Cybersecurity Is a Support Industry; What Happens When Organizations Forget That

cybersecurity support industryLabeling the field of cybersecurity may seem like something of little importance. However, it can drive the dynamic of how an organization handles cyber initiatives. Many people miscategorize it as an industry in itself. That’s not accurate. Cybersecurity is a support industry. It wouldn’t exist without being part of other sectors—manufacturing, healthcare, financial services, etc.

Placing cybersecurity in the right classification matters in how a company thinks, acts, and responds to cyber threats. Failure to see it as a support industry can cause failures and misalignment. It’s a statement I make with context on why in my book, The Smartest Person in the Room.

In this post, we’ll go over why it’s a support industry and why that positioning is so vital.

Cybersecurity Supports

In calling something a support industry, it means that it supports others. At its core, cybersecurity is the pursuit of protecting data, computers, and networks. All those assets belong to a company that is within a designated industry.

Business leaders expect cybersecurity teams to be the protectors of their digital footprint. When organizations treat cybersecurity as their own silo, it causes elevated risk and disconnection between cyber initiatives and business ones.

But what about cybersecurity firms that provide services?

Cybersecurity Companies Are Still Part of the Support Industry Ecosystem

The categorization of industries is rigid in some instances, such as the NAICS (North American Industry Classification System). It’s what governments use to classify businesses. In most cases, the term industry is not so defined.

Cybersecurity firms that act as the provider of managed services would consider themselves a sector within NAICS, but that has little to do with the practical aspect of how a company works. Cybersecurity organizations still support other industries and should keep that top of mind in how they conduct their partnerships with customers.

Without the “support” part of the description, a cybersecurity department or company may forget its purpose. Egos become bigger, communication between groups collapses, and failures occur. Next, we’ll look at what those consequences could be.

Without ‘Support,’ Cybersecurity Teams Stray from Their Path

Aligning with support is crucial for cybersecurity to be effective. Taking away this element can lead to moving off the path and into greater risk and exposure. Here’s what that might look like.

Communication Breakdowns

Many failures in cybersecurity are the direct cause of poor communication. It’s typically on the side of technical people. Those cybersecurity professionals that believe they are the smartest people in the room don’t want to discuss what their clients need or want (whether that group is internal or external).

Conversations about the basics of protecting data and supporting those that use it, and systems, aren’t important to them. They have all the answers and certainly don’t see themselves in a supporting role. They believe they are the stars of the show and always know what’s best, regardless of what their clients want and need. They are often incapable of listening except to respond and refute. Such behavior erodes trust and hinders innovation. Should an incident occur due to a lack of communication, they’ll be looking for others to blame, even though they were in control.

Business Goals and Cybersecurity Strategies Don’t Align

Another issue that occurs when cybersecurity omits support is misalignment between business goals and cybersecurity strategies. In an ideal scenario, cybersecurity would support goals. Those business goals, in terms of technology, could include things like improving response times, reducing costs, or implementing more automation.

If cybersecurity believes it has autonomy, it may dismiss these goals and not prioritize them. They could have their own goals that negate what the business is trying to achieve in terms of enterprise pursuits like digital transformation. Now groups become antagonistic instead of collaborative. That’s a nightmare situation that could lead to many failures regarding security, wasted resources, and missed opportunities.

Cybersecurity Crowning Itself as an Industry is the Product of Fixed Mindsets

Mindset is a critical component in cybersecurity. It’s the second step of the Secure Methodology, which I developed in my book. The Secure Methodology is a framework with seven steps to help leaders transform technical teams into better communicators and collaborators. It focuses on soft skill development that makes cybersecurity professionals more adaptable, flexible, and adept at preventing and responding to threats.

In the section on mindset, I present the two types: fixed and growth. You can already guess that fixed is closed. That’s the kind of environment that exists when cybersecurity excludes support. The impact of this can be substantial. If employees aren’t willing to change and grow, neither will how they approach cybersecurity.

This limiting mindset isn’t easily lifted. There are exercises and strategies in the book. In terms of its effect on the support aspect, it creates unmovable minds who don’t feel obligated or responsible to serve anyone but themselves, and there may be nothing more concerning than this.

A Cybersecurity Culture Lacking in Support Becomes More Toxic

So, what happens if those on your cyber team refuse to consider themselves as support personnel? Eventually, it’s going to become a toxic culture. That’s because your managers will continue to hire people like them. They don’t want anyone who would challenge any of their ideas.

Instead of bringing in people with soft skills who have growth mindsets and understand cybersecurity as a support industry, they’ll stick with those like them. Soon you may have a team of people who think they are the smartest in the room. They will choose only to support their strategies and initiatives. You don’t want to get to this place because that’s when your risk exposure is the highest.

So, these points are a bit grim, but it’s important to understand where you could be heading and correct course. Here’s what can happen when your people gladly accept their support role.

The Other Side: What You Can Achieve as a Support Industry

What changes could your cybersecurity group realize if they categorized themselves as a support industry? There are many advantages to this being part of your foundational culture.

Support Teams Understand the Value of Agility

A well-run support team must be agile and adaptable. Cybersecurity and the needs of a business change constantly. When your people see their role as a team that must evolve as threats, risks, and objectives do, you reduce the chance of failures.

Adaptability is a key people skill that cybersecurity professionals can have. It’s so important to be supportive, as well, because they understand their role is to bend to the organization’s needs, not their own!

Communication Comes from a Place of Being a Partner

Does the way your team classifies themselves impact communications? Yes, it can because it’s a different dynamic. When cyber professionals assume a supportive role, they want to hear from all the stakeholders. They are willing to discuss many possibilities that will serve the needs of their clients.

Communication that’s transparent and honest is the most essential aspect of a cybersecurity team’s ability to protect. If poor communication is what puts a target on you, then impactful communication does the opposite.

Communication skills aren’t impossible to develop and improve. There are many exercises in my book specific to this, and the more you hone this, the better off all your people will be (at work and in life).

Support Industries Learn from the Past; They Don’t Repeat It

Yes, we are all doomed to repeat the past if we don’t learn from it! Your cybersecurity folks are no different. There will be incidents, as there’s no foolproof way to operate in a digital world. It’s what happens after that matters.

A support team wants to dissect the issues and get to the why, so they learn. They take what they find from this experience and let it shape how they approach security in the future. These moments can also deliver this when your people have a support mindset.

Support Philosophy Drives Innovation

When one group supports an enterprise or a client, they are eager to understand the challenges and work toward resolving them. These are often highly complex and novel, requiring new approaches and ideas. That’s where innovation happens.

People push themselves to produce better solutions when they see their efforts as supportive. In a closed mindset that dismisses support notions, there is little innovation because it’s unknown and uncertain, and they don’t care about outcomes.

These are a few of the positive outcomes of categorizing cybersecurity as a support industry. When your employees operate this, it just makes everything smoother. There’s less conflict and animosity. It strengthens collaboration and trust, and any team will be better when these things are true.

How Do You Categorize Your Cybersecurity Team?

You may not have explicitly thought about this before. However, you can now see how pivotal it is to designate cybersecurity as a support industry. It can considerably impact how your people operate and how well they keep things secure. You can learn more about building a team that realizes the value of being a support industry by getting your copy of The Smartest Person in the Room.

Check Out The Smartest Person in The Room

The Secure Methodology™ Step Two: Mindset

fixed vs growth mindsetMindset impacts everything we do. It’s the one thing someone can control in most situations. When your mindset is broad, overcoming challenges seems possible. Since cybersecurity is really a discipline riddled with challenges, you can see why mindset is so important. That’s why it’s the second step in the Secure Methodology. It builds on what you learned in step one awareness.

What Is the Secure Methodology?

First, here’s a refresher on the framework of the Secure Methodology. It’s a guide with seven steps featured in my book, The Smartest Person in the Room. Its purpose is to help organizations transform their technical teams into excellent communicators. It provides tools to think outside of ones and zeroes or black-and-white thinking.

Using the Secure Methodology can build a more collaborative group and enhance their people skills. As a result, your cybersecurity will be more adept at preventing and responding to threats.

In this article, I’ll briefly summarize the elements of step two mindset with a glimpse at what you can learn in the book that can impact your cyber professionals.

Two Dimensions of Mindset: Fixed and Growth

The idea of two different mindsets — fixed and growth — isn’t new, but it still provides the foundation for how to evolve it. First is the growth mindset. In this condition, people believe they are in charge of their own life. You realize you are the cause, not the effect.

Those with a growth mindset have no doubts that they can overcome challenges. They see possibilities where others don’t. They are willing to try new things and have curious nature that loves to learn. These people are solution-centric and have a passion for solving problems.

A fixed mindset is much the opposite. Those in this category think everything is set in stone, and they have zero control. They believe they are the effect, not the cause. In most cases, they are closed-minded and have no desire to learn and change. These beliefs limit everything they do. They are confined by them and stay stuck.

A growth mindset is what you’d like to see in all your cyber professionals. However, you’re probably already aware that’s not the case. So, why is a growth mindset so critical in these settings?

Without a Growth Mindset, There’s No Ownership of Actions

A growth mindset is flexible and adaptable. Those with it own their actions and can learn from them. Without this accountability, failure would always be the fault of someone or something else.

The willingness to lean into mistakes and grow from them is a skill that helps anyone in business and life. Because cybersecurity is a big puzzle with new pieces appearing constantly, a growth mindset allows people to adjust to this environment. Those with a fixed one won’t thrive. They just want to go through the motions, and that’s a big threat to your organization’s security.

Mindset’s Impact on Cybersecurity

The most vital aspect of mindset in cybersecurity is facing the truth. That means complete transparency around the threats posed every day and the weaknesses and vulnerabilities of a network. Growth mindsets can handle the truth; fixed mindsets are always running from it.

Lack of an open mind keeps people in the same routine of going through the motions of cybersecurity. They approach every project the same, overcomplicating it so they look like the smartest person in the room. These individuals have very narrow blinders on and simply recite the processes like it’s a monologue in a Shakespeare play.

Fixed mindsets can’t accept anything new, including solutions that are a good match for the issue at hand. If you have a team walking around not facing the truth, your organization could be in serious cyber trouble.

How Fixed Mindsets Bungle Cybersecurity

So, what does fear of the truth and an inflexible mindset look like in cybersecurity? Lots of examples are happening all around you. Here are some scenarios.

Password Vulnerabilities

Penetration testing is a normal part of keeping an application secure. One can reveal many cracks in the security walls. Often, passwords and algorithms that generate them can have flaws.

Correcting for this doesn’t have to be overly complex. Yet, time and time again, I’ve seen cyber leaders do just that. Rolling out complicated authentication systems gives the illusion of better security. It can also be expensive.

When cyber professionals are too focused on their one way to solve a concern, they see no other alternatives. As a result, it makes things less secure.

Communication Breakdowns

Another example is simple communication within a team. It can be regarding a major project, a cyber rule, or another exchange. For example, you could be debriefing an incident, and fixed mindset people will communicate in a manner that deflects blame and offers no insight.

They cannot accept the truth of the situation and feel it was unavoidable because they did the things they’ve always done. That type of thinking will sink cyber initiatives and strategies. You’ve got too many people in the boat unwilling to paddle.

So, is mindset changeable? Can you put a fixed mindset through experiences that help them break free from it? First, people need to have the right commitment.

Commitment Is Crucial

A growth mindset is the first building block, but your team has to do more. They must commit to this mindset. In doing so, there’s no friction or barrier to trying a new approach to an old problem. So, it’s not enough to be in a place of growth; they also have to commit to evolving.

The commitment goes beyond that of change. Your team also needs to commit to cybersecurity. Without this, winning the war against cyber criminals is a losing proposition.

They also need to be dedicated for the right reasons. Cyber professionals that only see dollar signs won’t hack it. Cybersecurity is a hard industry. There’s a lot at stake. The pressure is palpable, and it’s constantly changing. A committed growth mindset enables professionals to be nimble and creative.

Transforming Mindsets of Your Cyber Team

Change, in any situation, is hard. It’s much easier to keep going on the same track and not deviate. However, that’s a one-way street to failure. So, you’ll need a solid approach to change these minds and hearts.

If there’s potential for a growth mindset and a commitment to cybersecurity, there are ways to support transformation. Here are some of the best tips for this.

Encourage Reflection

By asking the right questions, you can take a person back to a moment to consider how they might do things differently. Be specific in the questions by asking for two or more things they would do to improve the situation.

Based on their responses, there are coaching opportunities. Reflection looks back, but you want them to take what they learn and move forward.

It may be difficult to pull out these reflections from people not used to doing this. You don’t want it to feel stressful or overwhelming because your mindset closes up when this occurs. The alternative is to recommend that they write about it for at least five minutes. This can be cathartic and move them toward opening up their minds.

Ask Why

Another method to use for mindset is asking why in the 7 Levels Deep Exercise. This is because it takes the average person seven questions to crack into their “why.” You’re peeling back the layers to determine true motivation by going through this exercise.

You can’t move forward with mindset change unless you know the person’s motivation. Not all motivations will align with an open mindset. If those reveal themselves, and there seems nowhere to go, those people may not be the best fit for your cyber team.

Acknowledge Small and Big Shifts in Mindset

Your mantra as a cyber leader in terms of mindset is that a growing one helps people succeed. When you see shifts in this, whether big or small, you should acknowledge them. It doesn’t have to be anything big but an appreciation of the evolving mindset patterns.

For example, your team could be discussing the latest phishing scams that are causing chaos. You have a protocol and strategy around phishing that combines technology tools and training. So, a fixed mindset would follow the same trail. If one of your employees speaks up about adjusting it to account for something new based on past learnings, that’s a growth mindset. This is an opportunity to reinforce this type of thinking. Share with your team why this response is what will assist them in winning the cybersecurity war.

Learn More About Mindset in the Secure Methodology

Find more insights, explanations, tips, and exercises on impacting mindset in The Smartest Person in the Room. With this information, you can develop your staff and help them evolve toward a growth mindset. You’ll also find all the steps of the Secure Methodology and how to integrate them into your cybersecurity operations. Get your copy today.

Check Out The Smartest Person in The Room

Why Communication Aptitude Is the Number One Soft Skill Cybersecurity Professionals Must Possess

communication skillsHaving effective communication skills is an asset in any career, even cybersecurity. It’s a soft skill that nicely complements technical ones. Having communication aptitude is a must for cybersecurity professionals. Without this cybersecurity soft skill, a lot can go wrong.

Poor communication and interpersonal skills are often the roots of cybersecurity incidents. That’s a theme in my book, The Smartest Person in the Room. Unfortunately, some organizations may not see the value in developing communication because they believe cybersecurity is black and white. It’s not. It’s many shades of gray filled with assumptions and a lack of understanding. These things breed when communication isn’t consistent and clear.

The question becomes how to improve communication and make it a priority. In this post, I’ll explain why technical people struggle with people skills, why they need them, and how to develop them in your team.

Why Cybersecurity Professionals Struggle with Communication

My perspective on the struggle comes from years of being a cybersecurity leader as well as research. The points I make in no way are a denunciation of the field. I’m just here to help organizations improve with employees with well-rounded skillsets.

Here are the key reasons cybersecurity teams have a hard time being excellent communicators.

They Are Afraid to Look Vulnerable or Incompetent

One thing that’s necessary for healthy communication is asking questions. Cybersecurity professionals rarely do this for fear they’ll look like they don’t know everything. They’ll make assumptions and fall back to standard ways of resolving issues. That’s not effective in a dynamic and ever-changing landscape with new threats always on the horizon. Fear keeps these people from discovering what they don’t know, which increases risk.

Technical Folks Never Want to Be Wrong

Instead of facing the fact that everybody is wrong at some point, cybersecurity professionals cling to certainty. Except certainty is impossible in the field. This, combined with never wanting to be wrong, prevents healthy communication.

Misconceptions That Technical People Don’t Need to Be Great Communicators

There’s a deep fallacy that exists in technical jobs. The prevailing misconception is that technical people don’t need to be great communicators. They’ll let their technical skills do the talking. But they really need to engage in conversation to improve their technical aptitude and do their job effectively.

Lack of communication sinks cybersecurity. It doesn’t just apply to the technical person’s inability to have productive conversations. They also don’t actively listen when others share their insights, opinions, or other information. They only listen to respond in a defensive posture, so they don’t hear what the other person is conveying. They are only planning their rebuttal.

We’ve touched on the need for cybersecurity communication skills. Next, we’ll dive further into why they are so critical.

Why Do Cybersecurity Professionals Need to Be Effective Communicators?

At a foundational level, cybersecurity professionals need to be effective in their communications because they are part of the problem without it. Data breaches, ransomware attacks, and other cybersecurity failures are often directly tied to poor communication. It’s not that you didn’t have the best technology or strategy. It’s that your people didn’t talk to each other or anyone else!

Here are the other reasons why technical roles need these soft skills:

  • It improves transparency in operations, which typically leads to a greater understanding of the threat landscape and greater trust among teams.
  • Healthy, consistent communication supports problem-solving. That’s a big part of a technical person’s job, and teams can’t excel at this without proper discussions.
  • Good communication builds trust and respect among teams, and that’s essential for their ability to solve cybersecurity problems.
  • Soft skills allow people to be more adaptable to change, and cybersecurity is full of that. New people and threats come into the ecosystem routinely. Without flexible communication skills, adaptability remains low.

Current Communication Styles Are Often Off-Putting

Some of your cybersecurity employees may be talkers. Again, that doesn’t make them great communicators. The style they use is often off-putting and aggressive. They like to use a lot of jargon, which doesn’t mean anything to people outside their technical bubble.

They approach communication in this way because it makes them seem superior. It also covers up their lack of comprehension. The strategy is to make communication so technical and abstract that non-technical people will simply defer to them and end the conversation.

This type of speak can also impact how technical people work together. Because cybersecurity is so broad, there are many roles, and they all have their own “language.” As a result, communication failures happen here, too.

When they learn these soft skills, it can change the dynamic completely. However, communication isn’t just about what you say. It also includes body language and nonverbal cues. Those are just as critical as words.

The 7-38-55 Theory of Communications

Mehrabian’s 7-38-55 Theory of Communication highlights that it’s more than just words. The principle states that communication is 7% word choice, 38% tone of voice, and 55% body language.

This is an important concept to share when helping people evolve their communication styles and how they interact in conversations. It can also make them more aware of their tone and body language, which may be causing a barrier. Awareness is the place to start when you begin to navigate communication skills.

Such a theory also taps into technical minds. Communication isn’t just some soft skill. They can recognize its power in influencing how they work and why it could mitigate risk.

Once you have more awareness, you can begin implementing plans to improve communication. The process will take time and commitment. What you get in return is well worth the work.

How to Improve Cybersecurity Soft Skills

We’ve looked at the why and how of communication failure. Now it’s time to talk about how to fix the problem. That’s not an easy road because you’re up against a resistance to change. That resistance often consists of your people being unaware of the communication issues.

Thus, they have to become aware before they can work toward adapting behavior.

Encourage Self-Awareness

Technical people have to get out of their own way, so to speak. They need to be self-aware of how they communicate and why it’s an issue. This requires introspection and a new perspective.

In The Secure Methodology, the framework from my book, Awareness is the first step. In that chapter, I offer multiple ways to help your people through this transition.

Demonstrate the Importance of Communication

If you want your team to be better communicators, you need to make it a priority and lead by example. If there are specific examples you can point to that were communication breakdowns and the consequences, it’s no longer this intangible thing. Now it’s in front of them, and that’s impactful to those that are more logic-based in their thinking.

Champion Active Listening

Technical people who master active listening perform much better than those that don’t. In every conversation we have, we may hear the words but not really absorb and comprehend them. It goes back to the earlier notion of people just listening to prepare their response.

Providing guidance on how to listen actively and exercises can make a difference. As with any change, your team has to be willing and able to adapt.

Make Perspective Key to Communicating

Perspective is another challenge in communication. Often people have no way to see anything other than from their own eyes. That impacts how people collaborate and solve problems.

If you can guide people to open up their perspectives, better communication is more likely. In my book, I spend a bit of time talking about perspective and the best ways to approach it.

Tap into Their Motivation

Everyone has different things that motivate them to change (or not). If you can understand their motivation and make it part of their awareness, communication will improve. It can also help people think with their hearts and minds. Motivation doesn’t have to be altruistic for this to work.

Coach People to Be Flexible

Being flexible and adaptable is critical to becoming a successful communicator. Technical folks are usually either of these. However, that doesn’t mean they can’t be, and it will serve them well in a dynamic landscape like cybersecurity. You can coach your people to be more agile with the right strategy. You’ll find tips and exercises to do this in my book.

Through exercises and the development of soft skills, your team can embrace flexibility. When they do, it can be a turning point in their success and performance.

Help Your Team Master Cybersecurity Soft Skills

Setting your cybersecurity team up for success depends a lot on their communication soft skills. If they hone and develop these, they’ll be better at their job and more engaged. It’s also a skill that can have a profound impact beyond their career.

There will be challenges in evolving people. The exercises, tips, and strategies presented in my book, The Smartest Person in the Room, can help. Get your copy today to start the journey.

Check Out The Smartest Person in The Room

Why Do Technical People Struggle with People Skills? And How Can Companies Fix It?

7 Step Secure Methodology - Christian Espinosa
The Secure Methodology Improves People and Life Skills

People skills are a challenge for many individuals. It’s often a combination of personality and experiences. Technical people often get put in a category of lacking them. While this is not universal, it does account for some of the failings of cybersecurity strategies.

Without a robust soft skill set, these professionals get caught in a cycle of bad communication practices, a lack of curiosity, and posturing. It’s time to peel back the onion on why they struggle in this area and how to fix it.

Why Technical People Struggle with People Skills

This analysis comes from years of experience, research, and asking the hard questions. Again, it’s not a condemnation of those in technical fields. Many have a nice balance and are thriving. Through the years, I’ve met and worked with many highly articulate, open, and excellent cybersecurity experts. However, in general, this is the exception, not the rule.

In my book, The Smartest Person in the Room, I lay out the evidence for why this struggle is all too real.

They See the World Exclusively in 1s and 0s

It’s hard to communicate and collaborate with others when your world is solely 1s and 0s or very black and white. The reality is that the world, people, and cybersecurity are gray. That’s hard for some technical minds to grasp.

In a lot of technical disciplines, there is a right answer and a wrong answer. No discussion required. It’s probably more applicable to some areas of math and science. However, cybersecurity isn’t just math and science. It’s an ever-evolving field. New risks and threats emerge all the time.

Further, it requires asking questions and understanding business needs. That can send some technical folks into a free-fall. They don’t have a naturally curious nature in public, so they fall back on what they know and don’t try to find out what they don’t. They fear curiosity in front on others may appear as a lack of knowing or incompetence.

Insecurity Leads to Soft Skill Failure

Many cybersecurity professionals never want to be wrong — another reflection of black/white thinking. The feeling often comes because they are insecure. They cling to certainty, and interacting with other people and having meaningful conversations are too uncertain.

They let insecurity guide what they do, pushing back on the need for two-way dialogue. They’ll figure it out on their own and don’t want to entertain outside ideas. That then leads to posturing.

Poor Communication Sinks Cybersecurity

There is a misconception that technical jobs don’t require communication skills. That’s not true. Every role depends on communication, and when that’s a challenge, it’s a house of cards filled with assumptions. It’s the biggest shortfall for many technical people. It doesn’t mean they aren’t articulate or don’t have a good vocabulary. It means they can’t converse in a healthy and productive manner. Having honest and transparent communication is about listening more than talking. Unfortunately, many people aren’t good at that. These communication issues will bring down any company department.

People fail at communication for many reasons, as discussed above — insecurity, fear, a closed mind, a lack of empathy. This revelation isn’t unknown. A study on business communications found that 89 percent of respondents believe effective communication is important. Yet, 80 percent of those same people said that communication in their company was average or poor.

However, it’s not a dead end. There are ways to develop communication and other soft skills.

Fixing the People Skills Problem for Technical Professionals

Attaining better people skills was a self-journey. The consequences, however, didn’t just benefit me. They helped me create a process that any technical employee can navigate and come out the other side.

There’s no magic fix for evolving people, and they must want to change. So, that’s a barrier for sure. If you’re going to invest in helping your team, you want to know they’re open and have a growth-mindset.

What I’ve developed to counter this problem is the Secure Methodology. The following is a quick review of the framework and how it works. By employing it, people can start to see the gray in the world and be better cybersecurity professionals and experience personal growth as well.

The Secure Methodology

Step One: Awareness

The first step is about being aware of yourself and others. The lack of awareness in a professional setting causes you to miss blind spots. It also causes relationship issues at work because without awareness, communication is poor, and posturing reigns.

The mind has to open itself to new perspectives to achieve awareness. That requires coaching on communication and understanding what motivates a person. There are exercises that can strengthen the awareness “muscle” and open eyes.

Step Two: Mindset

You either have a fixed or growth mindset. Those with poor people skills are trapped in fixed. It’s not permanent. The key to a growth mindset is accountability. It’s no secret that a growth mindset is critical for cybersecurity. So, you must open those minds. The best way to approach it is to encourage reflection, ask the right questions, and urge quick decision-making.

Step Three: Acknowledgment

Acknowledgment in the workplace is a rampant issue. In cybersecurity, without positive acknowledgment, employees fall into disengagement and resentment. Many times, if there is acknowledgment, it’s negative, which feeds into further anger.

The other issue is that a cybersecurity team that receives no acknowledgment can’t concede their overly complex framework isn’t working. They lose the ability to simplify. To end this cycle, you should recognize their positives in the present before you expect them to master acknowledgment. You can improve this by building rapport and trust with exercises from the book.

Step Four: Communication

We’ve talked a lot about communication because it’s applicable in every aspect of nurturing people. We’ve identified the reasons why people are bad at it. Another critical factor is that technical folks like to speak geek as a sign of their higher intelligence. For those outside the industry, it may as well be another language, and technical professionals have to interact with non-technical folks. They build a wall with it instead of a bridge.

Shared language is inclusive and promotes active listening. Getting to this involves reframing and simplification, achievable through specific activities.

Step Five: Monotasking

The world wrongly praises multitasking, believing it epitomizes capability. In fact, humans weren’t born to multitask. It’s a real problem in the cybersecurity field, leading to errors and mistakes. It also creates a lot of anxiety — as if anyone needs more of that.

Retraining to monotask means that you can focus completely on one task. It can be much more productive than trying to do five things at once. Fostering this behavior includes blocking time for specific tasks and blocking out distractions (that means not answering a call, email, or text immediately).

Step Six: Empathy

A cybersecurity culture without empathy will not succeed, at least not long-term. You may wonder why it matters in technical roles. It matters in everything, really. The problem in the workplace is an us vs. them mentality. There’s no room for consideration and compassion in this model.

Empathy is a core people skill, but we’re not born with it. It’s something people develop. When it’s nonexistent, technical people don’t care about their clients or their data. Nor do they have concern for colleagues. If you’ve been able to make it through the first five steps, then you’re on a path to spreading empathy. There are also specific activities to do on the team level to develop it further.

Step Seven: Kaizen

The final step is a Japanese term meaning “continuous improvement.” In terms of the Secure Methodology, it’s a more tangible action of root cause analysis. Root cause analysis helps understand real problems and how to improve them. That applies to cybersecurity and people skills. Mastering it requires constant change and adaption, and you can’t get there without the former six steps.

Do Better People Skills Really Lead to Better Cybersecurity?

You may look at the Secure Methodology and think it sounds great in theory but are skeptical about its real-world implications. That’s fair. Again, there isn’t a guarantee because nothing is. What you should know is that it’s proven. I’ve witnessed it, and I can without hesitation say that better people skills lead to better cybersecurity.

If this is a path you want to send your team on because you realize the deficit of soft skills, your next step is to get the complete picture of the Secure Methodology by reading my book, The Smartest Person in the Room. In it, you’ll find activities specific to the seven steps to build the people skills they’re missing.

Check Out The Smartest Person in The Room