Cybersecurity roles are highly technical, so why should you care about soft skills? For any technical or non-technical position, there is, of course, human interaction. Having technical aptitude is essential in the field, but it doesn’t always translate to success. In my experience, cybersecurity soft skills matter greatly, and this is why I wrote The Smartest Person in the Room. They can be the reason for cybersecurity success or failure.
Developing soft skills in any person in any career is challenging. It’s not a one-size-fits-all approach. People are complex and have different experiences, motivations, and limitations. What works for some may not for others. In a way, you have to customize it to the person. However, there are some wide-ranging ways to apply principles and strategies to enhance soft skills and help professionals perform at work and in life better.
Soft Skills Are Harder to Master Than Hard Skills
The “hard” skills of cybersecurity aren’t easy by any means. Most industry experts still say there’s a skills gap, and cybersecurity certifications are not always an indicator of proficiency. The field is full of paper tigers, individuals who look experienced and knowledgeable on paper but don’t excel in the real world.
However, individuals can hone their hard skills with practice and perseverance. They can soak up information and improve every day through practice — although a lack of soft skills can impede the ability to do this.
You actually need soft skills to improve hard skills, and they are difficult to master. Soft skills like communication, collaboration, and having a growth mindset enable a person to learn and grow in new ways that can open their eyes to the fundamentals of cybersecurity.
Soft skills are harder because they require a change in thinking, behavior, and actions. Change is hard for anyone in any situation. Cybersecurity professionals often have the mentality that they are never wrong — they are the smartest person in the room. That’s a fallacy that you can’t transform with more hard skills. You have to do the hard work of soft skills.
What Are the Most Important Cybersecurity Soft Skills?
Cybersecurity is typically only successful when it’s a group effort. Silos don’t contribute to this, yet they exist. Breaking those down and collaboratively working depend greatly on soft skills. These are the ones most critical.
Communication is at the top of the list. As humans, it’s our means of expression and connection, but most of us aren’t great at it. That doesn’t mean we’re defective. It just means that experiences, trauma, failures, and more cause us to hold back.
Tapping into communication skills is crucial for a cybersecurity team, and it has many facets. Communication isn’t just what you say. It’s how you say it, your body language, and other nonverbal cues. You can have a great employee that’s technically smart, but if the delivery of every message they have is condescending or defensive, it’s not likely to be received well. Written words are communication, too. Tone is often hard to judge in these, which could be causing problems as well.
The other part of communication is active listening. While we all usually hear what people say, we don’t listen. Or if we do, we only catch things that validate our own positions.
In many scenarios, miscommunication — or lack of communication — is the cause of cybersecurity failures. Teams don’t share information or take into consideration ideas that don’t align with their own. That’s a huge risk that has nothing to do with the technical side.
Fostering communication is a slow process. You can’t just declare that everybody’s going to be better at it, and this happens. There are deep-seated barriers inside people that make them falter in communication. People must want to change and actively participate. If you can understand their motivations, that can help, but some people aren’t even clear about those.
In my book, communication is Step 4 of my Secure Methodology. It includes exercises and analysis on communication issues in cybersecurity. Those can be a good entry to solving these challenges, but it still requires acceptance and desire to change for individuals.
Collaboration is a complement to communication. Communication enables collaboration. Everyone comes to the table to work out problems and plan for the future. This is difficult in tech roles because sometimes they don’t see the big picture of what they’re doing and its impact. Collaboration in cybersecurity isn’t just about the internal team. It’s about working with non-technical people, too.
Those other parties could be internal stakeholders or external ones. They expect your group to protect their data and systems. They play an important role because they tell you why and what. If collaboration efforts stumble, you can almost guarantee that risk rises.
Communication exercises can support bridging this gap. Awareness is also key and is the first step in the Secure Methodology. Regarding collaboration, awareness of others is the soft skill needed.
Without awareness of others — their opinions, beliefs, and needs — we simply make assumptions. Those can be wrong and influenced by our own experiences. When you can cultivate awareness of others in a group, interactions become more productive and positive.
Curiosity is often associated with negatives because we know what it did to the cat. That early belief that curiosity is bad sometimes sticks. However, those who are naturally curious often find great success because they wanted to know why, and once they saw why, they were motivated to innovate.
Excellence in cybersecurity requires a lot of curiosity. There are lots of mountains to conquer, and the landscape is constantly changing. Someone that discourages curiosity in themselves or others will struggle in the field. They won’t be able to imagine what’s next. After all, those on the other side use curiosity to make them better hackers.
Inspiring curiosity often comes down to simply asking why a lot, or “what” and “how” variations of why. It moves people to articulate positions and dig deeper. There are some exercises for this in the book, and I’ve found that curiosity is a skillset that delivers tremendous value for professional and personal growth.
Comfort with Change
Many cybersecurity professionals find the field attractive because they don’t like uncertainty. No one really does, but it’s a fact of life. We can all agree that the only certainty is uncertainty. While some of the hard skills of cybersecurity seem defined and finite, change is a big part of the industry.
For people to embrace change, it requires acceptance that they can’t control everything, which is hard for technical folks. Fear of change and the inability to be more agile-minded can impact a team’s resiliency.
So, how do you get teams to be more willing to be changemakers? Working on communication and collaboration helps, but it also includes developing a growth mindset and empathy. These are two more steps from my Secure Methodology that directly affect soft skills development.
When people stretch their mindset from being fixed, they can change how they behave and react. They may gain patience and be better equipped to inspire change in others. Empathy can also change someone’s perspective. When they take the time to respect other views, they’ll deepen their soft skills, which allows them to perform cybersecurity work more holistically and strategically.
Does Your Culture Support Soft Skills Development?
Another vital consideration for soft skills development is how well your culture supports it. If you don’t, then the work you put in may not stick or resonate. Workplace culture impacts business success. When it doesn’t allow people to thrive and grow, the result is disengagement, high turnover, and greater risk.
If you want to improve the soft skills of your cybersecurity professionals, you need to assess the culture. Determine what the barriers are and how to overcome them. By doing that, you put your team and organization in a much better place to succeed.
Ready to Cultivate Cybersecurity Soft Skills in Your Team?
Soft skills development isn’t easy. There’s a lot of resistance, and some may not see the value. It requires change and motivation to grow. You might find that not every cybersecurity professional can commit to this, but there will be many who do. Organizations and their IT leaders can find a great resource in applying my Secure Methodology. You can learn all about it in my book, The Smartest Person in the Room, available now.