to be more influential in their future or current cybersecurity careers.

Blog written by Fer O’Neil, Technical Writer, ESET

O’Neil is a Ph.D. student in Technical Communication and Rhetoric at Texas Tech University and a Technical Writer at ESET, a global cybersecurity company. He has published on cybersecurity topics in security blogs, online security magazines, and a peer-reviewed journal.