Cybersecurity Needs Supercommunicators

Cybersecurity Needs Supercommunicators

Table of Contents

This is the first post in a series on how to design, debug, reverse engineer, and deliver talks that land with impact in the high-stakes world of cybersecurity. At the end of each post, you’ll find a ‘How to Coach for This?’ section.

Whether you’re a security researcher, an engineer, CISO, or simply like to hang out at conferences for learning or fun, I bet you’ve witnessed at least one of these cases.

The Skilled Hacker

You meet an extremely skilled and smart hacker who found an unimaginably complex vulnerability, dropped a fancy multi-stage exploit chain—and got rewarded a juicy bug bounty with many zeros. You chat with this hacker multiple times, ask them questions (“what is this, what is that, why?”), try to go deeper, but you’re still unable to have a clear idea of what the concrete impact really is, or what the root cause of the bug is.

Embarrassed, you assume you’re the one missing the point and walk away. The vulnerability is ultimately fixed but think about how much you could have learned from that exchange—and didn’t.

One missed knowledge-transfer opportunity.

The Superhero

You have high expectations on an upcoming conference talk: the researcher is well known. You walk into the room. It’s filled with people and you hardly find an empty seat: the excitement mounts. The speaker introduces themself. The talks begin. Everyone stares at the screen and…you’re lost after a few slides. Someone sneaks out of the room.

You look around: people fiddling with their phones.

The talk is over.

Polite applause follows — we’re kind humans, after all — but the energy is gone. The talk didn’t land at all. Another missed opportunity to transfer knowledge.

The Supercommunicator

Let’s say you’ve been spending the last few months studying a complex topic: micro-architectural attacks, just to pick something that is not exactly a “stroll in the park,” even for seasoned low-level security folks. You study hard, you’re determined to learn. Still, you’re not getting the point. The lingo feels somewhat familiar now, but you’re not able to take a step into the matter.

One day you attend a random, free local-conference talk about micro-architectural attacks. You don’t have much expectations but, to your surprise, you’re immediately hooked. You finally see through the complex stuff. The speaker is entertaining, naturally zooming in and out, uses lots of simple “hello world”-type examples that you can relate to. After the talk, you feel the urge to open your laptop and try.

You’re still far from feeling confident about the subject, but something powerful happened: you’re now ready to explain it to a friend/colleague, or post a 200-characters message about what you just learned.

You’ve found a supercommunicator [1].

Early Failures

I still remember my MSc thesis defense presentation 18 years ago: I bombed it!

Not technically—I passed. But I walked away with the acute sense that I had completely failed to deliver my ideas. The message I thought was so clear in my mind went completely lost through my words. And it felt quite an embarrassing moment, right there at the beginning of my career.

I had practiced a lot, so what went wrong? “Some presentations just stuck better,” I thought.

Why?

The difference isn’t luck—it’s craft. Over the years I learned that good presentations aren’t more advanced than bad presentations: Good presentations are intentionally designed.

After advising hundreds of graduate students, 17 years of peer-review service, 2 years of LeadTheFuture mentoring, and 3 years with the Black Hat Speaker Coaching Program (SCP), I feel I have something to write.

So, here we go!

I want to walk you through a practical, coach-tested playbook to make your talks clearer and leave a trace.

This is the first post in a free, 4-week series on how to reverse engineer, design, debug, and deliver talks that land with impact in the high-stakes world of cybersecurity.

My goal with this series is to give you the guidance I wish I had when I started speaking.

The Credibility–Impact Gap

Strong research deserves strong delivery. Yet, many technically brilliant speakers fall into what I call the credibility–impact gap. On paper: groundbreaking work, rigorously tested. On stage: mumbled delivery, cluttered slides, and no clear “so what?”

The result? You’re risking that the audience assumes the delivery reflects the research quality.

In cybersecurity, that perception can move the needle of whether your findings are trusted, funded, or implemented.

The High Cost of Poor Communication in Cybersecurity

You may argue that good communication is a core soft skill in every industry. True, but this isn’t a field where we can afford miscommunication.

Cybersecurity is a public-interest good. Poor communication in this industry can mean delayed patching, misplaced priorities, public misinformation, slow talent growth.

It’s not just an academic or technical problem—it’s operational risk.

Cybersecurity, as a field, is still young compared to medicine or aerospace. And the World Economic Forum’s Strategic Cybersecurity Talent Framework (2024) estimates a global deficit of nearly 4 million practitioners. Investments in training and awareness programs are diluted by poor communication skills, directly (if the trainers aren’t good communicators) and indirectly (if experts aren’t talking effectively on what they just learned).

A presentation is a transfer of knowledge, a battle for attention, understanding, and trust. In a young and ambiguous industry like cybersecurity, when a speech fails, stakeholders and decision makers miss the urgency, your peers misunderstand the findings, journalists misquote the message, and wrong decisions are made.

Moving Money with Your Voice

When speaking to an executive, who can normally afford less than a TED-talk time, technical accuracy and thoroughness doesn’t buy you much.

Think this way: you’re asking for other people’s time. What are you planning on giving back to them? The research results? Why? Can’t they just read the paper? Do you plan to entertain them? Well, that’s at least something. But they could just watch a documentary.

The worst outcome? I (audience) leave the room with no idea what to do next.

How many more steps before I can decide what to do? Or, have you already put all the paths on the table, with pros and cons so that I can say: “this bug is too expensive to fix, I’ll take the risk.” Or “wait, this can impact my systems because we can’t patch, let me tell my execs so I can ask for resources to get detective controls in place.”

The best outcome? Helping your audience take the right decisions for their business, research, career.

When you nail a talk:

  • Your findings get cited in boardrooms and war rooms.
  • Recruiters and collaborators seek you out.
  • Your peers come to you for input.

Public Speaking as a Force Multiplier

Even if you’re not trying to convince executives to put in the resources to fix a bug, there has to be something you give back to your audience.

Let’s take a 30-minute talk as an example.

If 10% of the attendees walk away from your keynote thinking “wait, I’ve never thought about firmware supply chain issues this way: tomorrow I’ll set some time on my calendar to read this old paper.” that’s 30 minutes multiplied by 10% of, say, 1,000 people.

That’s a massive 1-to-50 hours time multiplication! Before you think this is a high number, think “end to end.”

You’re not making time, because you likely spent more than 50 hours to work on your research and prepare the presentation.

It’s an uphill game already. So you need to work harder.

At the very minimum, you’re taking someone else’s time: that’s ~30 minutes multiplied by the number of attendees. If this is a conference talk, attendees are away from their day-to-day business and/or from their families: to listen to you. That’s a minus in their time balance sheet. If this is a paid conference, hundreds, thousands of people have paid to attend—or made their employer pay.

In other words: delivery multiplies your influence, but don’t forget the time you’ve already invested to get to the results and to prepare them.

Done right, a single 30-minute talk can do more for someone’s career — and for security outcomes — than months of internal work. Done wrong, a talk is just a waste of resources, for both speakers and listeners. It’s a negative on everyone’s time budget.

I hope I convinced you to be mindful of what you plan to put in your talk. A public talk is not about you, who you are or what you did: a public talk is a service you offer (or sell?) to your audience.

Myths About What Makes a Talk Successful

So, what makes a great speech? We’ll get there, I promise.

Let me first break down a few misconceptions about public talks. In no particular order. Before you feel judged: I’ve made ALL these mistakes, multiple times.

“I need to work on my presentation, let me open PowerPoint.”

No, this isn’t about busting PowerPoint as a tool for slide preparation.

PowerPoint, like literally every single presentation tool, is a horrible tool, simply because…it’s a tool to make slides, not stories.

Every slide-making tool starts by focusing your attention on the slides (usually the first slide), not on the story.

If you know of a slide-making tool which first screen is an empty box with a question: “What do you want people to remember about your talk?”, please let me know. OK, maybe an AI tool, but that’s for another story.

The moral is, you don’t want to start from the tool.

You want to start in your head: go for a jog or your favorite relaxing activity. If anything, you can start from an immaculate piece of paper. At least that won’t lure you to fiddling with fancy styles, colors, auto-generated fluff.

“The data speaks for itself.”

It doesn’t — people remember stories.

They will go to the data only after you’ve captured their attention with a compelling story. You want to speak for the data, because the data is too overwhelming. And be careful, because by the time you’re done with your research, your complicated data will look easy, so you’ll almost certainly underestimate how difficult it is for others to understand.

“If I’m accurate, they’ll understand.”

Accuracy is table stakes; clarity is extra work.

There is going to be that absolute top domain expert in the audience who will pinpoint your inaccuracies—and maybe ask you spicy questions—but that’s not the majority of the audience and certainly not the target you should aim to persuade. Few exceptions may apply.

“I just need to survive the Q&A.”

First of all, that’s a pretty lame thing to think. You need to design for engagement, not dodge it.

You want organic questions.

Some people ask questions because they’re interested. Some people are completely captured by your presentation and Q&A is their chance to congratulate and ask a small question and connect with you. Most people don’t ask questions. If you have zero organic questions (i.e., not the courtesy questions prepared ahead of time by the chair), it’s a really bad sign.

“I have plenty of slides.”

You don’t need plenty. You need what it takes to support your story.

If your story is to explain how an EDR rule can be evaded, and the EDR rule itself is 10 lines of code, then maybe 1 slide per line is enough.

Or maybe your story needs plenty! If your story takes you 30 minutes to narrate and you need complex animations to explain how an x86 instruction gets translated into micro-instructions, and how micro-instructions “run” through the IP blocks, …, well, you’re going to need a ton of slides. And that’s perfectly OK.

“Lol, I know I’m a procrastinator, I always prepare slides the night before.”

I’ve met three types of people who said that.

First one is younger me, after luring myself into thinking that I could just hack together a quick deck because after all it was a 10’ talk and I have many to pick from.

Second type of people are those who lie when they say that, and actually have prepared very well.

Third type of people are those who are genuinely terrified by the idea of public speaking, and they’re so panicked that they talk like that hoping to gain some confidence.

So, what makes a good presentation?

The last slide. Really!

You want to start by thinking about your conclusions first. Push it one step further and think about a Tweet you wish someone will write about your speech.

Start from that though. Focus on it. Refine it until you like it. Ask your friends and coworkers to validate it and give you feedback.

In the coming posts, we’ll see how to design starting with the last slide in mind.

A Quick Reflection Exercise

Think of the last talk you saw that stuck with you.

Ask yourself:

  • What was the moment you remember most?
  • Did the speaker design it, or did it happen by accident? How do you know?
  • Could you explain the core takeaway to a colleague today?

Repeat the same process for a talk you didn’t like. Search the recording and re-watch it.

How to Coach for This?

If you coach (or mentor) technical speakers:

  1. Start with a Listening Audit

    • Watch a raw rehearsal or a past talk with them.
    • Ask: “If the audience remembers one thing, what should it be?”
    • Compare that to what you remember — that gap is your starting point.

  2. Separate Delivery from Content

    • Don’t open with slide edits.
    • First, fix message clarity; then, move to visuals.
    • Tone, speaking, pacing, that comes last.

  3. Name the Stakes

    • Help them articulate why this talk matters right now.
    • Urgency is contagious — and the audience will feel it.

Coaching pitfall to avoid

Jumping straight into “add this slide / remove that detail” without aligning on the outcome they want from the talk.

If you’re fixing the how before the why, you’ll just make a prettier version of the same unclear message.

Next up?

I’ll dissect a standout conference speech, to show exactly how to map a talk’s hook, setup, deep dive, and payoff. You’ll see where the stakes rise, where the speaker simplifies complexity, and where they deliberately pull the audience closer.

Have a talk in mind you want me to dissect? Send it over!

References

  1. C. Duhigg, Supercommunicators: How to Unlock the Secret Language of Connection, Large type / Large print edition. Random House Large Print, 2024. https://charlesduhigg.com/supercommunicators/
  2. B. Schneier, “Cybersecurity for the Public Interest,” Schneier on Security. Accessed: Aug. 19, 2025. [Online]. Available: https://www.schneier.com/essays/archives/2019/02/public-interest_tech.html

Note: Image generated by OpenAI GPT 4o with this prompt: Generate an extremely photorealistic image of an enormous but empty conference room, viewed from the viewpoint of a speaker. The speaker is standing in front of a microphone, giving a speech and acting as if the audience is very engaged. There's no audience. The photo is from far up.

Share :