The role of InfoSec professionals has morphed into a critical business function. One should expect getting involved in “business” discussion often, and at increasing higher levels of business structure up to board of directors. Understanding and speaking business language is more important than ever for the success of any InfoSec professionals. Knowing basic business lingo is also crucial for effective communication inside an organization.
Lack of basic business knowledge and common business terminology hinders success and progress.
I have started creating a body of knowledge for basic business skills required for success of security professionals and elevating their status in the business hierarchy. Following are eight major domains of essential business knowledge for information security professionals.
- DOMAIN 1 – Essential Business Terminology for InfoSec Professionals
- DOMAIN 2 – Business Communication for InfoSec Professionals
- DOMAIN 3 – Funding Requests and Managing InfoSec Budget
- DOMAIN 4 – Working with Vendors and Partners
- DOMAIN 5 – Building Alliances, Collaboration to Advance InfoSec Goals
- DOMAIN 6 – Excellence in InfoSec Customer Service, Knowing and Serving Customers
- DOMAIN 7 – Creating Business Value with InfoSec
- DOMAIN 8 – General Soft Skills to Succeed as InfoSec Professional

what are major skill gaps?
ISACA published a report on “State of Cybersecurity 2022” in which they presented their findings on the global workforce. The most striking of all the findings is Figure 14 of the report showing major skill gaps among security professionals.
At the top of these skill gaps is “soft skills” that includes communications, flexibility, leadership and others. This is similar to what we have been talking about creating a body of knowledge for Core Cybersecurity Skills and Practices. Please see a screenshot of Figure 14 from the ISACA report (the report is available for download at
Business Knowledge for Cybersecurity Executives