Acknowledgment is an important part of life and relationships. It’s the expression of appreciation and something most people yearn for from those they love and within their careers. Yet, acknowledgment in work life is often something that’s missing. It’s certainly MIA in the cybersecurity industry, and that’s why it’s step three of the Secure Methodology.
We’ve previously reviewed step one (awareness) and step two (mindset). Now, it’s time to move forward.
The Secure Methodology: A Refresher
Before we get started, I’d be remiss if I didn’t give you the recap on the Secure Methodology. It’s something I developed and covered in my book, The Smartest Person in the Room. It’s a guide of seven steps designed to get cybersecurity operations on a path to transformation, turning technical people into communicators and facilitators. It’s all about inviting people skills into the technical world. It’s a very different take on preparing organizations for the cybersecurity war and one that could make all the difference.
In this post, I’ll give you an overview of step three and why it matters.
Why Is Acknowledgment So Hard in Cybersecurity?
You’ve probably got stories from your work history that come to mind when you think about the difficulty of acknowledgment. When your supervisors should have provided you with appreciation, there were crickets instead. That’s true for any industry, but cybersecurity struggles with this even more.
Cybersecurity leaders often suck at this because they look at everything from a lens of what went wrong. Nothing will be perfect, and things going wrong is part of the process. Cybersecurity, and life in general, are never problem free. Progress, however, is also part of cybersecurity and life. If you never stop to appreciate (and acknowledge) the progress, your staff may never even realize their own growth. That’s not the way to build better leaders and employees. It’s part of the big problem with cybersecurity today. However, it’s not one without a solution.
Failure to Acknowledge the Difficulties of Cybersecurity Hurts Teams, Too
Another acknowledgment failure is that many executives don’t comprehend the sector’s complexity. Cybersecurity is not one thing—it’s many, and not everyone is an expert in every facet. Thus, they have this misplaced misconception that every technical person knows everything.
At its roots, cybersecurity is about the protection of data and networks. I wouldn’t call it complicated but wouldn’t label it as easy, either. All this lack of understanding on the part of leadership creates misalignment in acknowledgment, and that’s the real problem.
If the top struggles with this, so will everyone below. Those folks doing the work and striving to protect an organization will never get the recognition they need and deserve. It’s a systemic issue.
While those leading cybersecurity teams understand it’s tough, they still expect perfection. They dismiss the many small wins that happen every day, choosing to criticize the things that went wrong instead.
Criticism is often justifiable, as the errors could lead to breaches or other incidents. It’s serious stuff, but leaders would be better off trying to learn from mistakes instead of beating people up. It’s a cycle of only acknowledging these missteps and never the successes. In such an environment, why would technical workers even want to stick around? And if they do, aren’t we just teaching them to posture or overcomplicate everything because they know they’ll only ever be seen when they are wrong?
Such an atmosphere isn’t good for engagement or retention. In the end, it makes your organization less secure. So, it’s time for technical leaders to learn how to express good feedback.
Key Steps for Giving Good Feedback
Humans crave feedback. It lets us know how we’re doing and provides some certainty to an uncertain world and field. Without feedback, it’s impossible to grow and learn. I have five rules for giving helpful feedback:
- Create a safe space: Praise in public but provide constructive feedback in private.
- Be positive: Look for the things done well over those done wrong.
- Use specifics and facts: If feedback is too general, it has no punch.
- Provide feedback immediately: If too much time passes, we forget.
- Be tough but not mean: Ask questions about why acknowledge efforts and correct behavior without name-calling or rudeness.
In feedback, one of the most crucial elements is that which is constructive. That’s something technical leaders aren’t great at doing. Here’s how to be better at it.
Constructive Criticism: A Layered Approach
If you want to correct errors and give your employees the opportunity to be better at their job, you have to get constructive criticism right. It starts with the acknowledgment of something positive. Starting off this way makes the person more receptive to what you have to say. Following the feedback rules, be specific about what they did well.
Next, you start with constructive feedback. Again, be specific and ask questions. Find out why things occurred as they did to get to the root of what’s going on. Did your employee not understand the issue? Did they try multiple things? Is something else going on in their life that makes them abrupt or distracted?
After you talk through how they could have handled the situation better, end the conversation on a positive note. With this approach, they won’t focus on the negative. They’ll feel acknowledged for their work and will take to heart ways in which they can improve.
This kind of communication can save cybersecurity teams and position them to do excellent work and have fulfillment in their roles. When it doesn’t happen, the implications are problematic.
Lack of Acknowledgment Is a Big Reason We’re Losing the Cybersecurity War
You might think that acknowledgment is all about being warm and fuzzy, and technical folks don’t need that. That’s just wrong. Without acknowledging the work of your staff, you are sending them toward disengagement. They may become resentful, and they’ll leave. They don’t feel appreciated, and that’s why people quit their jobs. It’s not about money; it’s about the environment and its managers. That’s even more prevalent in the current work landscape with The Great Resignation and “quiet quitting.”
People work because they need income, but they want something more than that. They desire meaningful work and to feel that their contributions make a difference. They also want respect and not to work in toxic environments.
So, if acknowledgment is non-existent, and your technical folks are just becoming more disengaged and unhappy, why should they care about keeping data and networks secure? If they don’t feel a connection, the quality of their work will be subpar. Why should they care if the company doesn’t care about them?
How different would they feel with acknowledgment?
Acknowledgment Makes Technical People Better in Many Ways
Acknowledgment can certainly help cybersecurity professionals become better at their jobs. It’s not just the technical acumen that can improve. So can their problem-solving and people skills. And these matter to their success and the security of your data.
Regarding problem-solving, a technical worker that never receives positive feedback will live in a place of fear. They’ll have a narrow focus on the one way to do something and never seek solutions outside of this. They lack the confidence to do this and go into the pattern of over-complicating things. Why would they be in a place to acknowledge things themselves if the culture is one that doesn’t?
It’s a downward spiral, but acknowledgment can transform this. Acknowledgment can be the start of encouraging professional and personal growth. Workers that receive this want to learn and don’t think they have all the answers.
It can also help them develop better people skills as they see how a leader communicates effectively through acknowledgment. It will help them immensely in their careers because technical people need to be great communicators to be successful. You’ll build trust and rapport, which makes a cybersecurity team able to accomplish its goals. These things won’t happen overnight, so you’ll need guidance on doing this.
Acknowledgment tells your people that you want to thrive and succeed. That’s the message they need to hear consistently. Every day you have an opportunity to provide that positive feedback so that technical people feel they are in a workplace that values them and wants them to do well.
Giving them credit today creates that goodwill, so when you come to them with that constructive criticism, they are open to it. Doing this regularly and building rapport requires a concerted effort and possibly a new perspective. Also, keep in mind that you’re doing this to help them and your organization.
You can easily agree that when people acknowledge and support you, you’ll go out of your way to help them. That’s the foundation here. Acknowledgment isn’t just about saying “great job” to everybody daily. It’s about recognizing efforts and accomplishments.
In my book, you’ll find more tips on acknowledgment, building rapport, and more exercises. Get your copy today to master this step and transform your technical folks into more engaged, communicative, and satisfied employees.