Three reasons why asking risky questions reduces risk

Business professionals are often afraid to ask uncomfortable questions and will avoid certain topics entirely. But Michael Santarcangelo explains that by evading difficult issues, we actually increase our risk

Michael Santarcagelo, security career catalyst

"How are babies made?"

That simple question came from my inquisitive daughter.

Of course, she asked the question during a small gathering of friends and family. Right at the moment conversation naturally lulled, she leapt in with a question she'd clearly been pondering for a while.

Despite the fact that everyone heard the question, the adults sat for a moment in a hushed silence. Some looked around, others averted their gaze. A few of us smirked. The other children sat quiet, waiting to find out something they, too, had wondered about.

[Finding security's opportunity to engage]

For some of the kids and most of the adults, this inevitable question was risky. After all, since they didn't already know and the answer was previously brushed aside, it must be a secret& or something.

For my daughter, it was a simple question. And she wanted an answer.

Without the experience of being told no, shunned or otherwise culturally guided into silence, she asked what many children wonder about. Among those who smirked, I was happy to see her courage to ask questions — and so boldly.

As a result of her question, she got an answer. Not at the table with a large audience; instead, we saw to it that she was praised for the courage to ask. Later, we made sure she got an answer that she could understand.

Adults — especially in the business world — are conditioned to avoid uncomfortable questions, especially if the discomfort is likely to be experienced by the person asking. While the guidance to avoid discomfort and potential embarrassment might be useful in some situations, it also means that many times we avoid asking risky questions.

By avoiding risky questions, we actually increase our risk!

Children hold a secret: they have no filter, no learned experience and boundless curiosity that drives them to ask questions.

In fact, children ask lots of questions.

Consider what happens as a result:

  • Sometimes they learn what not to ask
  • Other times they learn whom not to ask
  • But mostly, they get the answer to their question

They take risks, but it doesn't feel risky. In the process, they learn.

Spend time around me and it's quickly evident that I ask questions; non-stop, actually. I'm interested in everything. As a result, I actively encourage my children to question everything.

[Change the labels, shift perspectives of security]

Am I crazy? Perhaps.

However, three things generally happen as a result of their questions:

1. I learn in the process, usually in the pursuit of the correct answer

2. My perspective shifts and changes

3. We both end up with more questions, built on a rich set of shared experiences.

In the security industry, we often avoid asking risky questions. In the process, we increase our risk by missing out on opportunities to learn, to change our perspective and to build a series of shared experiences necessary for continued success.

When we flip it around and exercise the courage to ask what we consider a risky question, we generally get an answer. Chances are, too, those around us will be relieved — they were likely wondering the same thing and your risk solved their problem.

Sometimes, this approach even invites others to ask more questions of you. That free exchange of questions and conversation reduces risk by increasing — and hopefully improving — communication.

A new year invites a new approach.

What risky questions have you been holding off asking? Today is a great day to ask. Tomorrow works, too.

About Michael or engage with Michael on twitter @catalyst.

A modern raconteur — writer, speaker and catalyst — Michael blends the science of human ecology with the principles of effective communication to help organizations harness the human side of security. Learn more at

Copyright © 2012 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)