Everybody in cybersecurity has funny and unbelievable stories of users gone wrong. On the other side of the equation, users have their own stories that paint technical folks as rude and unhelpful. In either case, there’s a lot of stereotyping going on, but some of it is, well, true. What it amounts to is cyber teams having a “bad” reputation. Many consider technical folks to be arrogant, hostile, and condescending. If that’s the culture in your organization, it’s no wonder that people have little respect for them. In fact, they’ll do anything to avoid interaction with them, which often increases risk.
So, what can you do as a cybersecurity leader to broker peace between the two? While users certainly have some blame for the dynamic, much of it comes down to a lack of soft skills, causing friction and undermining relationships.
Why Your Cyber Team Has a “Bad” Reputation
One of the biggest reasons that cyber professionals earn their reputation is that many consider them a bottleneck. That’s because security must be a part of any major IT development or implementation. Often, the barrier they create isn’t their fault. Sometimes, cybersecurity isn’t in the initial plans, and then you get involved. To avoid such an impasse, your organizational culture regarding security has to, as well.
Security can’t be an afterthought. It needs to be a forethought, so you have to express this with the C-suite and leadership. When given a chance to have a seat at the table, your people must engage with the business side in a way that’s outside of their comfort zone. They have to be inclusive in their communication and explanation. Otherwise, they’ll posture and use jargon, making them seem like jerks and continuing the belief cycle that technical people are difficult.
A team’s reluctance to collaborate effectively is also a common problem. Cyber strategies and decisions don’t reside only with your team. You need input and support from others. As a result, cyber professionals must be cooperative when it comes time for new implementations and approaches to combat risk.
Key to this is their ability to define risk clearly with other stakeholders who aren’t experts. Your people are, and they have great technical knowledge. This intelligence often creates the desire to be the smartest person in the room. They may be, technically speaking. However, they have to be able to work with others to establish new strategies to protect the company.
While your people often don’t do themselves any favors in being likable, it’s not all their fault. Cybersecurity can be a scapegoat for missed implementation dates, backlogs, and failed digital transformation objectives. It’s easy for others to blame your team, believing them to be against innovation. They may hold some responsibility, but it goes back to cultural foundation issues about how the organization prioritizes and empowers a cyber team.
You have some control over how the company looks at cybersecurity, but you have even more so over your team. For the sun to set on the stereotype of cyber professionals being obstinate, your people must develop people skills.
Why Are Cyber Professionals “Bad” at Soft Skills?
So, why exactly do technical people often have gaps in soft skills? Is it something innate and unfixable? Absolutely not, and it’s a symptom of something bigger. There are many bright, highly communicative, and adaptable people in the field. Some require a nudge toward the right direction to be vulnerable and ready for change.
If you look at the industry and consider where the struggles exist in people skills, you can come to these conclusions:
- They often think in black and white, while most everything lives in gray. When they lock into a mindset that there’s one right answer and many wrong ones, it impacts their perspective. So, they stick to the script even when factors change.
- Technical folks often have insecurities and fears that they want to keep hidden. They believe not knowing everything is a weakness, but how could you possibly know everything? These feelings keep them from asking questions and engaging in dialogue with others.
- Communication isn’t easy for them, especially if they can’t posture and use jargon. When they do, they alienate others quickly and live up to their reputation. Communication is the single most important skill a cyber professional can possess.
- Cyber professionals also may lack awareness of themselves and others. They don’t see how their tendency to be aloof and overly technical prevents trust and cooperation. They also have a hard time understanding the perspectives of the business side. Without this awareness, they’ll continue to be outsiders.
Helping your team work through these flawed behaviors won’t be easy, but there is a way to do it with the Secure Methodology™. It’s a seven-step guide for cyber leaders to leverage to transform technical minds into ones with strong soft skills.
How the Secure Methodology Can Improve the Reputation of Cybersecurity
The Secure Methodology is a proven framework to cultivate technical folks into excellent communicators and collaborators. Next, we’ll review all seven steps with an introduction to how the lessons of each phase develop people skills.
Step One: Awareness
The first step is Awareness, which I mentioned earlier as a reason technical people can’t connect with others or themselves. When they lack Awareness, it creates a lot of blind spots, which impact communication and set the stage for more technical posturing.
Technical people have to be willing to open themselves up to new perspectives. You can foster this with coaching around communication and understanding their motivations. In this step, you’ll have access to exercises that move people outside of their comfort zone, opening their eyes to a wider world.
Step Two: Mindset
Mindset is next and builds on learnings from Awareness. Right now, many of your people likely have a fixed mindset, which keeps them from growing and evolving. Shifting to a growth mindset is what you want to accomplish. They have to open their minds to more possibilities beyond black-and-white thinking. This step features approaches to help people with reflection and accountability.
Step Three: Acknowledgment
Acknowledgment is a critical aspect of any department or industry. When there’s little positive acknowledgment, employees can become disengaged and resentful. In cybersecurity, the most common acknowledgment is negative. So, it’s this cycle of being fearful of any error, causing some to do nothing.
Acknowledgment must start with you. Positive reinforcement is vital, and you should do it publicly. It tells people what they do matters, and ensuring they understand how their contributions help the company can be key to their desire to be better team players. This step has activities to develop this through rapport and trust.
Step Four: Communication
Communication has its own step but is pivotal in every phase. Communication skills are necessary for any job, but cyber professionals have often gotten away with being bad at it. Technical folks need to learn how to communicate better within the team and with others who are technically adept.
Much of this comes down to the simplification of the message. They don’t need to give a monologue to express risks and threats. Coaching exercises in this step will promote creating an inclusive, shared language and active listening. Much of this involves reframing the interactions and reminding your people that others aren’t the enemy. Encourage them to stop hiding behind complex explanations and to strip communication down to informing others and asking questions.
Step Five: Monotasking
Aren’t technical professionals supposed to be great multitaskers? Unfortunately, many people believe this to be true, and multitasking has its place. However, monotasking is a necessity for improving people skills. When someone multitasks, there’s often a feeling of pressure, which can cause more mistakes.
Encourage your people to have specific monotasking periods in their day where they focus all their energy on one task. They’ll find they’re more productive with this kind of schedule. Challenge your team to practice this and block out distractions.
Step Six: Empathy
Empathy is a crucial step to transforming your cyber team. When your employees can put themselves in the shoes of others, the us vs. them mentality can fade away, and that’s necessary to eliminate their “bad” reputation.
Empathy, however, is something to develop. It’s not a natural part of being human. It requires them to care about what they do, the organization, and their colleagues. All the steps leading to this one have set the stage for empathy. If your staff can excel here, they’ll be the collaborators everyone needs them to be.
Step Seven: Kaizen
The final step is kaizen, which is a Japanese term meaning “continuous improvement.” Within the Secure Methodology, it’s the action of analyzing root causes. You can then uncover the real problems and work toward overcoming them. This step doesn’t end, as it’s a continuous state of adapting and evolving.
Rid Your Cyber Team of Their “Bad” Reputation
Now is the time to drive change in your employees so they can contribute more effectively. When they do, it’s good for security and their long-term job satisfaction. Take the first step by checking out the Secure Methodology course.