{"id":7117,"date":"2025-01-28T17:15:59","date_gmt":"2025-01-28T23:15:59","guid":{"rendered":"https:\/\/www.darkreading.com\/cybersecurity-operations\/7-tips-for-strategically-saying-no-in-cybersecurity"},"modified":"2025-01-28T17:15:59","modified_gmt":"2025-01-28T23:15:59","slug":"7-tips-for-strategically-saying-no-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/28\/7-tips-for-strategically-saying-no-in-cybersecurity\/","title":{"rendered":"7 Tips for Strategically Saying "No" in Cybersecurity"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

QUESTION: There are times when cybersecurity teams need to say, “No,” to business stakeholders. What is the best way to go about it?<\/span><\/span><\/p>\n

Saying \u201cYes\u201d in business feels good, but, unfortunately, it\u2019s not always possible. And among security departments, saying \u201cNo\u201d isn\u2019t happening often enough. In its effort to avoid roadblocks to innovation, security leaders are saying \u201cYes\u201d too often, according to  Rami McCarthy, an industry veteran, leader and security researcher <\/span>who blogs<\/a><\/span> on security leadership and management. Instead, a deliberate, strategic “No” is necessary in order to ensure security isn\u2019t too permissive. Avoiding these hard conversations can lead to delayed decisions, technical debt, and burned-out teams.<\/span><\/p>\n

If you need to say \u201cNo,\u201d here are seven tips to saying no in a strategic, clear, and constructive way.<\/span><\/p>\n

1. Provide Context. <\/span><\/span>A flat “No” without an explanation leaves teams frustrated and unclear about risks or alternatives. Security professionals should explain the reasoning behind their decision and offer actionable next steps, says McCarthy in a recent <\/span>blog post<\/a><\/span> on saying no.<\/span><\/p>\n

“Security should not own most risks, so conversations should be about advising a business owner rather than outright denial.”<\/span><\/p>\n

2. Say No Early. <\/span><\/span>The later security intervenes, the more disruptive it becomes. Address potential risks at the earliest stages to allow for smoother course corrections. Avoid “aggressive passivity,” where security hesitates to voice concerns until it becomes too late to address them efficiently.<\/span><\/p>\n

“Belated ‘No\u2019s’ disrupt delivery, create technical debt, and lead to burned-out teams,” says McCarthy.<\/span><\/p>\n

3. Offer Secure Alternatives. <\/span><\/span>Saying no should never be a dead end. Providing secure, pre-approved alternatives helps teams achieve their goals safely. Even if the perfect solution isn’t available yet, pointing to a roadmap fosters goodwill. McCarthy also thinks that offering alternatives helps to prevent roadblocks and build collaboration.<\/span><\/p>\n

4. Be Consistent. <\/span><\/span>Inconsistent decisions undermine trust and create confusion. Security teams should establish clear policies and standards that allow stakeholders to anticipate decisions. Consistency builds credibility and reinforces a sense of fairness across the organization.<\/span><\/p>\n

“Inconsistency in saying no leads to stakeholders who don\u2019t know what to expect\u2014and that\u2019s a fast way to lose trust,\u201d McCarthy notes.<\/span><\/p>\n

5. Align with Business Goals. <\/span><\/span>Security should not operate in a vacuum. When saying no, it’s crucial to align the decision with business priorities and risk tolerance.<\/span><\/p>\n

“Security doesn\u2019t just mitigate risk\u2014it enables the company to take smarter, bolder risks,\u201d says McCarthy.<\/span><\/p>\n

6. Foster Open Communication. <\/span><\/span>Encouraging dialogue between security and other teams builds trust and lowers barriers. Hosting “ask-me-anything” sessions, lunch-and-learns, or open office hours can create an environment where security is seen as a partner rather than a blocker.<\/span><\/p>\n

“Security teams that listen actively and engage in dialogue build a sense of partnership with employees,\u201d says cybersecurity advisor Tom Van de Wiele.<\/span><\/p>\n

7. Balance Empathy with Pragmatism. <\/span><\/span>Empathy is key, but it must be balanced with practical decision-making, according to. behavioral scientist and cybersecurity expert Dr. Jessica Barker.<\/span><\/p>\n

“Empathy is not about being nice and saying yes when we mean no; it\u2019s about reflecting understanding and explaining decisions without being defensive.”<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

QUESTION: There are times when cybersecurity teams need to say,<\/p>\n","protected":false},"author":12,"featured_media":7118,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-7117","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?fit=1800%2C1013&ssl=1",1800,1013,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?fit=1800%2C1013&ssl=1",1800,1013,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/7-tips-for-strategically-saying-no-in-cybersecurity.jpg?fit=1800%2C1013&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7117"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7117\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/7118"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}