IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

How Security Leaders Can Answer Tough Questions in a Crisis

Unexpected situations can bring unforeseen questions, especially when tensions and stakes are high. But a little preparation goes a long way. Here are three tips for navigating difficult questions, no matter their source.

Iran_cybersecurity_keyboard
Throughout the early months of the COVID-19 pandemic, we’ve seen new leaders emerge at all levels of government. It is fascinating to watch the good, the bad and the ugly regarding public speaking with so much at stake. But while this pandemic is new, preparing to answer difficult questions in hard times is a skill we can learn. 

Technology and security leaders can be confronted with loaded questions that appear to offer no easy way out. Whether the query is coming from staff, management, customers or even the press, how can we prepare and offer workable answers for those inevitable “gotcha” traps that come our way? 

For example, consider questions like, “Are you 100 percent sure that every staff member is healthy and frequently tested, and that no one will spread COVID-19 to your customers?” Or, “What mission-essential technology projects have been canceled due to new pandemic-related priorities?” Or, “Can you guarantee no data breaches occurred when staff transitioned from working in the office to home and back to the office?” 

No doubt, there are often common traits to flag potential danger ahead regarding these verbal land mines. Watch out for: all-or-nothing caveats in questions (such as “no data breaches,” or that “every person” will “always” be tested); loaded words that, when combined, set you up for failure (like “mission-essential” and “canceled”); and someone asking for promises to be made about things that are outside of your control. 

Trick Questions Are Not New

More than a decade ago, I attended a leadership seminar in Michigan government that taught us how to be aware of, and how to respond to, hostile news media questions. This helpful class encouraged us to practice answering the question that the person “should have asked,” if they were being polite. That is, reword the question in your mind and answer the question positively. Word of warning: Never repeat the negative question in your verbal answer. 

For example, if a reporter asks, “Why are you wasting taxpayer money?” don’t reply defensively by saying, “I’m not wasting taxpayer money!” The message the audience will receive is that you probably are wasting taxpayer money, regardless of what you say next. Instead, answer a more positive version of the reporter’s question. “I am responsibly spending every precious tax dollar that our government receives by implementing the project on time and under budget.” 

Three Tips for Answering Tough Questions 

So, what else can help? 

First, build confidence by preparing for these situations. Just as we prepare for security incidents and system outages with tabletop exercises, security and technology leaders need to take time to practice our communication skills with colleagues. 

While working with public information officers and other communications staff is essential in communicating effectively to your internal and external audiences, don’t assume that help will always be available to address tough questions. Rather, build a culture where leaders are prepared to know the best-practice answers to all types of questions, and to deliver the message in the right tone and context. Work on delivering approved talking points with supportive stories if time permits. 

Second, use appropriate humor when possible. No one was better at this than President Ronald Reagan. When asked a challenging question about prayer in schools being illegal, he reportedly said, “As long as there are final exams, there will always be prayer in the schools.”

Third, describe the process being followed. Even if you don’t have an exact answer to a question, be prepared to walk through the steps your team is implementing using best practices from respected organizations like the National Institute of Standards and Technology. Include the team involved and describe how they are contributing to reaching agreed-upon goals with a unified playbook. 

Remember, in a job interview, the best-prepared candidate, and not always the most talented person, often gets selected for the position. Do your homework, and don’t get caught in the trap of thinking that no one will ask tough questions once you get the job.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.