If you ask most CISOs what they think of how security companies talk about what they do, they’ll tell you that startups are absolutely terrible at communication (and they’d be right). But, if you flip the question and ask others what it’s like working with security teams, you’ll hear a similar complaint, that security professionals and leaders are often just as bad at communicating with those around them. It’s not that founders or CISOs are trying to be difficult, it’s that cybersecurity has a communication problem. That’s what this piece is about.

This issue is brought to you by… Maze.

See What Really Matters: Maze’s AI Agents Triage Vulnerabilities for You

Security teams spend countless hours chasing vulnerabilities - most of which will never be exploited. A recent Maze case study on CVE‑2025‑27363 shows how our AI Agents investigate vulnerabilities like an expert human would to confirm if an issue is exploitable in your environment. If it’s irrelevant, it stays low priority. If it's actionable risk, it gets flagged fast.

That means less false positives, efficient remediation, and smarter security posture—without the usual guesswork.

Security is, among other things, a communication problem

When most people think about cybersecurity, they think about exploits, adversaries, threat intelligence, frameworks, and compliance standards, among many things. All this isn’t wrong, and security indeed comes with many layers and facets, all of which are very important. What I think gets forgotten is that, among many other things, security is fundamentally a communication problem.

Think this way: collectively, companies are spending billions of dollars every year, but most executives, boards, customers, and sometimes even security buyers struggle to understand what they’re getting for the money they’re spending. CISOs have to invest a lot of effort to get funding for important security initiatives because those who decide where budgets get allocated, oftentimes, simply don’t understand why they should care. On their part, security vendors are drowning in buzzwords and four-letter abbreviations, and buyers have no idea what value most companies offer (not necessarily because they aren’t valuable, but because they struggle to communicate that value). To make it worse, while every security person is used to seeing threats and attacks everywhere, most people outside of our industry are literally clueless about how big of a problem cybersecurity has become.

It’s important to be clear that all these problems aren’t due to the lack of trying. There ...