Don’t Get Stuck in Conflict: Communication Techniques for InfoSec and Privacy Teams
More than 20 years ago, scholars developed a theory about why some people take conflict more personally than others. It’s creatively referred to as the “Take Conflict Personally Theory” and defines the phenomenon as “a negative emotional reaction to participating in conflict.”
Underlying this communication trait is the belief that conflict is an “antagonistic, punishing interaction” in which the central goal is to purposely hurt the other person. This belief is often a self-fulfilling prophecy and leads to aggressive or avoidant behavior, while inspiring similar reactions from the people we’re communicating with.
Communication scholars believe that the “take conflict personally” trait is a product of both the situation and a person’s predisposition. Research also suggests that taking conflict personally is also associated with rumination, or the consistent and repetitive thinking about negative experiences with others. Understanding and mitigating the degree to which someone takes conflict personality is increasingly important for security and privacy teams as organizations grow and business operations become more segmented.
Historically, infosec and privacy teams have attempted to convert cross functional partners to agree with their perspective, beliefs, and values. Sometimes it works, but in many cases, people on opposite sides of a contentious issue, like data collection and privacy, might never change their minds. Nevertheless, they still need to work together on important issues. I’ve written before about the importance of infosec and privacy teams being able to influence behavior without requiring existential conversions from our peers. Especially, when they perceive conflict with their own goals and incentives. The more important an issue is to someone, the less likely they are to change their minds.
So, how can infosec and privacy professionals influence engineering, product, and other business decisions in the presence of disagreement?
1. Focus on the Next Conversation
The value of a relationship typically exceeds the benefit of “winning” a disagreement. This is an issue that comes up frequently for bug bounty teams engaging with external security researchers due to the intense emotions of anger and frustration caused by a variety of communication challenges including information inequity, language barriers, naive realism (the belief that our own perspective is an accurate and objective reflection of reality), and poor communication tools.
A colleague once told me the de-escalation coaching I provided to their bug bounty team actually improved communication with their spouse as well because they now understood how to work through a disagreement while prioritizing the relationship and ensuring the other person saw how much they valued the relationship.
2. Engage with the Other Point of View
The internet is flooded with advice on how to practice empathy and consider someone else’s perspective, but not how to ensure the other person knows we’re doing it. When we’re not transparent about what we’re doing in a visible and recognizable way, the other person is unable to consider that information during the conversation.
For example, we recently developed communication guides for the infosec team at a large enterprise client to help improve their reputation (READ AS: influence) with business partners. After identifying the attributes and characteristics they wanted to be known for across the company, we developed specific guidelines for how to demonstrate and communicate those things during their formal and out-of-band engagements with partners. You can’t get credit for things in your head.
- - -
Discernible offers a range of conflict resolution training tailored to infosec and privacy including de-escalation for bug bounty programs and negotiating with cross-functional partners. Sign up as an individual practitioners or contact us today to set up a workshop for your team.