In the past year, we saw tremendous growth in the cybersecurity industry, with many new professionals entering our industry. Looking to 2023 and beyond, I expect even more growth in our industry.

It’s always interesting to see newcomers find their own position when it comes to cybersecurity drivers, many of which we generally categorize as “fear, uncertainty, and doubt.” More commonly known as FUD, this emotion-charged strategy is commonly used by marketing and sales teams, by polling groups, and public relations offices in nearly all industries. They are trying to influence consumer perception of a product or priority by appealing to basic fear.

Personally speaking, when I see cybersecurity professionals that rely on a FUD-based strategy, I know it is an indication of one of two issues: One, it’s someone new and fairly unversed in the cybersecurity industry, or two, it’s someone who really needs to work on improving their social persuasion and justification for the importance of cybersecurity.

If you are in the first category – you’re a new player in the cybersecurity game – first of all, welcome! The cybersecurity industry needs you. As you’ll soon learn, FUD-based tactics are sadly commonplace, even cliched, in our industry. Some of these topics, like ransomware or advanced persistent threats, have been around for many years, but for some reason cybersecurity professionals keep noting these well-established vectors as new or newly worrying. It’s like crossing a busy street on foot. Is it new? No. Is it something to be worried about? Yes, but for the vast majority of us over the age of 10, we know that crossing the street can be dangerous, and have already learned to look both ways before crossing.

We don’t make a big deal out of it – for those that do, you’re sure to get weird looks from your soon-to-be-short-term friends. For the rest of us, we’re aware that the threat may exist, but that it’s easily managed. The same rings true for the world of cybersecurity: once we’ve found a way to manage a known threat, there’s no need to fear it on a continuing basis. I’d encourage you, as a new member in our industry, to keep digging and to improve your knowledge and experience with threats. We’ve all been where you are, at “the starting spot.” We all know to that in order to level-up your cybersecurity knowledge and chops, it takes practice, consistency, and work.

For those who find themselves in the second category – folks who have been around for a while and still highlight cybersecurity FUD – you’ve probably realized it has a diminishing effect. People soon move to “tuning you out” when you repeatedly use FUD tactics because business is competitive, dollars are often scarce, and scaring people with cybersecurity FUD may work once or twice but will quickly be as effective as selling directions on how to walk across the street. This is true in all parts of business, whether IT, finance, human resources, technical support, sales…the list goes on. If you can’t make solid business justifications based in facts, you’re never going to get your agenda accepted by the organization you support.

You simply can’t rely on FUD tactics to be a long-term solution for convincing your clients that you deserve their trust. I’ve long held the position that effective cybersecurity leadership requires political savvy, and the need for savvy only increases as you advance in seniority. This is important: Eventually you can have the best idea in the world, but it won’t matter if you can’t persuade others to support it. If you don’t develop the capability to dive in and offer innovative solutions without using FUD, it will lead to feelings of frustrations, resentment, and burnout in your career, in the company you work for, and in our industry.

How do I know? I’ve been there.

While I never allowed myself to peddle cybersecurity FUD, I did learn that I needed solid arguments if I expected anyone else to trust my recommendations for their organization.

To rise above using simple tactics like FUD is hard work, and personally I’m thankful for the tough love I received as I found my own place in our industry. In time, as you move from the “top technical cybersecurity resource” to a “business person with top-notch cybersecurity expertise” you will build the social toolkit for a role in cybersecurity, and your job will get markedly easier.

The result of this no-FUD approach? Expectations are clear, your job has a well-understood purpose, and your organization is apprised of its cybersecurity posture. There will be no surprises, making budgets and all other planning easier. As you work towards this success, watch for opportunities to re-educate and for communications that need to improve. The key is not to fall back on simple FUD tactics to get there.

Author: Justin Fimlaid, Founder and CEO of NuHarbor Security