You’ve heard it a million times: “The only stupid question is the one that wasn’t asked.” Sounds nice, doesn’t it? But let’s get real—how many of us actually live by this?
In cybersecurity (and honestly, in life), we don’t ask enough questions. Why? Fear. Ego. Impostor syndrome. Toxic cultures. Pick your poison. And the result? We screw up, miss opportunities, or let preventable disasters unfold—all because someone didn’t want to look “stupid.”
Let’s cut through the bullshit. Here’s why you need to ask your questions, and why it’s on all of us to create spaces where it’s safe to do so.
Why Don’t We Ask Questions?
There’s a voice in your head that stops you from raising your hand, right? It says, “What if I look dumb?” or “They’re going to think I don’t belong here.” Guess what? That voice is lying.
Here’s what’s really dumb: sitting there in silence when you don’t understand something, or when you know there’s a risk, but you’re too afraid to speak up.
We’ve all been there. Maybe you’re the junior analyst in a meeting full of “experts,” and you’re terrified they’ll laugh at you. Or maybe you’re that “expert,” and your ego won’t let you admit you don’t know something. Either way, you’re holding yourself—and everyone else—back.
Cybersecurity Runs on Questions
If you’ve been in this industry long enough, you know that questions are everything. They’re not just tools for learning—they’re survival mechanisms. This isn’t a field where you can fake it until you make it. Miss the wrong detail, assume the wrong thing, or fail to dig deeper, and you’re toast.
Some of the most important questions I’ve ever heard (or asked) weren’t technical masterpieces. They were simple, raw, and brutally necessary:
- “What’s this alert actually telling us?”
- “Why are we even doing this?”
- “What happens if this fails?”
Questions like these expose vulnerabilities—sometimes in systems, sometimes in processes, and sometimes in ourselves. But if you don’t ask, you’ll never find the answers.
When Silence Costs You
Let me paint a picture:
You’re on a team handling a high-pressure security incident. Logs are flying in, alerts are blaring, and no one’s entirely sure what’s going on. You notice something weird—a detail that doesn’t fit. But you don’t say anything because you’re thinking, “Maybe I’m wrong. I don’t want to look like an idiot.”
Fast forward an hour. That “weird detail” turns out to be the key to understanding the attack. The breach gets worse. Everyone’s scrambling, and you’re kicking yourself because you knew something was off, but you didn’t speak up.
This isn’t hypothetical. This happens every day in companies around the world. The cost of silence can be catastrophic—data breaches, lost jobs, reputational damage. All because someone didn’t ask the “stupid” question.
Why It’s On All of Us
If you’re in a leadership role—or even if you’re not—listen up: creating an environment where questions are welcome is on you.
I’ve seen too many workplaces where asking a question gets you a side-eye, a smirk, or some condescending comment. That’s toxic, plain and simple. And it’s the fastest way to kill innovation, collaboration, and morale.
Here’s how we fix it:
- Admit You Don’t Know Everything: Leaders, this one’s for you. When you model curiosity and humility, it sets the tone for everyone else.
- Encourage Questions: Actively ask for them. Don’t just say, “Any questions?” and move on when no one speaks up. Create space for real dialogue.
- Shut Down Toxicity: If someone mocks a question or discourages curiosity, call it out. No exceptions.
- Be Patient: Not everyone’s on the same level. That’s okay. What matters is that they’re willing to learn.
No One Knows Everything
Here’s a little secret: The best people in cybersecurity (or any field) don’t know everything. They ask a shitload of questions. They challenge assumptions. They’re curious as hell.
So the next time you’re sitting there thinking, “This might be a stupid question,” ask it anyway. Worst case? You learn something. Best case? You save the day.
Because the only stupid question—the one that truly makes you look dumb—is the one you didn’t ask.
Speak up!
-Evan