No matter the years of experience in cybersecurity, security professionals are often in situations where crucial details are missing. Yet, we often hesitate to ask questions because we don't want to appear ignorant or don't know what to ask.
I captured my perspective on asking questions in a constructive way in a three-post series. Read the posts to learn how to use questions to succeed with the following cybersecurity activities:
- Planning: Preparing for tactical and strategic projects to strengthen the security program.
- Discovery: Assessing security, understanding requirements, investigating an incident, etc.
- Persuasion: Getting buy-in from stakeholders, defending budget requests, and advocating your perspective.
I clarified what makes some questions "good" or "bad" with the help of many real-world examples. My goal was to prepare security professionals to ask the right questions for advancing security projects.
I also presented on this topic at RSA Conference. You can watch the recording of this session and download my slides.