cybersecurity leaders

Cybersecurity Isn’t Black and White: Why Cyber Leaders and Their Teams Must Embrace the Gray

cybersecurity leaders grayOne of the biggest risks you face in cybersecurity has little to do with cybercriminals and the myriad of ways they attack your organization. A threat that looms within many cyber teams is that many technical people see the landscape as black and white, meaning they have a narrow view of cybersecurity and don’t want to welcome new ideas or approaches. Such thinking puts cyber leaders and their staff in a perilous position.

The reality is that cybersecurity lives mostly in the gray. There’s uncertainty in the gray, and cyber professionals often feel very uncomfortable in such a space. Getting down to the why behind this is important for your risk posture and ability to beat the hackers. Let’s talk about the dangers of black-and-white thinking and how you transition your team to embrace the gray with the Secure Methodology™.

Why Black-and-White Thinking Increases Risk

Black-and-white thinking isn’t sustainable for any job. It becomes even more of a problem when working in a dynamic ecosystem like cybersecurity. There are so many factors and components that impact it, so it’s critical for those working on it to be flexible and adaptable. However, that’s a tall order for many technical people. Here’s why.

Black-and-White Perspectives Hinder Communication and Collaboration

Communication and collaboration are key people skills that technical folks need to thrive in cybersecurity. It’s rather hard to create this kind of culture when people think in a binary manner. It’s difficult for communication and collaboration to be transparent and open when those participating are stuck in a fixed mindset.

They’ve been applying this perspective well in the technical aspects of cybersecurity. Sometimes there are right and wrong answers. So, there’s no discussion necessary because it’s math and science, and these disciplines can be black and white.

Cybersecurity is much more than the math and science elements. It’s evolving and constantly changing. So, people have to ask questions and use people skills like problem-solving and critical thinking. It seems simple, but black-and-white thinkers will find it difficult because they have to challenge their own conclusions. Often, they lack the ability to be curious and will resort to what they know and stay in that lane. As a result, hackers can get the upper hand because they are more agile in their strategies.

The damage that a lack of communication does can be immense. Communication is the foundation for every successful cyber team. Without it, there are only assumptions and misconceptions. There’s no transparency, which affects every area of cybersecurity. You’ll have an internal group that’s working in silos, and their interactions with other departments will be disastrous, earning your team a bad reputation.

Black-and-White Thinking Covers Up Insecurities

Most cyber professionals seem to be very secure in their knowledge and ability to understand the threat landscape. Sometimes that’s just a facade for their insecurities. They desire everything to be certain; when it’s not, their response is not to communicate and collaborate. Rather, they will posture and use geek speak to cover up the fact that they don’t know all the answers. They’ll figure it out on their own or not at all. Insecurities are another weakness that has nothing to do with your cyber framework.

Black-and-White Thinking Leads to Burnout and Attrition

There are other hidden dangers of black-and-white thinking that impact those in this mindset and others working with them. If someone is so rigid in how they view the cyber landscape and the protection of networks and data, they may keep losing battles with hackers. They then put more pressure on themselves to be more aggressive without understanding or discussing the root causes. As a result, people end up feeling burnout. It’s a pervasive problem for cyber professionals. This unsustainable level of stress is why nearly half of all security leaders will change jobs by 2025.

Burnout can lead to attrition, but many black-and-white thinkers will stay on their path and won’t succumb to burnout. Doing so will only make things worse and can be a catalyst for more errors and weaknesses.

Solving burnout is something cyber leaders deal with, and it’s not an easy task. It’s not just the black-and-white thinkers that feel the effects. Their colleagues become frustrated with their inability to be insightful and reflective. This creates a cybersecurity culture that’s unhealthy and toxic, so those high performers will leave you as well.

Recruitment is something you’re struggling with, and this only makes it worse. Before you rebuild the team, you need to work on the culture and expectations and move people to the gray. There are many approaches you can take to this significant problem. Most of those are traditional options, but they don’t work much of the time. There are opportunities beyond this, and that’s why I developed the Secure Methodology.

Changing Black-and-White Thinkers with the Secure Methodology

The Secure Methodology is a seven-step guide for cyber professionals to embrace people skills and develop them. When someone goes through the process, they’ll have the tools and perspectives that welcome the gray parts of cybersecurity. Here’s a preview of those seven steps and how they can impact black-and-white thinking.


The Secure Methodology begins with helping people be aware of themselves and others. When awareness is absent, it creates blind spots and causes friction between staff. When people aren’t aware, they live in a black-and-white box and can’t communicate effectively.

A mind has to be open to new perspectives to achieve awareness. You can use coaching methods to work on communication and gain insight into their motivations. The exercises in this step open up eyes to the gray.


Next is mindset, and when it’s fixed, there’s no room for the gray. Shifting mindset to be one of growth requires accountability. People have to realize that a fixed mindset is really a trap. You can help open it with reflection, asking questions, and urging them to be faster in decision-making.


Acknowledgment is a problem for many organizations and departments. When it’s not present, employees can disengage and become resentful. If the only acknowledgment people receive is negative, it feeds into black-and-white thinking.

Another aspect of a lack of acknowledgment is that you aren’t demonstrating that cybersecurity is complicated and that no one could possibly know all the answers. In black-and-white minds, the complexity grows, and they lose their ability to have simple conversations. To rectify this situation, you’ll need to recognize your folks in a positive way. In turn, that builds trust and rapport.


Communication is step four, but it’s critical to every stage. We looked at why technical folks have such trouble with communication. If they have to be open and inclusive communicators, it breaks down their black-and-white layers, which feels uncomfortable.

Transforming these people into effective communicators requires a lot of work from them and you. There are exercises that can be helpful, and you should continue to introduce these to your team. Ensure that the geek speak fades, replaced by inclusive language that involves active listening.


Is monotasking really a good thing? After all, most people praise the ability to multitask. However, multitasking often leads to errors and mistakes. Black-and-white minds can multitask just fine because they operate within a specific set of parameters. But these behaviors feed into burnout and anxiety.

Encouraging your team to monotask can help them be more reflective in the decisions they make because there are no distractions. They’ll also be more productive in the long term. Advise your staff to block off certain parts of the day to monotask and concentrate on one specific objective. It can give them a better sense of balance as well.


Black-and-white mindsets have little room for empathy, but it’s critical to any culture. The type of empathy you need to cultivate is enabling people to see the perspectives of others. It can also help reduce feelings of us vs. them in your organization.

Empathy is a vital soft skill, but it’s something we have to learn and develop. Walking people through this phase can make them better cyber professionals and people. There are activities in this step to foster this transition.


The last step is a Japanese term meaning “continuous improvement.” As a stage in the Secure Methodology, the focus is root cause analysis. This requires critical thinking and the ability to see the gray. When you practice root cause analysis, you have visibility into the challenges and how to address them. This stage never ends, as people must continue to change and adapt.

Start Your Journey to Embracing the Gray with the Secure Methodology

The path toward having gray thinkers will have detours and barriers. The Secure Methodology has a journey with those bumps in mind. It can be a valuable tool in developing your people and keeping your organization more secure.

Learn more about it by checking out the Secure Methodology course.