How to Ask Questions to Succeed with Security Projects

Asking the right questions is a critical skill for security professionals, whether planning projects, discovering requirements, or persuading stakeholders. By using constructive inquiry techniques, practitioners can uncover missing details, build better relationships, and advance their security initiatives more effectively.

No matter the years of experience in cybersecurity, security professionals are often in situations where crucial details are missing. Yet, we often hesitate to ask questions because we don’t want to appear ignorant or don’t know what to ask.

I captured my perspective on asking questions in a constructive way in a three-post series. Read the posts to learn how to use questions to succeed with the following cybersecurity activities:

Planning: Preparing for tactical and strategic projects to strengthen the security program.
Discovery: Assessing security, understanding requirements, investigating an incident, etc.
Persuasion: Getting buy-in from stakeholders, defending budget requests, and advocating your perspective.

I clarified what makes some questions “good” or “bad” with the help of many real-world examples. My goal was to prepare security professionals to ask the right questions for advancing security projects.

I also presented on this topic at RSA Conference. You can watch the recording of this session and download my slides.

About the Author

Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. As CISO at Axonius, he leads the security and IT program, focusing on trust and growth. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.

Learn more →