ILTA is posting this Member Blog on behalf of Kenneth Jones who is attending LegalSEC Summit 2023 and currently onsite in Baltimore, Maryland, USA.
LegalSEC Wednesday Morning Workshop Session ILTA Blog Post
Improving Communications Skills Within the Cybersecurity Field
To kick off the 2023 LegalSEC Summit, opening remarks were provided by Joy Heath Rush (Chief Executive Officer, International Legal Technology Association), Summit Co-Chair Gary Berger and conference committee member Joshua Smith, each briefly discussing their unique perspective on some of the main value propositions of the conference.
One common theme conveyed related by all the Summit leaders was how the event is a prime opportunity for industry engagement and a place to brainstorm and work out solutions to today’s security issues in an environment with your peers. Ms. Rush also shared how beneficial participation in ILTA can be in assisting lawyers and client groups when they ask about what other firms are doing, trends in the industry, etc., and how professional associations are exceptionally instructive in helping all of us gather information of interest within the legal profession.
Mr. Berger and Mr. Smith, in their comments, shared their thoughts on some of the emerging issues of technology and how they impact the security work (AI, governmental regulations, etc.), as well as the significant importance of soft-skill development within a technical function, both in completing one’s role today and in moving one’s career forward into future positions.
Once the opening pleasantries and leadership messages were completed, the main element of the morning commenced. This was the “Essential Communications Skills for Cybersecurity Professionals” workshop conducted by Karl Larsen, Talent (Career) Development Manager for Ogeltree Deakins.
One of the opening themes in Mr. Larson’s presentation was to think about the purpose of a communication (to persuade, ask a question, inform, etc.) and the tailor it accordingly. Thinking about the “Who, What Why and How” of a message is certainly part of the process. Additionally, the type of messaging method (face-to-face, email, modern communications, etc.) which might be most appropriate given the type of message (general update, direct feedback, unfortunate news, etc.) was reviewed with the attendees.
Following these initial message, Mr. Berger and Mr. Larson engaged in a discussion about communications style – such as one needing to learn the crowd, delivering the message in the available block of time (often only a minute or two) and engaging the recipients to the extent possible understanding what is important to them.
The session also included an interactive activity providing groups of seven with a deck of cards which were missing one card (51 or 52), then asking groups to identify the missing card while under extreme time constraints. This fostered brainstorming on various implementation methods for accomplishing this task (segmenting by suit, by color, by number, etc.) followed by a discussion by the teams on what did and didn’t work. The exercise was repeated three times to measure the impact of re-execution on task efficiency and effectiveness.
It was a compelling example of how teams can take different approaches – each with their own pros and cons – to execute the same task. And the metaphor of considering whether each of 52 resources which might potentially be contributory an event should as a network outage and systematically working through each possibility – dividing tasks like initial assessment for each into a multi-threaded group to accelerate progress – was emphasized. Another important takeaway was the fact that team performance working one’s through the deck of cards to identify the missing card improved with practice and repetition.
Diving deeper into the meat of the workshop using Larson’s “Communication Planner” handout, conference attendees were encouraged to think about topics in the following areas.
Step 1. Audience Analysis. In this area, one was suggested to think about the challenges one faces, the specific situation, the protagonists involved and the desired outcomes.
Step 2. Setting Presentation Purpose. Thinking about defining the next step related to communication to the audience, and then convincing the audience why this topic should be the focus of their attention was a key element of this presentation.
Step 3. Communications Structure. Here, Larsen stepped through some key elements of effective communications, including areas such as housekeeping, a “creative grab”, a salient “subject line”, the main body of the message, and then closing the message with some summary/conclusion elements and definition of next steps.
All in all, the audience of legal security professionals hopefully benefited by the “Communications Planner” process and Larson’s presentation of the key elements to consider when developing messages, discussion.
One final point was making some suggestions about how to handle difficult conversations. For example, focusing on a problematic task rather than messages like that being personal was one example. As was the concept of trying to strike the right balance between avoiding emotions and feelings completing to avoid coming across as impersonal vs. integrating them into a message. Concepts such as predictability, clarity, control and care were recommended as core elements to consider including in difficult conversations. Personal care related to how to personally deal with a difficult conversation – prioritizing self-care, reflecting on a conversation, having empathy for ourselves– was also an implement element of this subject area.
Bottom line, content areas such as improving one’s communication style of effective, are the perfect point-counterpoint to the bulk of the conference content (deep security and technology material). Delivered in tandem with state-of-the-art technical content. this session was designed to help create a group of security professionals with broad, comprehensive skills well-positioned to better communicate both communicate challenging messages (e.g. why more funding is needed for a non-revenue generating area, an update related to a security incident, why valuable time needs to be carved out for security awareness training) and positive messages in the area.