How to Ask Questions to Succeed with Security Projects

No matter the years of experience in cybersecurity, security professionals are often in situations where crucial details are missing. Yet, we often hesitate to ask questions because we don't want to appear ignorant or don't know what to ask.

I captured my perspective on asking questions in a constructive way in a three-post series. Read the posts to learn how to use questions to succeed with the following cybersecurity activities:

  • Planning: Preparing for tactical and strategic projects to strengthen the security program.
  • Discovery: Assessing security, understanding requirements, investigating an incident, etc.
  • Persuasion: Getting buy-in from stakeholders, defending budget requests, and advocating your perspective.

I clarified what makes some questions "good" or "bad" with the help of many real-world examples. My goal was to prepare security professionals to ask the right questions for advancing security projects.

I also presented on this topic at RSA Conference. You can watch the recording of this session and download my slides.

Updated April 14, 2023
Lenny Zeltser

Did you like this?

Follow me for more of the good stuff.

About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more