Connect with us

Hi, what are you looking for?


Management & Strategy

Staying on Topic in an Off Topic World

Learning how to keep discussions on-topic is an important skill for security professionals to learn, and it can allow them to continue to improve their security programs.

Have you ever been in a meeting where someone keeps taking the discussion off topic? Have you ever tried to get answers to straightforward questions when speaking with someone, only to have them constantly going off on what seem to be tangents? Have you ever been part of an email thread or chat group where the discussion just seems to go around in circles?

We might not want to believe it, but this is often a tactic employed by certain personality types. In other words, it is seldom the case that a person cannot focus or is scatter-brained. Rather, it is far more likely that they are deliberately trying to derail what should be a relatively straightforward discussion.

You might ask why a person would do this. Different people have different motivations, but typically people do this for one of the following reasons:

  1. They are looking for control/power (knowledge is power after all)
  2. They are looking to hide information (perhaps because they are embarrassed by something or perhaps because it undermines an ulterior motive they have)
  3. They do not know the answer but do not want to admit to that
  4. They do not want to accept responsibility for a poor decision or a mistake they may have made
  5. They are looking to avoid being exposed for having lied and/or hidden information in the past

This is not an exhaustive list – there may be other motivations as well, of course. My point here is that if we as security professionals find that we are having a difficult time getting straight answers, there is usually a reason. Unfortunately, we cannot expect these types of people to change. Instead, we must learn how to compensate for this type of personality in order to continue advancing the state of our security programs.

Here are five tips for dealing with this a person who keeps getting off-topic in order to keep your security program on track:

  1. Remove emotion: One of the tricks that these types of people employ is to try and tug at your emotions. They may try to make you feel guilty for wanting to stay on-topic. Or, they may say that you’ve insulted them if you try to get back on-topic. Or, they may criticize you and/or the work you’ve done if you insist on discussing the issue at hand. All of these techniques are designed to get you to feel bad about something you should have no reason to feel bad about. Staying on topic is completely legitimate, and anyone who is a serious professional will understand that. Beware of those who try to tug at your emotions in this type of situation and understand that it is a ploy.
  2. Do not engage: One of the most successful tactics that off-topic people use is to entice their “opponents” to engage. If you are trying to keep a discussion on-topic and someone tries to derail that discussion, politely but firmly casting that derailment aside and getting back on-topic is highly effective. The secret to doing so effectively is not to engage with the off-topic point. The moment you engage with an off-topic point is the moment that the discussion has been derailed. Don’t fall for it.
  3. Stay on-topic: Even the most upstanding security professionals who have the best intentions can get off-topic from time to time. Set clear goals and desired outcomes at the beginning of each meeting, email thread, chat, and discussion. Resist the temptation to digress and to add in excessive details that don’t add value or don’t help move things along. Prioritize and focus on the most important facts and details and use them to drive towards the desired goals and outcomes.
  4. Stick to facts: Sticking to facts is critical. All it takes is for an on-topic person to slip up once. If we throw in one point that isn’t fact-based, the off-topic person will seize the opportunity and use it to twist the discussion and accuse us of misleading others (or perhaps something else). Then the discussion becomes about that, rather than the issue at hand. It simply isn’t worth it – it is far better to rely on facts. It may take a bit longer to win our battles that way, but it pays huge dividends in the long-run.
  5. Choose your battles: As security professionals, we’re very analytical. While it may be tempting to refute every claim and statement with evidence that counters it, it is not smart to do that. It is best to stick to the important points. Understand which battles are worth fighting and which ones can be let go for the time being. A big part of keeping matters on-topic is knowing when attempting to set the record straight will serve no other purpose other than to play into what the off-topic person wants. Namely, to further derail the discussion. This is a tough one to adhere to, but it is an important one.

Unfortunately, some people are quite good at getting off-topic. If we are not wise to their tricks and are not careful to avoid their traps, we may find ourselves perpetually caught in a loop of irrelevant topics. Learning how to keep discussions on-topic is an important skill for security professionals to learn, and it can allow them to continue to improve their security programs, even when some people make it a challenge.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.