How engaged are your cybersecurity employees? It might not be something you even think about because you categorize these people as purely technical. They do a job based on tasks, and that’s the end of the story. However, that’s not the reality of cybersecurity operations. To thwart cyber-attacks, your team needs to improve interpersonal skills, and they can achieve this with the Secure Methodology.
The Secure Methodology includes seven steps, and in this post, we’ll be covering step one, Awareness.
What Is the Secure Methodology?
When applied effectively, it can enhance teamwork within cybersecurity. It’s a reframing of how organizations approach cybersecurity, realizing that it’s not a world of ones and zeroes. The Secure Methodology has a key objective: to outmaneuver cyber criminals by installing skills in staff. Those honed skills leverage logic, emotion, and instinct in equal parts.
The Secure Methodology Considers Cultural Fit, Not Just Technical Aptitude
In my book, I share stories about working with cybersecurity professionals. In many instances, these folks were really smart and had a high technical aptitude. Of course, I would hire them, as any other cybersecurity leader would.
Except these attributes don’t always mean success. In my experience, these technical experts significantly lacked communication and interpersonal abilities. When trying to hold someone accountable for actions that impact staff, they quit. They were completely unwilling to change their narrow view of the world. In the end, those people weren’t a cultural fit. They were not agile or flexible, and those are things that a cybersecurity professional must be!
As a result of these interactions and failures, I developed the Secure Methodology.
It all begins with awareness!
We All Have Behavior Patterns We’re Not Aware Of
People are complex, and our behaviors demonstrate this repeatedly. We’re human and, therefore, not always susceptible to how we behave and its impact. These blind spots are actually programmed in the unconscious mind, which is why we lack awareness of them.
As a result of this programming, we develop bad habits. So, can we identify these blind spots? Absolutely, and doing so is critical. It’s not an easy road and requires work. The first step is observing our reactions to experiences or conversations. That includes verbal responses and nonverbal ones.
After recognition comes the point of determining if we need to change them. Many of these blind spots are much harder to eliminate than others. If they are intrinsic to a person’s view of the world, deprogramming them can be arduous. Making changes related to your attitude, which is what you can control in situations, isn’t for the faint of heart.
So, what does this have to do with cybersecurity?
Lack of Awareness and Its Impact on Cybersecurity
When cybersecurity professionals lack awareness and have no insights into their blind spots, we lose the battle. These technical people often don’t understand the behavior and how it affects their environment.
If you have a team of unaware staff, you can expect cybersecurity initiatives won’t thrive, increasing risks. Here are the key areas of how being unaware causes this.
Cybersecurity must be a team sport. Individual contributors must work in concert, and that’s impossible when a lack of awareness is prevalent. Individuals that don’t understand their behavior sew seeds of resentment and animosity. In turn, communication breaks down, and trust erodes.
Bad Communication Comes Off as Aggressive and Rude
You know those who say, “I’m a straight shooter.” They mean they are blunt and straightforward and seem proud of this. No one expects you to sugarcoat everything, but the way cybersecurity professionals communicate with clients, whether internal or external, matters.
Those that have no self-awareness are often too direct. Their communication style is aggressive and sometimes offensive. It can also have an air of condescension. If this persists, your team’s egos will triumph over collaboration and respect.
If these scenarios feel too close to home, the next question is, “How can you improve awareness?”
Improving Awareness with the Secure Methodology
The absence of awareness puts people in a state of uninformed optimism. Without reaching a level of understanding, we can’t correct them. What you want to transition to is informed realism. In this state, awareness has arrived, and we can work toward a solution. As much as people resist change, we all know it’s possible.
What’s tough about this is that most people avoid the truth about themselves. So, how do you help your staff evolve?
Coaching Encourages Broadening Awareness
One of the most important ways to improve awareness is through coaching. In coaching, people get outside of their narrow view of themselves. It’s not about pointing out flaws or being degrading. Instead, it’s about helping people recognize their blind spots and encouraging them to make healthy, positive changes.
In the coaching paradigm, I offer two key focuses: perspective and state of mind.
People are innately self-centered. They can develop greater empathy for seeing other perspectives if they become more aware.
There are some specific questions you can ask in coaching to open up perspective. The way you ask them matters! You have to reframe interactions by asking questions that change the view.
Don’t ask: Can you put yourself in that person’s shoes?
Do ask: If that person were in your shoes, what would that look like?
Don’t ask: How can you be more aware of what’s happening in your team?
Do ask: How would you speak to your manager about being more aware of what’s happening on your team?
These are simple changes in communication, but they work in the context of reframing. Word choice and syntax impact your employees and their journey for better awareness. These may seem like nuances, and they are. They are also something to pay attention to and practice. You may get responses that open up the conversation and the employee’s eyes.
As they say, ask better questions, and you’ll get better answers.
State of Mind
A person’s mindset and awareness of it shape interactions. State of mind is something a person can control. It impacts decision-making, so if it’s negative, that will play out. Coaching others to be aware of this can influence how they interact with others.
Improving How You Communicate with Employees Influences Awareness
The next aspect of broadening awareness is communication. In exchanges with staff, asking the right questions expands their awareness.
When conversing with technical people, be specific and prescriptive. Spouting off jargon and terms that have no significance to them won’t engage them. They, of course, won’t tell you that, which feeds into the cycle of detachment.
Here are some communication tips.
Be specific and relatable.
Communicating in this manner can break through those with uninformed optimism. This unawareness causes people to act and communicate in ways that are self-serving. They ignore the reality of others or the impact of things. If people don’t tune into messaging, it’s because they can’t relate to it, or it’s so high-level that they can’t comprehend the implications.
If your communication of goals, strategies, and needs is specific and relatable, people can move toward a state of informed realism. They connect the dots and become fully aware of the situation, what it means to them, and the bigger picture.
Understand the employee’s motivation.
Every person has different motivations. If you want your employees to broaden their awareness, you’ll need to know what motivates them. With this knowledge, you’ll be able to position communication more effectively.
Create perspective outside of the person’s current view.
How we perceive the world depends on our image of reality. Each person’s perception is unique, based on their experiences. It influences everything they do. It’s a concept called territory maps, which I explain in the book.
For a high-level explanation, these maps are models of reality. Using them in coaching can be beneficial. They often hold the key to discerning motivation.
High-Level Takeaways on Awareness
In review of the Awareness step of the Secure Methodology, here are key takeaways:
- Awareness includes self-awareness and awareness of others.
- Blind spots cause bad behaviors, and addressing these requires deep introspection.
- Becoming aware is challenging for any person, possibly more so for technical folks.
- Lack of awareness harms cybersecurity, specifically in relationships, communication, and understanding.
- Broadening awareness requires strategies, such as coaching, communication approaches, and more tactics.
- Communication should include being specific and relatable, understanding motivation, and creating perspective beyond a person’s limited view.
- People skills are just as valuable as technical ones for cybersecurity professionals.
Learn More About Awareness in the Secure Methodology
In the book, The Smartest Person in the Room, you’ll find even more insights into the awareness quandary. Going deep into the phase is vital to moving to the next one. The book includes an exercise to try with your team to broaden awareness. Get the details by getting your copy today.