Dec 8, 2022

7 Similarities Between Cybersecurity and (Tech) Community Management

Ithas been a year since I decided to heed the call of my heart, leave my beloved field of cybersecurity and a nice corporate job, and go for a new career in tech community management.

What a ride it’s been! With no regrets.

This anniversary gave me pause to reflect on how this decision affected my life — and think of all the things that these two (seemingly very distant) work fields have in common.

1. Expensive as hell

I would love to exaggerate, but it’s almost impossible.

Cybersecurity is notoriously expensive, mostly because the “dark side” of this conflict (between those hacking and those protecting) never sleeps and we have seen some very vicious attacks even during holidays (I am looking at you, Log4j in 2021!) and times where businesses have other priorities. You also need to educate your people about policies, spread awareness, and follow up on incidents — it’s a lot of time and tools that you have to pay for — and the result is something NOT happening, which is really hard to sell.

On the other side, we have tech community management, which is expensive for a different reason, but the cost is still enormous — especially for smaller companies. Of course, you need to pay the salary of your people, but there are also “hidden costs” like overtime (as events and conferences tend to be a whole-weekend thing for the organizers), travel and business trips compensation, constant flow of SWAG/merch (for the booths, events, as gifts), time of your community members (if the community is internal) and of course, tools (you might be surprised how costly some of the software for community management is).

2. Hot stuff

Everyone wants it.

Businesses are finding out (the painful way) that you cannot really do much in this wide new world if you do not have cybersecurity and community management in place. Even “one-person” local businesses have to take these things into account when creating their market strategy. Not to mention that studies show us that millennial customers and employees (which are quickly becoming the majority force) really care about the social aspects of businesses.
This article from Barry Salzberg addresses this topic — and it was released in 2014!

Companies, that will not adopt the “people-first” approach will soon have a very big problem.

That is why there is such a high demand for professionals in these fields. Unfortunately, none of these topics can be easily studied — not many schools or even universities offer courses in either field (at least, not in the Czech Republic where I am based).

3. Buzzword

You have probably heard both the words “cybersecurity” and “community” a million times.

Both of these are extremely overused (at least in my social bubble). Similar to “Cloud” and “Environment/Green/Bio/Eco” — perhaps you have heard about “greenwashing”, this is a similar case, in my opinion.
Don’t get me wrong, it’s great that companies started realizing the potential and need for it, but implementing all of these things takes a lot of money, time, and effort. And to me personally, sometimes it feels more like empty words that look good on paper than real dedication.

4. Trust and relationships

Cybersecurity recognizes the word “trust” and uses it in a more technical sense but let’s put that aside right now and focus on the general meaning of the word.

Both cybersecurity and community management work with building trust and establishing relationships between the team and its stakeholders — customers, employees, companies, vendors, and more.
In our community team, every major decision is done based on community voting. It takes much longer and there are always some hates (no matter what is the subject) but it builds and promotes the partnership between the team and the community members — which is extremely valuable.

The tech community always participates in the decision-making of the community team. That creates great value for both.

It takes trust to invest (time, money, and people) in cybersecurity and community management — in both cases, the results are very hard to measure.

Just try to set a KPI to “how much helps the personal brands of community members to be publicly visible” or “how many malware threats will not hit us this year”.

5. Ambassadors

People who support your endeavors are important.

You probably know that the biggest security risk and the weakest link in every company is… the user. AKA your employees. Many open security positions list the “security evangelism” aspect of the role now, too. Because there is nothing more unfortunate than perfect security policies that no one follows (contact me for some horror stories).

In the company’s technological community, we also highly depend on promoters and ambassadors within the teams. As mentioned above, they are our biggest stakeholders and partners ❤
These people promote the activities and act as local supporters and “includers” to their peers.

In every community that I know of, ambassadors are present in one way or another. They are the key to scalability.

6. Risk management

Both fields rely heavily on a level of certainty.

In cybersecurity, nothing is sure, all is a matter of probability percentage. Surprisingly, the same can be said for community management.

You can do all the steps correctly and one wrong file downloaded will result in a ransomware attack. You can plan the perfect meetup and then only two people show up in the audience (Hello, all post-covid event organizers!).

As Alfredo Morresi (Sr. Community Manager @ Google) mentioned at CMX 2022 summit, we have to get used to the concept of “dirty” or “dark” data: We need to use that data in combination with specific knowledge of community insights to create a stronger story.

For Community Data, we will never have a complete picture. There are simply too many external factors involved and that means we won’t be able to find the highest-resolution information.

So we just need to get used to making conclusions on fewer data.

So in both of these cases, we need to count with some risks in place and take several scenarios into account.

7. Long-term investment

Both Cybersecurity and Community management work with long-term goals, engagement, and probabilities.

Of course, there is some low-hanging fruit to be picked, some quick results that can be achieved. But neither cybersecurity nor community management will result in a big monetary revenue just by itself. As one very wise ex-colleague said — there are teams who plant the crops and teams who harvest them.
Both the community and cybersecurity teams are usually the planting party.
You will see some results and there are some ways to measure the return of investment (ROI), but probably don’t expect short-term revenue increase because of these things.

Community management and cybersecurity work as amplifiers, not creators of your company value.

But while it is extremely clear that you need to protect your data (cybersecurity), you should think twice before you start a community management team — if your company only values “hard” numbers, this might not be a good fit as measuring the impact of such team is very challenging.


There are many touchpoints between cybersecurity and tech community management as both work with many stakeholders, are very expensive, do not have immediate results, and are hard to measure.
But… People and cybersecurity matter and are a long-term investment. Invest in both and you will not be sorry. 🙂

Featured articles
Generating SwiftUI snapshot tests with Swift macros
Don’t Fix Bad Data, Do This Instead