emotional intelligence

5 People Skills Every Successful Cybersecurity Professional Possesses

July 21, 2022 by Christian Espinosa

If cybersecurity were just a collection of robots, maybe the need for people skills wouldn’t exist. However, we’re not at that juncture yet. There’s always going to be a need for human intervention in the cybersecurity war.

People skills are hard, not just for technical folks. It’s more than just being personable or sociable. Much of it deals with communication, and as a collective human race, we all have work to do.

The concept of people skills as necessary for cybersecurity roles is something relatively new. In many cases, hiring staff was probably 99% based on their technical aptitude and experience. There was no test on people skills, and leaders often thought they’d be fine. Unfortunately, that’s not true, and I’ll go as far as to say that technical acumen is something to seek but is less important than those relating to communication, collaboration, and adaptability.

This argument is the basis for my book, The Smartest Person in the Room. I’ll sum up how technical skills cannot trump people skills with this example:

Would you keep or let go of your most proficient technical employee if they didn’t align with your culture? And by culture, I mean they were combative, condescending, and had no emotional intelligence.

I would, without a doubt, let that person walk. Why? Because you can upskill, train, and coach a person to become more technically able. Cybersecurity is an industry that’s constantly changing and requires agility. Are you going to let an inflexible, stubborn person run the show? Trust me, I’ve known many of these people over the years, and it’s not worth it. They corrode culture and never learn because they believe they are the smartest person in every room.

So that brings us back to people skills and their importance in cybersecurity teams. Next, we’ll examine why cyber professionals struggle with them, the most critical skills for success, and how to fix the problem.

Technical People Often Struggle with People Skills

My analysis of the industry is from my own experience. I’m not lumping every technical person into one category. Many people working in cybersecurity have these skills, but it would be a disservice to pretend this isn’t a major problem. So, why do technical people struggle with people skills?

Black and White Thinking

When we’re young, black-and-white thinking makes sense. We don’t have the experiences or brain power to see the shades of gray. When people are drawn to technical disciplines, they often hold onto some of this perspective.

In coding and math, there is one right answer. However, those things don’t encompass all of cybersecurity. There are actual people behind these attacks, and people are always gray. With this type of subject, communication is critical. You have to ask questions and talk about stuff outside the ones and zeroes.

Insecurity Is a Key Indicator of People Skills Deficiency

Those smartest people in the room types need to be right all the time. They don’t want to hear any alternatives or learn from discussions. They have a massive fear of someone questioning their logic, so they avoid it.

Insecurity means that two-way dialogue is impossible. It’s a dead end, and they’ll resist it through any means necessary.

Honest, Transparent Communication Scares Them

In cybersecurity, clear and open communication is critical to keeping data and systems safe. It doesn’t mean that technical people can’t have conversations and discuss projects cordially. The problem is that they don’t listen or articulate their points very well.

When communication is only surface-level, and no one’s challenging anyone to think more creatively or consider new approaches and information, it’s not effective. It will put your organization at risk in so many ways.

Now that you understand how grave these issues are, you’ll want to seek out staff with the soft skills that will make them successful. Or at least find people with the potential to develop these and have an open mind.

People Skills Cybersecurity Professionals Need

Cyber teams need to be just that. Everyone has to work together, which requires leaning into soft skills rather than hard ones. The following are the most critical ones.

Empathy

We could all agree that there’s an absence of empathy these days. While empathy is great in the real world, it’s also a core component of successful companies. There’s been considerable research on the value of empathy. Data suggests that those with empathetic managers have higher levels of creativity and engagement. It can also be critical for preventing burnout and turnover.

There are some misunderstandings about empathy. It’s not the same as sympathy. Rather, it’s connecting with another individual and understanding their perspective as your own. Being empathetic also means sharing your feelings with others and letting them do the same.

Empathy is a big part of my book, and I write that a culture without it will fail. The people skills to hone in around empathy include cognitive and affective. Cognitive is logical empathy in that you can understand a person’s mental state. It’s not a feeling; it’s a skill to develop.

Affective empathy is the sharing part where someone can actually feel the emotions of another. In the cyber world, cognitive empathy is the goal. Deeply emotional influence won’t be an asset as you work toward solving technical challenges.

Communication

We’ve talked about communication a lot, and in these terms, it’s a specific skill set. Communicating includes how you speak to others as well as how you listen. How you communicate with others consists of your words, tone, and body language. Someone can say something that makes sense and moves the conversation, but people may dismiss it because of an arrogant tone.

The best communicators think about all these things before they express their thoughts. They want to deliver an impactful message but also invite discussion. They are deliberate with their words and work hard to speak with people, not at them.

The second part of communication is listening. Those with poor communication skills only listen to respond. They are looking for things to either validate their “rightness” or be ready to counter something they disagree with, and that’s not listening.

Those that are successful communicators are active listeners. They comprehend what others are saying and give them their attention. The responses are then more thoughtful and helpful.

So, why does communication matter in cybersecurity? Miscommunication or assumptions are a leading cause of cybersecurity failures. You’re also never going to evolve your cybersecurity operations to the next level if your technical folks stay in their own silo and don’t have meaningful conversations that go beyond technical elements.

Adaptability

Of course, adaptability is a sought-after people skill. It’s a dynamic field with new threats emerging every day. Yet, most cyber professionals aren’t flexible. They cling to certainty and will not bend, and that leads to broken states.

I opened this article asking if you’d keep or let someone go who is technically adept but inept at people skills. It’s got to be in their DNA to hack it in cybersecurity. They must adapt to the industry’s dynamics and be open to change within themselves and the team.

Curiosity

A curious nature is critical in technical fields because there’s always a need to uncover things — bugs, breaches, incidents, etc. Having an investigative mindset is good for cybersecurity. These people want to know why. As a result, they are often more natural communicators and collaborators.

They see puzzles to solve and get excited about what they’ll learn and experience. They are eager to innovate, adapt, and try new things. Those are all positives for cybersecurity teams. Curiosity can be a bit contagious, too. Once others see that asking why leads to new information, they may be more apt to ask more questions.

Vulnerability

Many think that being vulnerable means being weak. It’s the opposite. Vulnerability as a people skill means that you are honest and willing to share your ideas and opinions, no matter what response they may elicit.

Vulnerability has everything to do with trust. It’s a hard skill to develop for any person. It also requires that the space in which the sharing occurs is a safe one. That’s something you must build for your team. If you do, and there’s trust there, then vulnerability can lead to some great outcomes. No one is scared to be wrong, and that kind of approach is helpful in solving cybersecurity challenges.

Fixing the People Skills Challenges with the Secure Methodology

You can enhance and build soft skills in those willing to do the work. Not everyone will believe they need these or want to change. So, first, you have to take the temperature on how people feel about these skill sets (and their lack of them). Open minds (and hearts) can grow. My book has many exercises, tips, and strategies to develop these in your teams through the Secure Methodology. Get a copy to find out how to use the framework to upskill your people.

Why Geeks Need EQ and Leadership Skills

September 16, 2021 by Christian Espinosa

First coined by psychologists Salovey and Mayer in 1990, the term ‘Emotional Intelligence’ talks about our capacity to process, perceive, and regulate emotional information effectively and accurately. Emotional intelligence can be used on others and in ourselves to process information to guide our thinking and actions, along with influencing feelings in others.

Emotional intelligence is an important part of every workplace and is used to provide a framework by which standards of intelligence can be applied. Unfortunately for geeks, this means that simply being smart (high IQ) won’t cut it at work — they also need leadership skills that can be derived from emotional intelligence. In this blog post, we discuss why geeks need leadership skills.

What are EQ Skills?

Emotional Quotient or Emotional Intelligence refers to our ability to use, understand, and positively manage our emotions to communicate effectively, relieve stress, and empathize with others. Having EQ skills can help us succeed in school and work, build stronger relationships, as well as achieve personal and career goals. Moreover, EQ skills can help us connect to our feelings, make informed decisions, and turn intention into action. EQ is commonly defined by these four attributes:

Self-awareness: This refers to the ability to recognize our own emotions, along with how these affect our behavior and thoughts. By being self-aware, you’ll have self-confidence and know your strengths and weaknesses.
Self-management: Refers to being able to control impulsive behaviors and feelings, as well as being capable of managing our emotions in healthy ways. It also means that we’re able to follow through on commitments, taking initiative, and adapting to changes in circumstances.
Social awareness: This refers to having empathy, understanding needs, emotions, and the concerns of other people. It also means feeling comfortable socially, being able to recognize emotional cues, and knowing the power dynamics within a group.
Relationship management: Talks about how to develop and keep good relationships, influence and inspire others, communicate clearly, manage conflict, and work well in a team.

Are EQ and IQ Mutually Exclusive?

Many people score highly in both EQ and IQ tests. They’re both used to measure intelligence and there can be some overlap between both of these. Our synapses and neurons’ ability to send and receive signals can determine our IQ and EQ. Scientists believe that the temporal, frontal, and parietal lobes are responsible for managing both our EQ and IQ.

Some people might have a lot of one or the other, but it’s possible to cultivate and train both. While genetics may influence both IQ and EQ, there are various brain activities that you can do to boost either trait.

Why Geeks, Nerds, and Engineers Typically Do Not Have EQ Skills

Unfortunately, many geeks, nerds, and engineers, usually don’t get the chance to develop their EQ skills simply because they often think they can outsmart everyone. As a result, they will wonder why their career has stagnated or why they haven’t gotten promoted.

Another reason why this group of individuals lacks EQ skills is that they’ve learned to ignore emotions relevant to them. This leads to a socially awkward personality and being rejected by peers. This can be emotionally painful, and as a result, they will push themselves to be the best in every aspect of life that doesn’t need EQ or social skills.

How The Lack of EQ Skills is Holding them Back

Based on people’s real-life experiences, having a higher EQ is an essential trait to have when wanting to move up the ladder. However, we’re also required to have adequate training and experience, both of which will also help us towards getting promoted. All too often, we’ll see professionals who are highly talented and qualified at what they do but aren’t able to adapt their actions or communication according to a social situation — as such they aren’t self-aware enough to accept constructive feedback.

As a result, they were either passed over for promotion or quickly removed after starting a position that needed a higher EQ than they possessed. If you don’t think that EQ is all that important, then consider these statistics from past studies:

Emotional intelligence makes up 90% of career advancements when technical skills and IQ are similar
Almost 90% of top performers have higher levels of emotional intelligence.
Our job performance relies on emotional intelligence 58% of the time.
On average, those with high emotional intelligence can make $29,000 more compared to those who have low EQ.
Only 15% of our financial success is attributed to technical ability, while 85% is due to our personality, skills in human engineering, the ability to negotiate, communicate, and lead.

How EQ Skills Can Help With All Aspects of Life – Not Just Work

The smartest people aren’t always the ones who reap the most success. IQ on its own isn’t enough to get the success we want in life. While it’s our IQ that will get us into college, it’s our EQ that helps us manage our emotions and stress whenever we face huge challenges. Because EQ and IQ work together, they work best when they build from each other. Here are just a few things that emotional intelligence affects:

Our performance at work or school
Our physical health
Our mental health
Our relationships
Our social intelligence

How AI May Eliminate Jobs that Do Not Require EQ Skills

If you’re worried about Artificial Intelligence (AI) taking over jobs, you should be. There are various things that they can do that we, as humans, simply can’t compete with. However, this doesn’t mean that everyone will lose their jobs — those that require EQ skills (which AI doesn’t possess) are sure to pave the way to the jobs of the future. Here are just a few reasons how AI can eliminate positions that don’t need EQ Skills.

AI Doesn’t Get Tired or Bored

Humans are prone to problems such as personal stress, lack of rest, and boredom from repetitive tasks. For example, staying up late at night will have an impact on how we perform at work the next day. Computers, however, don’t need to sleep, and their operational ability remains the same unless they have no power.

Computers Don’t Make as Many Mistakes

Unfortunately, making mistakes is part of human nature. This isn’t true of computers, however, and they aren’t susceptible to errors. Once they get instructions, they will execute them perfectly, which makes them essential for jobs such as data entry. AI will likely take over jobs that involve transcribing, copying, pasting, and typing.

AI-Controlled Machines Can Do Dangerous Tasks

Jobs that involve factory work, machine assembly, and mining expose all workers to danger. Whether it’s extreme temperatures, dangerous fumes, or falling objects, there are plenty of situations or circumstances where workers can be killed or seriously injured. AI can be used in these fields to ensure that processes are more efficient and that humans stay out of danger.

AI is Cheaper

While building and training an AI machine may cost more at first, its overall costs for operation are much lower compared to paying someone to do the same job. Companies can save a fortune by keeping a machine running through electricity and providing it with occasional maintenance.

However, hiring a human will take resources to find and then train them, along with having to pay them a yearly salary as well as paying them the required benefits.

Key Takeaways

As discussed above, there are many reasons why geeks should have leadership skills. Here are important things to remember:

Not only will EQ and leadership skills help us in our work or school life, but they will also provide us with essential skills needed to advance further in many facets of our life.
A geek leader won’t just succeed in various ways, but will also get ahead of the crowd, acquiring skills that will make them indispensable.
Even if AI technology replaces jobs that don’t require EQ in the future, having leadership skills will allow us to fit into industries where AI can’t contribute due to a lack of emotional capacity.

How to Develop Soft Skills in Your Cybersecurity Team

June 16, 2021 by Christian Espinosa

Cybersecurity roles are highly technical, so why should you care about soft skills? For any technical or non-technical position, there is, of course, human interaction. Having technical aptitude is essential in the field, but it doesn’t always translate to success. In my experience, cybersecurity soft skills matter greatly, and this is why I wrote The Smartest Person in the Room. They can be the reason for cybersecurity success or failure.

Developing soft skills in any person in any career is challenging. It’s not a one-size-fits-all approach. People are complex and have different experiences, motivations, and limitations. What works for some may not for others. In a way, you have to customize it to the person. However, there are some wide-ranging ways to apply principles and strategies to enhance soft skills and help professionals perform at work and in life better.

Soft Skills Are Harder to Master Than Hard Skills

The “hard” skills of cybersecurity aren’t easy by any means. Most industry experts still say there’s a skills gap, and cybersecurity certifications are not always an indicator of proficiency. The field is full of paper tigers, individuals who look experienced and knowledgeable on paper but don’t excel in the real world.

However, individuals can hone their hard skills with practice and perseverance. They can soak up information and improve every day through practice — although a lack of soft skills can impede the ability to do this.

You actually need soft skills to improve hard skills, and they are difficult to master. Soft skills like communication, collaboration, and having a growth mindset enable a person to learn and grow in new ways that can open their eyes to the fundamentals of cybersecurity.

Soft skills are harder because they require a change in thinking, behavior, and actions. Change is hard for anyone in any situation. Cybersecurity professionals often have the mentality that they are never wrong — they are the smartest person in the room. That’s a fallacy that you can’t transform with more hard skills. You have to do the hard work of soft skills.

What Are the Most Important Cybersecurity Soft Skills?

Cybersecurity is typically only successful when it’s a group effort. Silos don’t contribute to this, yet they exist. Breaking those down and collaboratively working depend greatly on soft skills. These are the ones most critical.

Communication

Communication is at the top of the list. As humans, it’s our means of expression and connection, but most of us aren’t great at it. That doesn’t mean we’re defective. It just means that experiences, trauma, failures, and more cause us to hold back.

Tapping into communication skills is crucial for a cybersecurity team, and it has many facets. Communication isn’t just what you say. It’s how you say it, your body language, and other nonverbal cues. You can have a great employee that’s technically smart, but if the delivery of every message they have is condescending or defensive, it’s not likely to be received well. Written words are communication, too. Tone is often hard to judge in these, which could be causing problems as well.

The other part of communication is active listening. While we all usually hear what people say, we don’t listen. Or if we do, we only catch things that validate our own positions.

In many scenarios, miscommunication — or lack of communication — is the cause of cybersecurity failures. Teams don’t share information or take into consideration ideas that don’t align with their own. That’s a huge risk that has nothing to do with the technical side.

Fostering communication is a slow process. You can’t just declare that everybody’s going to be better at it, and this happens. There are deep-seated barriers inside people that make them falter in communication. People must want to change and actively participate. If you can understand their motivations, that can help, but some people aren’t even clear about those.

In my book, communication is Step 4 of my Secure Methodology. It includes exercises and analysis on communication issues in cybersecurity. Those can be a good entry to solving these challenges, but it still requires acceptance and desire to change for individuals.

Collaboration

Collaboration is a complement to communication. Communication enables collaboration. Everyone comes to the table to work out problems and plan for the future. This is difficult in tech roles because sometimes they don’t see the big picture of what they’re doing and its impact. Collaboration in cybersecurity isn’t just about the internal team. It’s about working with non-technical people, too.

Those other parties could be internal stakeholders or external ones. They expect your group to protect their data and systems. They play an important role because they tell you why and what. If collaboration efforts stumble, you can almost guarantee that risk rises.

Communication exercises can support bridging this gap. Awareness is also key and is the first step in the Secure Methodology. Regarding collaboration, awareness of others is the soft skill needed.

Without awareness of others — their opinions, beliefs, and needs — we simply make assumptions. Those can be wrong and influenced by our own experiences. When you can cultivate awareness of others in a group, interactions become more productive and positive.

Curiosity

Curiosity is often associated with negatives because we know what it did to the cat. That early belief that curiosity is bad sometimes sticks. However, those who are naturally curious often find great success because they wanted to know why, and once they saw why, they were motivated to innovate.

Excellence in cybersecurity requires a lot of curiosity. There are lots of mountains to conquer, and the landscape is constantly changing. Someone that discourages curiosity in themselves or others will struggle in the field. They won’t be able to imagine what’s next. After all, those on the other side use curiosity to make them better hackers.

Inspiring curiosity often comes down to simply asking why a lot, or “what” and “how” variations of why. It moves people to articulate positions and dig deeper. There are some exercises for this in the book, and I’ve found that curiosity is a skillset that delivers tremendous value for professional and personal growth.

Comfort with Change

Many cybersecurity professionals find the field attractive because they don’t like uncertainty. No one really does, but it’s a fact of life. We can all agree that the only certainty is uncertainty. While some of the hard skills of cybersecurity seem defined and finite, change is a big part of the industry.

For people to embrace change, it requires acceptance that they can’t control everything, which is hard for technical folks. Fear of change and the inability to be more agile-minded can impact a team’s resiliency.

So, how do you get teams to be more willing to be changemakers? Working on communication and collaboration helps, but it also includes developing a growth mindset and empathy. These are two more steps from my Secure Methodology that directly affect soft skills development.

When people stretch their mindset from being fixed, they can change how they behave and react. They may gain patience and be better equipped to inspire change in others. Empathy can also change someone’s perspective. When they take the time to respect other views, they’ll deepen their soft skills, which allows them to perform cybersecurity work more holistically and strategically.

Does Your Culture Support Soft Skills Development?

Another vital consideration for soft skills development is how well your culture supports it. If you don’t, then the work you put in may not stick or resonate. Workplace culture impacts business success. When it doesn’t allow people to thrive and grow, the result is disengagement, high turnover, and greater risk.

If you want to improve the soft skills of your cybersecurity professionals, you need to assess the culture. Determine what the barriers are and how to overcome them. By doing that, you put your team and organization in a much better place to succeed.

Ready to Cultivate Cybersecurity Soft Skills in Your Team?

Soft skills development isn’t easy. There’s a lot of resistance, and some may not see the value. It requires change and motivation to grow. You might find that not every cybersecurity professional can commit to this, but there will be many who do. Organizations and their IT leaders can find a great resource in applying my Secure Methodology. You can learn all about it in my book, The Smartest Person in the Room, available now.

Helping Your Audience Become More Secure

Sharing Interpersonal Skills For Smart People on Your Platform

Connect On Social Media