leadership

Cybersecurity and Meaningful Work: Why New Generations Entering the Field Want Purpose

December 18, 2022 by Christian Espinosa

The cybersecurity talent pipeline is facing the same challenges as many industries. A strong job market and low unemployment mean that many well-qualified professionals aren’t actively seeking new jobs. As a result, cybersecurity needs to look to the latest generation entering the workforce, Gen Z. Gen Z is a unique generation, which makes the ability to recruit and retain them much different. They have new ideas about work and that it should be more than a job and provide them with purpose and fulfillment—a trending topic in the world of HR known as meaningful work.

In this post, we’ll examine the Gen Z demographic, what matters to them, the concept of meaningful work, and how cybersecurity leaders can use this information to connect with a new generation of workers.

All About Gen Z and Their Entrance into the Workforce

Gen Z describes individuals born between 1997 and 2012. They currently make up almost 21% of the U.S. population. The oldest of this group have entered the job market, with many more to come in the next few years.

Gen Z is described as the most racially and ethnically diverse generation. They are also digital natives who have had a device in their hands most of their lives. This demographic has also been through many major events during their young lives, including the war on terror, a major recession where they witnessed parents and family members lose jobs, and the pandemic.

All these factors shape how they view work and what’s important to them. They are often adamant about work-life balance, flexibility, autonomy, and having modern technology as part of their job. In addition to these expectations, they also want to work for organizations that share their values. In fact, 77% of Gen Z said this was important in response to a survey conducted by Deloitte. Another thing they value highly in an employer is diversity, equity, and inclusion (DEI), which 87% agreed was critical when considering jobs.

Gen Z also cares about company culture. Cybersecurity should be very culture-focused, which could entice them. Overall, they want to work for a company that cares about their well-being.

Work for them isn’t about a “grind” or purely a transactional relationship. They desire meaningful work, and if it’s not present, they’ll have no problem moving to the next opportunity. Long gone are the days when employees worked for a single company their entire lives.

As a cybersecurity leader, ingesting this information about Gen Z may give you pause. Yet, they have some key attributes that make them attractive as workers beyond technical skills.

How Gen Z Workers Can Benefit Cybersecurity

Gen Z had a big head start on technology aptitude. It’s been part of their lives forever, and they’ve been early adopters. Beyond these skills, cybersecurity leaders are placing more emphasis on people skills, which is the central message in my book, The Smartest Person in the Room. These can be very hard to develop in older workers that have been in the industry for years.

The nature of Gen Z’s life experiences naturally predisposes them to value being communicators and collaborators. The stereotype of this group as never putting down their phones and being detached in communication isn’t accurate. They do love tech and spend lots of time on social media, but it’s not their entire personality.

Since they sincerely care about the world around them, they also understand the value of having strong interpersonal skills. Some might not be as confident in soft skills, but they won’t “fight” you on realizing the need to develop them as older generations may. As a result, they may be more amenable to participating in exercises, programs, and activities that will help them cultivate better people skills.

All these things make Gen Z an attractive group for cybersecurity careers. The onus of making your industry and company appealing has a lot to do with meaningful work.

What Is Meaningful Work?

Meaningful work is a newish concept in the world of HR. Its definition is somewhat flexible because “meaning” is subjective to an individual. The idea is universal in that it means that an employee believes the work to be important for the greater good and is part of something. As a result, workers are motivated and engaged in what they do.

Another aspect of meaningful work is that employees can use critical thinking skills and be problem-solvers versus taskmasters.

Both align with a career in cybersecurity and what Gen Z wants in a career. In the end, meaningful work is good for workers and businesses.

For example, employees who engage in meaningful work from their perspective may positively impact their mental health, something Gen Z is serious about. Healthier employees typically have fewer absences than their depressed counterparts. They’ll also be more engaged in building a strong cybersecurity culture and collaborating to do great things.

An environment of meaningful work supports retention, as well. The attachment that occurs in this situation delivers tangible benefits. Companies can see 50% less turnover and a 56% increase in job performance.

It can also deter burnout, which can be a problem in cybersecurity. It’s a high-stress field with many risks, threats, and stakeholders. If you have a team that feels the work is meaningful, that you and the organization value them, and is a culture that’s inclusive, you have an advantage over others. As a result, you’ll be a more attractive option for those entering the field.

So, how do you promote your company as one that delivers meaningful work?

Attracting Gen Z with the Promise of Meaningful Work

There are a few key strategies to consider when recruiting Gen Z and using the angle of meaningful work. First, it’s essential to know that Gen Z is proactive in their job search. For those in college, a quarter of them began job searching in the first two years. Second, they seek internships to get experience for the future and test out a field to see if it’s a good fit. Taking this into consideration, here are some ideas.

Partner with Universities and Community Colleges to Find Talent

Get to Gen Z while they are still learning by creating relationships with educational institutions. It’s an excellent way for students to become aware of your company. This can lead to mutually beneficial internships. The first impressions that Gen Z has about your company will matter, so talk about culture and how much you value interpersonal skills as much as technical ones.

Add Meaningful Work to Job Descriptions

Most cybersecurity job descriptions are dry and standard. It looks like a computer wrote it! Gen Z will not respond to this, as they value authenticity. Be honest in how you position your roles. Yes, it’s important to talk about technical skills, but you can also include that meaningful work is part of your organization and that you provide an environment where people can learn and grow.

Tap Your Current Gen Z Employees for Referrals

If you already have Gen Z workers on your team, talk to them about referrals. Ideally, if they are happy with the company and the work, they’ll be up for this. A referral is better than most applications for both parties. For you, it’s a sign that your employee vouches for them. For the candidate, they’ve heard about what it’s really like to work for you and weren’t discouraged by what they learned.

Once Gen Z becomes part of your group, you have another consideration that makes or breaks. How will older generations react to them?

Is Your Team Ready for Gen Z and Meaningful Work?

If you’ve made meaningful work a priority, then your current employees know this. However, it’s not going to matter to all of them. Some are still stuck in old perceptions about cybersecurity. Their “meaning” is that they are the smartest, most capable technical people. If that’s your current predicament, there will be some friction.

In a way, you have to prepare them for the entrance of Gen Z, which will require that they work on their people skills. Hopefully, they’ll realize this process benefits them in many ways. However, it involves change, and resistance is inevitable. Through the Secure Methodology™, which I developed in my book, you can find a seven-step guide on how to transform these outdated mindsets.

They’ll be helpful for all your employees, regardless of their generation. The way they respond and their effort will vary. Ultimately, you’re trying to work as a cohesive team that respects each other, cooperates well, communicates clearly, and can find meaning in what they do.

The journey ahead will be challenging at times. You have a chance to make a real difference in the lives of your employees and your company’s ability to manage risk and mitigate threats. Use the Secure Methodology as a blueprint to do that. Get the entire message by reading my book and check out the Secure Methodology course, as well.

The Secure Methodology™ Step Four: Communication

October 8, 2022 by Christian Espinosa

Communication is the core of any organization, department, or process. It’s a topic I talk about extensively in the world of cybersecurity. That’s why it’s step four of the Secure Methodology and why it’s a critical aspect of every effort.

In this post, we’ll go in-depth on step four. You can read up on the first three: awareness, mindset, and acknowledgment. We’ll start with a recap of the Secure Methodology.

The Secure Methodology: Turning Technical People Into Solid Communicators and Collaborators

Before we jump into communication, here’s a recap on the Secure Methodology. It’s a seven-step process I developed as part of my book, The Smartest Person in the Room. I designed it as a guide for cybersecurity leaders to help improve interpersonal and people skills so that they can work together to combat cybercrime. It’s not about technical aptitude but rather empowering cyber professionals to look beyond the ones and zeroes by being honest communicators. It’s a reframing of cybersecurity culture to be collective and collaborative in solving challenges.

So, let’s dive into step four.

Technical Staff Aren’t the Best Communicators

It’s a total stereotype that logical thinkers are bad communicators. Except, in this case, it’s mostly true. I’m not making a blank assertion, but I’ve been in the business for a long time and witnessed this to be accurate time and time again.

When I talk about poor communication, it’s not that someone isn’t articulate or functions with a limited vocabulary. It also has nothing to do with intelligence. The problem is that there’s a communication gap between technical people and company leadership. It’s so bad that they might as well be speaking another language, and they kind of are with geek speak and jargon.

Why do they do this? Well, it helps them validate to themselves that only they know about the technical world. Those who are outside of it couldn’t dare understand what they do. It keeps them in a place of feeling superior. They’re in this club, and no outsiders are allowed. Except those outsiders are running the company and hold all the budget dollars. When technical workers fail to communicate effectively, they alienate their internal or external customers.

Keeping Geek Speak Alive Assuages Insecurity

At the core of geek speak is insecurity. Most technical people believe they hold the title of the smartest person in the room. If they have this “coded” language, few can make sense of it, so there’s less chance that someone will push back. Speaking in normal terms could expose the fact that they aren’t sure, which would be the worst thing for these people. They never want to admit that they don’t know.

Different stakeholders may request that they simplify the message around cybersecurity because it impacts more than just IT. Cyber attacks are considered a primary risk for any business, so their management and impact are enterprise-wide. All tech people will take away from this is that they need to dumb it down.

Another issue is that cybersecurity training and certification reinforce this by providing pages and pages of acronyms to memorize. Every industry has its shorthand, but this is taking it to a new level that’s not consequential to their ability to be equipped cybersecurity professionals.

Communication also has much to do with listening, just as much as talking. Most technical people don’t score well here, either.

Poor Communicators Are Poor Listeners

Being an effective communicator isn’t just about what you say and how you say it. It’s also about listening! In a fast-paced, dynamic world, attention is fleeting, and the consequence is people who don’t pay attention. It can be hard to stay present and observant.

In addition, many people only listen for agreement or rebuttal. They aren’t taking in what someone is expressing and are simply waiting to give their response either in agreeance or to dispute and argue.

Without active listening in cybersecurity, we can’t fully understand the problem. That creates massive challenges in the field.

Dysfunctional Communication Has a Major Impact on Cybersecurity

As I’ve said, we (the good guys) are losing the cybersecurity war. The defeat isn’t because technical skills, innovation, or tools are subpar. I’d argue it has more to do with the fact that communication is in a state of brokenness. It goes back to the gap referenced above.

If technical people aren’t more inclusive with language to decision-makers, they aren’t likely to get the responses they expect or need. The excuse of “they just don’t get it” isn’t helping matters. They have to get it. If they don’t, then risk increases and resources decrease. That’s the crux of the communication gap between technical people and company leaders — they need to speak about cybersecurity in terms of risk to the business.

Leaders want to protect data and networks. They realize the threat landscape is widening with cyber-attacks in the daily headlines. This group knows that if it happens to them, it will cost them a lot of money and harm their reputation. They are hungry for the facts but not in sentences that don’t sound human. It’s the responsibility of technical teams to express risk and threats in a way that makes sense to anyone and what steps need to be taken to mitigate them.

That becomes the hardest part — getting technical people to first realize their communication is ineffective and then get them on board to make changes.

Why Technical Employees Struggle to Evolve Communication Styles

As noted, the jargon and tech speak are a place of comfort for cyber professionals. They act as a veil over uncertainty. They are also logical creatures that see their work as black and white, so they immediately think they don’t need to improve communication or people skills. They know what’s best, and all the non-technical folks can’t grasp the fundamentals.

Continued thinking in this way will only lead to failures and mistakes. To be a great communicator, you have to be flexible, which seems foreign or negative to them. It’s very uncomfortable for them to be vulnerable in their communication because it might reveal that they don’t know everything. Of course, they don’t because no one does, but change is even more challenging if people can’t see this as a possibility.

So, what can you do in a leadership position to incite people to embrace transforming their communication styles?

How to Support Technical People on a Journey to Being Better Communicators

If your technical team improves its communication skills, it can be the best weapon you have in the cybersecurity war. It’s more potent than new technology or the highest technical aptitude. Here are some key things that can make a difference.

Remember Awareness

Awareness is the first step of the Secure Methodology and is something to revisit. Communication isn’t effective without listening. But you can’t do that until you have a level of awareness, which requires putting yourself in the shoes of others. So, encourage them to practice awareness with communication.

Reframe Objectives

Communication is effective based on the result. The point of communicating something is to receive a response. When you reframe the concept for technical people in this way, they can have an “aha moment” as they understand the results and objectives.

Simplify the Message

There is always a way to simplify the point. Technical people don’t need the comfort of their acronyms to emphasize what matters. Instead, urge them to consider who they are discussing subjects with and how to express things in a way that translates to the non-technical people of the world. They need to refrain from going into cyber talk because they aren’t going to get the result they need or expect.

Bring it back to the purpose and the idea of building rapport with others. Remind that listening for insight helps everybody. The bad guys aren’t sitting in the room with them — the people who can help them are.

Foster a Culture That Appreciates Communication and Sharing

Another part of improving communication is ensuring you create a culture that welcomes it. Your people need to know that if they are trying to share information effectively, you will support them. They’ll certainly make mistakes and revert to old habits, so you’ll want to remember acknowledgment factors — praise them when they communicate well. When they don’t, speak to them privately.

If you create a team that is certain you welcome change, they may be more apt to try harder. Remember, these people don’t like to fail and crave certainty. Of course, change disrupts these patterns, but they’ll do much better if they feel you have their backs.

Moving Forward: Communication Is the Center Point for Cyber Success

Communication is really part of every step of the Secure Methodology. It’s that essential, and it will come up again and again. By focusing on it, your technical people can make great strides in their journey to be better at their jobs and life. You can find more strategies along with exercises to build communication skills in my book, The Smartest Person in the Room, available now, or in my People Skills for Smart People course.

What Is Total Intelligence, and How To Build a Cyber Team to Lead with It

July 21, 2022 by Christian Espinosa

total intelligence - christian espinosa When making any decision, intelligence certainly plays a key role. However, often it’s only the logical, rational side of intelligence that people rely on, especially in worlds like cybersecurity. It’s a field that’s ones and zeroes, so many would think there’s no heart involved. Except those on the other side of the battle are using all their intelligence, something I call total intelligence.

The concept of total intelligence and applying it well as a decision-maker and leader have much to do with cybersecurity. It’s a term that I repeatedly use in my book, The Smartest Person in the Room.

You’re probably wondering what total intelligence is, so that’s where we’ll start.

What Is Total Intelligence?

My definition of total intelligence involves your body, heart, and head. It’s all the information you gain from experiences, training, education, and life. It’s the ability to lead with all of these aspects. Another way to think about it is what many call a “gut feeling.”

Being a cybersecurity leader requires total intelligence in every part of the job. However, you’ll find it challenging to get technical people into this mindset because it’s not all logical, and that’s where those folks like to stay.

Technical People Trust Their Head

Most of those in technical roles are creatures of logic and habit. They lead and interact with others using their heads. They have a skewed worldview, believing that everyone else thinks just as they do. Of course, they would think this because they always think they have the best approach — possibly the only approach.

They trust their head. It’s what comes naturally, and it doesn’t cause friction. They disregard feelings or instincts because they don’t trust them. This limited view isn’t good for any area of life and causes many problems in cybersecurity. This desire to be right and the smartest person in the room seems logical to them. It may seem like posturing, bullying, and a lack of cooperation to others. It hinders communication and actually prevents problem-solving.

Using only the mind part of total intelligence does not result in an environment where incidents and failures don’t occur. Technical people may argue that intelligence’s heart and body parts are unnecessary and have no place in cybersecurity. They are wrong! Cybersecurity is not black and white; it’s a field of gray.

So, how do you get these people to turn on other areas of their intelligence?

Driving Toward Total Intelligence Requires Self-Awareness

To empower technical teams to lead with total intelligence, they must be self-aware. Awareness is the first step in the Secure Methodology, a framework that I developed and is the focus of my book. It’s a guide with seven steps and a collection of strategies to transform technical teams into excellent communicators and collaborators. It’s the best way to convert those that live in very fixed mindsets.

The path to awareness isn’t easy for technical people or anyone else. A good starting point is assessment tests. They are not free of gaps, but they can lay the groundwork, informing takers on who they are, how they see themselves, and how others perceive them.

The test I’ve found to be useful is the Enneagram test. It embodies all the elements of total intelligence:

Instincts (body)
Feeling (heart)
Thinking (head)

The findings can benefit those who want to journey further into self-awareness. I highly recommend it to you and your team, as it can uncover fascinating and accurate information. I also share my results in the book.

Total intelligence becomes a greater possibility if you can move people toward self-awareness. But should total intelligence always be a guiding force? Like everything, its application varies.

Total Intelligence Changes Thought Patterns and Perspectives

The starting point of total intelligence is self-awareness, which changes how you think and, ideally, feel in any situation. It gradually happens as people adjust. They’ll find themselves running through scenarios in more than a logical mindset. It can open up a lot of self-discovery, and that’s a good thing.

Self-awareness can benefit your employees in every facet of their life. One thing it does is really provide people with a “why.” That’s their primary reason for doing what they do. It could be for financial reasons only, and that doesn’t discount someone from reaching total intelligence.

Having a passion beyond this sets your organization up to be on par with those of hackers. The hackers have a “why,” and many times, it’s stronger than those on the right (good) side. There is a lot of emotion behind the actions of most cyber-criminals. Understanding that helps everyone realize how crucial it is to think not based on logic alone.

Total intelligence also brings a team together, creating powerful connections.

Total Intelligence Connects You to Others

One of the most critical elements of attaining total intelligence is having open conversations that are vulnerable and uncomfortable. You have empathy and compassion for others when you’re leading with your body, heart, and head. You can stand in their shoes and see their perspective.

Those people skills gained with total intelligence are a changemaker in cybersecurity. Total intelligence opens you up to possibilities beyond that black-and-white world. You can see the fault in your logic and learn from others. With a team leading in this manner, you can mitigate all the failures created by poor communication and contrariness.

Great Leaders Have Total Intelligence and Understand the Balance

Many very smart and successful people say that you shouldn’t make business decisions with your heart, which is a bit ironic in a few ways.

First, most had to have the passion and connection to achieve what they have. Aside from those born lucky, entrepreneurs who have made a mark on the world did so by using their hearts, minds, and bodies.

Second, we live in a world where emotion is the key driver in buying decisions. There’s lots of data to back this up — studies from neuroscientists. There are experts on the subject, like Harvard professor Gerald Zaltman, who asserted that 95% of purchasing decisions are subconscious. To link this back to cybersecurity, consider that purchasing decisions are a big part of any business and who and what they involve in their technical needs. So, I’d draw a correlation that emotion backs many more business decisions than most people would attribute.

Emotion is essential, but the total intelligent leader knows they shouldn’t solely be led by their heart. They need all three elements to make decisions in the best way for the team and the company. If your people stay trapped in logic, they’ll make bad choices. They may not be bad today or tomorrow, but eventually, it will bite them.

In leading with total intelligence, there is a way to go through all three areas to come to a conclusion.

What Leading with Total Intelligence Looks Like

I try hard to be in a space where total intelligence guides me. I start with logic, but I listen to my heart and body. If those two are strongly opposed, I take that into consideration. I don’t ignore what’s happening outside my head.

As I describe it, the process may sound easy. Maybe you go through the outcomes, ask questions, and bounce around ideas. For a technical person, this is not a simple task. Adapting to this requires practice. Total intelligence is at the top of the people skills triangle. Your people will need:

Heightened awareness
A growth mindset
The right language
Hyperfocus
Empathy
A desire to keep improving

That’s a long list, and it will take time and effort to develop these skills. It’s a journey, and the route to take is the Secure Methodology. All seven steps work to build total intelligence. You’ll find many exercises and strategies in my book for each step. Doing these activities is key to building communication and other people skills.

The moment that everything clicks together for your team comes is when they allow emotion and instinct to complement logic. In practice, this looks like using logic as the first rung on the ladder. Emotion and instinct are next, and people achieve this by seeing problems through the eyes of the client. With all three applied, the solutions proposed are better.

Achieve Total Intelligence to Win the Cyber War

Your technical employees may seem resistant to change. The Secure Methodology takes that into account. Not everyone will make it through the steps, and it’s okay to conclude that some aren’t right for your team. If the goal is for everyone to make decisions based on the heart, body, and mind, you don’t want to devote too much time and energy to the “never-changers.” Concentrate on those people who want to evolve and can commit to the journey.

It all begins by reading the book and applying the Secure Methodology. Get your copy of The Smartest Person in the Room today.

Understanding the 6 Human Needs To Become a Better Technical Leader

September 3, 2021 by Christian Espinosa

Being a great technical leader is more than just about strategy. Many people believe that if a leader is smart enough and has the right skills, they will be great at their job. In reality, leading with intelligence doesn’t always guarantee results.

Most leaders fail by trusting that their intelligence alone can resolve issues. Often, they forget that they are working with people who, just like them, have needs. With the technological world constantly changing at a rapid pace, the brightest minds must always be ready to adapt or be left behind.

To adapt effectively, a leader must understand people’s needs as well as their own. When a leader connects with others on an emotional level, it’s easier to work on a common goal. So, to get good results as technical leaders, they must have a solid grasp of how the six human needs work.

An Overview of Tony Robbins’ 6 Human Needs and How They Influence Us at Work

Tony Robbins’ work on the six human needs states that we behave a certain way in different situations because of core needs. They are developed from childhood and shaped further by our life events. Understanding these needs will help us work on ourselves to become more efficient at work.

Need for Certainty

Our need for certainty revolves around finding pleasure and avoiding pain. Workers need to feel safe and secure at their jobs. This is why we do all that we can to make things familiar and relatively predictable so that we gain a sense of stability.

Need for Variety

Our need for variety alongside our need for certainty is one great paradox of human need. We want to feel secure about our jobs, but we get bored when things get too predictable. However, the way we crave new stimuli every now and then ensures we gain considerable experience to be more adept at what we do.

Need for Significance

The need for significance drives us to feel unique and important, so we push ourselves to make the most of our capabilities. We find motivation in the praise and recognition we receive from coworkers. When people take notice of our accomplishments, it brings us validation and strengthens our drive to do more.

Need for Connection

Our need for connection makes us relate well with others to establish closeness. This is why we seek camaraderie at work and form groups. Employees feel satisfied with a strong sense of team affiliation. When we feel that we belong, it is easier to have shared goals.

Need for Growth

Our need for growth compels us to expand our capabilities. We have an innate tendency to be better and reach our full potential. We are inclined to test the limits of what we can do by challenging ourselves at work. We are more productive when we know we are better today than we were yesterday.

The Need for Contribution

Our need for contribution is largely based on our longing to be part of a community. When we feel that we are an integral part of a group because of the value we add to it, it gives us a sense of purpose. When we put others before ourselves, it improves our capacity for empathy and compassion.

How Our Identity Ties to the 6 Human Needs

Our identity ties to our needs. Our behaviors are positively reinforced depending on how our needs are met. We also compensate for unmet needs through unhealthy behaviors. We make decisions at work based on what we value the most.

How we value stability or recognition at work, for example, shapes who we are through our behavior. Patterns of behavior in turn create our identity, which people see through their lens, and to which we strongly associate ourselves.

How the 6 Human Needs Relate to Maslow’s Theory

Abraham Maslow first introduced the concept of human needs. The model shows how we prioritize physiological, safety, love and belonging, esteem, and self-actualization needs, moving from the bottom of the pyramid all the way to the top.

There are parallels between Maslow’s Hierarchy of Needs and Tony Robbins’ 6 Human Needs. Both theories show how we can achieve our goals in life by focusing on our needs.

We cannot give others certainty when we do not feel safe. We cannot feel close to people when we are uncomfortable with ourselves. We cannot become great leaders at work when we have nothing to give. That’s why we must meet our needs first before we can give to others.

How to Create Emotionally Intelligent Workers Through the 6 Human Needs

The success of a well-coordinated organization can be attributed to workers who have a full understanding of human needs. In order to thrive in such a competitive environment, employees in the field of technology must be emotionally intelligent apart from being knowledgeable about their jobs. Every company is essentially composed of people who are subject to their own weaknesses when certain needs are not met.

In our Secure Methodology, the goal is to create emotionally intelligent leaders with strong people skills. These leaders must lead with their hearts, not their minds. They must set a good example for the workers by demonstrating a thorough understanding of the human psyche. Leaders must encourage their workers to do the same.

The Seven Steps of the Secure Methodology:

Awareness: A technical leader must have a full grasp of who they are before they can begin to understand others.
Mindset: A technical leader must have a growth mindset and always be open to change.
Acknowledgment: A technical leader must recognize that their workers are enough by making them feel appreciated.
Communication: A technical leader must consider that the right words, tone, and body language all influence effective communication.
Monotasking: A technical leader must allow workers to focus on a single task first to achieve mastery and stability before asking them to work on another.
Empathy: A technical leader must foster strong connections with others by understanding where they’re coming from.
Kaizen: A technical leader must encourage others to make progress through their contributions.

Practicals to Better Understand the 6 Human Needs

Knowing the six human needs by Tony Robbins will not guarantee leaders the instant ability to work well with others. It takes a proactive approach to develop a conducive environment for developing emotionally intelligent workers.

One good way to get started is by encouraging workers to take this quiz to discover their top human need — the “driving force” that influences their behaviors. There can be a focus group discussion afterward where workers are free to evaluate how their needs are being met at work. This exercise allows people to connect and better understand each other’s needs.

Wrapping It Up

An understanding of Tony Robbins’ six human needs is essential for today’s technical leaders. It is not enough for leaders to be smart and skilled. They must also know how to work well with others. Emotionally intelligent leaders can easily get ahead in such a competitive industry because they have the support of motivated workers whose needs are being met.

For technical leaders to be successful, they must remember these key takeaways:

Before leaders can understand others’ needs, they must first understand their own.
Leaders must learn how to empower workers in meeting their own needs.
A leader’s team of workers thrive best when their needs are consistently met.
To properly execute the Secure Methodology, the leader must have a full grasp of the 6 human needs.
A leader must proactively improve their understanding of the six human needs and encourage workers to do the same.

How to Develop Soft Skills in Your Cybersecurity Team

June 16, 2021 by Christian Espinosa

Cybersecurity roles are highly technical, so why should you care about soft skills? For any technical or non-technical position, there is, of course, human interaction. Having technical aptitude is essential in the field, but it doesn’t always translate to success. In my experience, cybersecurity soft skills matter greatly, and this is why I wrote The Smartest Person in the Room. They can be the reason for cybersecurity success or failure.

Developing soft skills in any person in any career is challenging. It’s not a one-size-fits-all approach. People are complex and have different experiences, motivations, and limitations. What works for some may not for others. In a way, you have to customize it to the person. However, there are some wide-ranging ways to apply principles and strategies to enhance soft skills and help professionals perform at work and in life better.

Soft Skills Are Harder to Master Than Hard Skills

The “hard” skills of cybersecurity aren’t easy by any means. Most industry experts still say there’s a skills gap, and cybersecurity certifications are not always an indicator of proficiency. The field is full of paper tigers, individuals who look experienced and knowledgeable on paper but don’t excel in the real world.

However, individuals can hone their hard skills with practice and perseverance. They can soak up information and improve every day through practice — although a lack of soft skills can impede the ability to do this.

You actually need soft skills to improve hard skills, and they are difficult to master. Soft skills like communication, collaboration, and having a growth mindset enable a person to learn and grow in new ways that can open their eyes to the fundamentals of cybersecurity.

Soft skills are harder because they require a change in thinking, behavior, and actions. Change is hard for anyone in any situation. Cybersecurity professionals often have the mentality that they are never wrong — they are the smartest person in the room. That’s a fallacy that you can’t transform with more hard skills. You have to do the hard work of soft skills.

What Are the Most Important Cybersecurity Soft Skills?

Cybersecurity is typically only successful when it’s a group effort. Silos don’t contribute to this, yet they exist. Breaking those down and collaboratively working depend greatly on soft skills. These are the ones most critical.

Communication

Communication is at the top of the list. As humans, it’s our means of expression and connection, but most of us aren’t great at it. That doesn’t mean we’re defective. It just means that experiences, trauma, failures, and more cause us to hold back.

Tapping into communication skills is crucial for a cybersecurity team, and it has many facets. Communication isn’t just what you say. It’s how you say it, your body language, and other nonverbal cues. You can have a great employee that’s technically smart, but if the delivery of every message they have is condescending or defensive, it’s not likely to be received well. Written words are communication, too. Tone is often hard to judge in these, which could be causing problems as well.

The other part of communication is active listening. While we all usually hear what people say, we don’t listen. Or if we do, we only catch things that validate our own positions.

In many scenarios, miscommunication — or lack of communication — is the cause of cybersecurity failures. Teams don’t share information or take into consideration ideas that don’t align with their own. That’s a huge risk that has nothing to do with the technical side.

Fostering communication is a slow process. You can’t just declare that everybody’s going to be better at it, and this happens. There are deep-seated barriers inside people that make them falter in communication. People must want to change and actively participate. If you can understand their motivations, that can help, but some people aren’t even clear about those.

In my book, communication is Step 4 of my Secure Methodology. It includes exercises and analysis on communication issues in cybersecurity. Those can be a good entry to solving these challenges, but it still requires acceptance and desire to change for individuals.

Collaboration

Collaboration is a complement to communication. Communication enables collaboration. Everyone comes to the table to work out problems and plan for the future. This is difficult in tech roles because sometimes they don’t see the big picture of what they’re doing and its impact. Collaboration in cybersecurity isn’t just about the internal team. It’s about working with non-technical people, too.

Those other parties could be internal stakeholders or external ones. They expect your group to protect their data and systems. They play an important role because they tell you why and what. If collaboration efforts stumble, you can almost guarantee that risk rises.

Communication exercises can support bridging this gap. Awareness is also key and is the first step in the Secure Methodology. Regarding collaboration, awareness of others is the soft skill needed.

Without awareness of others — their opinions, beliefs, and needs — we simply make assumptions. Those can be wrong and influenced by our own experiences. When you can cultivate awareness of others in a group, interactions become more productive and positive.

Curiosity

Curiosity is often associated with negatives because we know what it did to the cat. That early belief that curiosity is bad sometimes sticks. However, those who are naturally curious often find great success because they wanted to know why, and once they saw why, they were motivated to innovate.

Excellence in cybersecurity requires a lot of curiosity. There are lots of mountains to conquer, and the landscape is constantly changing. Someone that discourages curiosity in themselves or others will struggle in the field. They won’t be able to imagine what’s next. After all, those on the other side use curiosity to make them better hackers.

Inspiring curiosity often comes down to simply asking why a lot, or “what” and “how” variations of why. It moves people to articulate positions and dig deeper. There are some exercises for this in the book, and I’ve found that curiosity is a skillset that delivers tremendous value for professional and personal growth.

Comfort with Change

Many cybersecurity professionals find the field attractive because they don’t like uncertainty. No one really does, but it’s a fact of life. We can all agree that the only certainty is uncertainty. While some of the hard skills of cybersecurity seem defined and finite, change is a big part of the industry.

For people to embrace change, it requires acceptance that they can’t control everything, which is hard for technical folks. Fear of change and the inability to be more agile-minded can impact a team’s resiliency.

So, how do you get teams to be more willing to be changemakers? Working on communication and collaboration helps, but it also includes developing a growth mindset and empathy. These are two more steps from my Secure Methodology that directly affect soft skills development.

When people stretch their mindset from being fixed, they can change how they behave and react. They may gain patience and be better equipped to inspire change in others. Empathy can also change someone’s perspective. When they take the time to respect other views, they’ll deepen their soft skills, which allows them to perform cybersecurity work more holistically and strategically.

Does Your Culture Support Soft Skills Development?

Another vital consideration for soft skills development is how well your culture supports it. If you don’t, then the work you put in may not stick or resonate. Workplace culture impacts business success. When it doesn’t allow people to thrive and grow, the result is disengagement, high turnover, and greater risk.

If you want to improve the soft skills of your cybersecurity professionals, you need to assess the culture. Determine what the barriers are and how to overcome them. By doing that, you put your team and organization in a much better place to succeed.

Ready to Cultivate Cybersecurity Soft Skills in Your Team?

Soft skills development isn’t easy. There’s a lot of resistance, and some may not see the value. It requires change and motivation to grow. You might find that not every cybersecurity professional can commit to this, but there will be many who do. Organizations and their IT leaders can find a great resource in applying my Secure Methodology. You can learn all about it in my book, The Smartest Person in the Room, available now.

The Value of Empathetic Leadership in Technical Roles

March 24, 2021 by Christian Espinosa

There’s a misconception that leaders, especially in technical fields, should do so with only their brains. They should be logical and data-driven. Those skill sets are important, but leading from the heart is just as important. Empathetic leadership is about compassion for employees and customers. And it fits nicely in cybersecurity, an area that requires trust, communication, and collaboration for success.

Empathy is good for culture and customer loyalty — it’s also good for your bottom line. Many studies have supported this, including one that found that companies that express empathy outperform their competitors. And there’s more to reinforce this idea:

A scientific experiment discovered that empathy boosts creativity.
A study revealed that an empathy deficit can cost brands over $200 million in revenue annually.

Thus, it would seem that leading with empathy is a win for all if it were only that simple. There are many challenges to building an empathetic business and leadership.

What Is Empathetic Leadership?

What exactly is empathetic leadership? Is it listening? Communicating? Caring? It’s all those things, but specifically, it’s having the ability to understand others’ needs. It’s about being aware of those outside yourself. It’s stepping into the shoes of others. Those are hard to master, and empathy isn’t all innate.

Being empathetic aligns with having emotional intelligence. There are some factors of it that are genetic traits. Women also tend to be able to show it more, but it’s still a skill. Yes, empathy is a skill, one that you can hone and develop if you commit to personal and professional growth. You have to be willing, vulnerable, and open-minded. That, of course, isn’t always how people or leaders think. It requires a fundamental change to become really good at empathy. While change is hard and scary, it’s often the best thing that can happen.

How Can You Apply Empathetic Leadership to Cybersecurity?

Cybersecurity is about protection. It would seem a natural parallel with empathy. Yet, most would agree there is a gap here. There’s a lot of focus on technology and tools to fight the cybersecurity war, but there have to be people behind.

In many cases, cybersecurity failures are human-related, not technology-focused. If that’s the case, then we can’t cure it with more systems and products. Instead, we need to focus on the people. And those people need to have an empathetic leader.

Empathy Is a People Skill

There are stereotypes that technical folks are devoid of people skills. That’s not true; they aren’t robots! Often, they get caught up in logic and forget the emotion. It is possible to improve people skills for technical professionals. I write about how to do this in seven steps in my book, The Smartest Person in the Room.

You can develop people skills the same way you do technical ones. Through practice and learning, it’s possible to become more empathetic. To achieve this on a cultural level within a company or firm, it has to start at the top. If leadership doesn’t demonstrate it, it’s hard to expect others to follow.

Empathy Is Hard for Everyone When We Focus on Differences

We can all collectively say the world right now needs more empathy. Compassion and care often get lost, as societal and cultural pressures tell us to look out for number one and focus on our differences. There’s a lot of “us vs. them” mentality in every aspect of life. It’s not hard to find that every time you scroll through social media or turn on the TV.

Why a Differences Mindset Handicaps Cybersecurity

Focusing only on differences creates divides. Those can then manifest as bad behavior within the team and toward other people in a company or even customers. The usual suspects are bullying, posturing, and egotism. Acting in these ways is often rooted in insecurity, as they want to be the smartest person in the room always. Being trapped in your head and only seeing differences leaves little room for empathy.

Lacking Empathy with Clients Can Be a Disaster

Clients, whether internal or external, expect cybersecurity professionals to protect what matters to them. To really understand this, empathy is imperative. Lack of it leads to not looking at specific needs and, instead, offering up a complicated cybersecurity framework. Complex doesn’t mean effective, and many professionals will miss the point.

If leaders don’t practice empathy and expect it in others, security will be much less effective, leaving clients unsatisfied and untrusting.

Colleagues Should Have Reciprocal Empathy

Empathy among the team is just as essential as having it with clients. Leaders model this (or don’t), as well. If a leader never acts with empathy toward their staff, why would they exhibit it with one another?

When there’s a void of empathy in these situations, communication, honesty, and transparency all suffer. It becomes a dysfunction instead of a collaborative working environment. It’s hard to be successful in this setting, no matter how technically astute you are.

The Tangible Value of Empathetic Leadership in Cybersecurity

I’ve shown you some data, studies, and leadership that illustrate the correlation between success and empathy. But how can it support cybersecurity?

It supports human connection: More technology and more budgets won’t cure cybersecurity shortcomings. Having sincere human relationships will, and a leader that exhibits this will have an impact.
It helps understand the needs of the client: An empathetic leader will dive into the challenges and pain points of the client and have clarity on these points. That’s the ideal foundation to develop a plan that works.
It removes the ego: This is a problem in the field. But if a leader’s behavior is egoless and focuses more on listening to others and making careful decisions, this helps all aspects of the company.
It improves communication and collaboration: Imagine a leader that never wants to hear anyone else’s thoughts or ideas. Well, we don’t have to imagine it because many leaders like this exist, and they fail over and over. An empathetic leader wants to hear from the team and practices active listening.
It helps ensure the right people are on the team: A leader that possesses empathy will use that in hiring and recruiting decisions. They’ll look for these traits in others, realizing soft skills are just as valuable as hard ones. Those smart hiring choices will lead to longer retention as well.

How You Can Cultivate Empathy in Others

If leadership commits to empathy — and they should for the value it delivers — the next step is fostering it in the entire team. Intelligence, knowledge, and experience will only get you so far in cybersecurity. They aren’t nearly as powerful without the missing piece of empathy.

Empathy is Step 6 in my Secure Methodology, and the following are some insights from that practice that can bridge the empathy gap:

Realign to emphasize similarities, not differences: Each of us is unique in our own way, but we have more similarities in the long run. That’s the first step for building the skill of empathy. This realignment can help cybersecurity teams immensely. You’re all in this together, and the “enemy” is cybercriminals, not each other.
Understand the motivation of others: Motivation and empathy have synergies. If you know someone’s “why,” then it can serve as a way to get them in touch with compassion.
Acknowledge wins: If you want technical employees to express empathy, you have to acknowledge their accomplishments. When you do, they feel appreciated for their work and more connected to you.
Adapt communication: Technical people often struggle with admitting they don’t know something. As a leader, you need to remember that when you communicate. I recommend not using “why” statements and instead leading with “what” and “how.”

These are a few highlights that demonstrate basics steps to take. There are also exercises to try and other specifics, which you can find in my book. Cultivating empathy is an ongoing process, so there’s really no finish line.

Is Empathy Part of Your Organization?

Right now, if you had to say, as a leader, if empathy is part of your organization, what would the answer be? Few can probably adamantly say yes, and that’s okay. It’s a complex attribute to introduce, cultivate, and maintain.

However, it is possible and provides so many benefits to companies. No matter where you are in the journey, I want to help. You can start by reading my book, The Smartest Person in the Room.