How active listening can improve communication in Information Security?

Last week LinkedIn asked me, if I can contribute to the platform by writing a short article on the question above. Overall I like this idea and I am happy to write about it. However I do not want to contribute to a platform, where my person, my output and thoughts will be used to further monetize the platform so I just post it on my own page. I hope there are some good stimuli for you in here.

Active listening is one of the best methods, which will improve communication with others. Not only in Information Security. It helps in your work life overall, in your private life as well. It is challening to start with, but when you master it, you will love it (and people will love you for being you).

Active listening means that when you engage with others (one to one or one many), you you take a step back and simply "listen actively" to somebody else. Stop looking at your phone; stop typing every single word in your notebook, trying to keep up; do not doodle on a piece of paper; do not answer emails; or check on the next appointment in your calendar and so on.

Sounds easy, but it might not. Your counterpart might be a slow talker, you have many other tasks on your todo list or simply a pressing project, which you need to finish today. And why should I listen with full focus to the others, I already know the basics, right? I can wing it and will get the key statements from the meeting minutes.

Many people listen just to wait for a break and to reply. To bring out counterstatements to argue for your solution, to either put another argument on top on the things, that just have been said. Active listening is build by mindfulness and respect for your counterpart.

While being an active listener, you allow your counterpart to express their thoughts without interruption. This builds a basic psychological safety for the other. “I am free to tell my story/my problem.” Embrace silence after somebody stopped. Without immediate feedback, everybody gets time to process the content. Use the time to take a deep breath and consider the following: What is the meaning / intention of this? By adding that piece of mindfulness will help you as the listener to reply not just to win an argument, but to emphasize with your colleauge and build a better relationship. And that short break helps you to be non-judgemental and reply in a constructive way.

So how does it actually impact improve communication?

Long story short, with active listening you can better emphasize with your counterpart, trying to get into his/her/their shoes and understand, from which point/perspective is coming from. Try to supress the urge to reply during the talk of the other person. And focus on what is actually said. What is the reason for this chat, what is the goal, is the person searching for a solution? Or just a person, who wants to share an idea?

And with that simple shift of mindset, you will become an ally to your colleagues, even if you disagree in certain points. With that every potential conflict can become a healty conflict:

Source: https://www.fosslien.com/healthy-conflict

*** Please check out the books from Liz & Mollie, they contain not only many other great pictures, but so much wisdom about our work life and how to improve it. ***


Back to the context mentioned in the headline: How does it improve within Information Security? Most people believe that working in IT or Cyber makes it easy to deal with your colleauges. Computer stuff is like science, very objective. Maybe even more objective, since it is about numbers and binary topics. It is not. We all are biased, we all have different education and backgrounds. I worked as an incident manager for a long time and had to deal with many different specialists with time-critical situations, where solutions needed to be found in a quick and solid way. Over time I have learned that we will get there much faster and with better results, if I see all of my team mates as allys solving a common problem instead of trying to defend myself and pushing the problem to others. Over time I developed a different style

In early days I was pointing fingers to individuals asking if their individual components are part of the problem and then walk around the room to get everybodys individual feedback. I replied with my conclusions right away trying to rule out things immediately. This took ages and me, as a simple man, not being the allknowingly entity, had wrong conclusions as well.

After my Kepner/Tregoe training on problem analysis my style changed: Give every participant enough time to explain the current issue on their own (so the whole group understands, that we have the same problem with different perspectives), document the basics and go around the room once we got a far more complete picture of the puzzle which needed to be solved. In a second round I did ask for potential (high likely) root causes for the problem. Again everybodies opinion has been given enough time and space to share with everybody. A third round would be the collection of potential solutions including a rating on the likelyhood. And everybody was curious to take action for the agreed solution to see if this conclusion would actually work.

Not only the needed time of finding the solution was shorter, but everybody was much more engaged, because we all did listen to the persons opinion. After that method change I had much more engaged people on my calls.

And this is why active listening (among other things) improves communication in information security.


Here two links, which will give you guidance on how you can become an active listener with some practial advice: