leadership

How to Build a Cybersecurity Team from Scratch Using the Secure Methodology™

September 17, 2023 by Christian Espinosa

Building a cybersecurity team comes with many challenges. So many factors are impacting the ability to do this effectively and efficiently. The cybersecurity workforce shortage means more competition for talent, but you can’t be confident all those vying for positions have the hard and soft skills to succeed and thrive. On top of all this, the threat landscape keeps expanding as cybercriminals develop new tools and strategies to exploit weaknesses.

So, what can you do as a cybersecurity leader? As someone who’s been in the position, I have some insights to share on how to accomplish this. Keep reading for strategies, tips, and info about the Secure Methodology as a framework for constructing a cybersecurity team.

Steps to Take to Build a Sustainable Cybersecurity Team

Where should you start on this journey? Should you jump right into recruiting and hiring? I would urge you to first develop a strategy, define the tools you need, and create some principles for the culture you hope to cultivate.

To do this, follow these steps:

Acknowledge that cybersecurity is a people problem and let that guide your strategy.

It’s easy to blame the breaches and attacks in the cyber world on technology. Without it, there wouldn’t be an issue, but categorizing it only this way is a fallacy. Behind every attack is a person. Every defense also has human intelligence executing it, and most causes of cyber incidents relate to errors, mistakes, or intentions of someone.

It’s very much a people problem, and that fundamental principle should guide your team-building strategy. Yes, there are lots of great cyber tools out there that are leveraging AI and enabling automation. You need those, but the people charged with managing them need knowledge and skills to do so. Those skills must include soft ones, as the human issue in cybersecurity won’t find a resolution without staff that cannot communicate or collaborate.

There is a current soft skills gap in every industry, including cybersecurity. The people who are a good fit for your roles may not possess these. If they are curious to learn and motivated to evolve, they can be great additions to your team.

Ensure the bad guys are cybercriminals, not internal.

Another element of creating a cybersecurity team is to eliminate the “us vs. them” mentality that often happens between technical and business folks. You’re all on the same side, but much of that can get lost in translation. The business side may not take cybersecurity as seriously as they should, frustrating cyber professionals. There’s animosity on your side, too, as your team may resent others, especially when they have questions and challenges.

It’s critical to put the target back on the real enemy’s head. There must be balance and cooperation between business and technical groups. You don’t want to bring someone on who fails to understand the perspective of others. Employees like this will degrade the trust and credibility of your team and do anything to avoid being wrong. You can spot this in how they respond to queries about collaborating and if they do a lot of posturing.

Look for a wide range of skills.

You have to define the requirements you want in your team, which should include various abilities and aptitudes. In doing so, you have to shift your definition of qualified. The majority of cyber leaders believe applicants don’t have the right qualifications, according to the State of Cybersecurity 2022 report. What they say people lack includes hands-on experience and training along with credentials and degrees.

The hands-on part makes sense because you want people to have real-world interactions. One cannot get this without opportunity. It’s especially true for younger generations, who we need to join the field. These people could be bright and eager to learn, making them excellent hires.

Credentials and degrees can demonstrate skill sets but not always. Often, people look great on paper because of these achievements but lack the knowledge to apply what they learned in classes. The learning may also be insufficient, especially for courses that validate aptitude based on multiple-choice tests. You can only be confident in one thing for those passing these — they can memorize answers. Beware of these “paper tigers.”

Instead, use skills-based hiring models. This approach focuses on a candidate with specific competencies that directly relate to the work. It involves soft and hard skills.

Develop your recruitment strategy on skills-based hiring.

Building a strong, multi-dimensional team requires a mix of people. Not everyone has to be strong in everything. You can create a staff who can learn from each other and you.

With skills-based hiring, you can:

Identify people with abundant soft skills and a desire to improve their technical skills.
Find candidates who have familiarity in all areas of cybersecurity but don’t have real-world experience yet and develop them.
Attract people newly entering the workforce and those starting over, which can help you build that right mix.
Assess people holistically instead of only looking at their technical aptitude.
Reduce barriers for people getting a shot at a cyber career who didn’t attend college.

Putting together a team of cyber professionals in this manner can lead to a strong and healthy culture. It can also decrease risk and ensure that cybersecurity has a seat at the table to influence business decisions. You simply won’t be able to do that if you hire with bias found in the old ideals of “qualified.”

All these ideas and opportunities align directly with the Secure Methodology, which is a seven-step process of transforming people with purely technical and closed mindsets into great communicators and partners.

The Secure Methodology and Building Your Cybersecurity Team

The Secure Methodology is the foundation for creating and maintaining a team that thrives and is adaptable. I based it on my own experiences and observations of what was going wrong in cybersecurity, which is a people problem.

Here’s a glimpse of each step and how it can support your hiring strategy:

Awareness

The process kicks off with awareness. It pertains to both self and others. Without it, people don’t understand the impact of their behavior on relationships and communication. It’s about opening up people’s blind spots.

Will every candidate already have awareness? And how do you evaluate this? Most people lack awareness to some extent, so it often requires development. You can assess someone’s state of awareness or willingness to get there by asking them to reflect and tell you about a challenging time and how they handled their interactions with others.

Mindset

Mindset is critical for anyone’s ability to grow and evolve. Those with a fixed mindset will resist any type of change. It’s a problem for technical people because they desire absolutes, but cybersecurity is a dynamic and volatile field! It’s kind of a paradox, so be observant of how people communicate about themselves and their experiences. This can give you a good idea of how open their mindset is and if they’ll be a good fit for your team.

Acknowledgment

Next is acknowledgment, which you’ll want to make a pillar of your culture. Technical employees crave feedback and understanding of their place in the business. Of course, they must also be receptive to it because it won’t always be positive. You also want to know if someone can acknowledge the work and contributions of others within the group or outside of it.

Communication

The fourth step is communication, and it’s the most important concept when creating a team. We can’t do anything well without honest, transparent, and consistent communication.

Being a good communicator doesn’t just mean being articulate. In the world of cybersecurity, your team must be clear about what they need, the challenges they face, and what’s really happening in the threat landscape. They also have to be active listeners to be good collaborators.

You can likely assess someone’s communication skills within the context of your conversations. Look for those who can clearly express big ideas and don’t use geek speak. If they show signs of this and seem to be listening to you, it’s a good sign, and you can continue to help them master this skill.

Monotasking

Monotasking is the fifth step, and it means concentrating on one task or project at a time without disruptions. It’s hard to find anyone who monotasks much in the workforce, where we seem always to be doing five things at once.

You can talk about monotasking in interviews to see someone’s reaction to it. Do they think it’s bad for productivity or impossible? Emphasize that you believe it to be a critical component of the workday because it enables critical thinking and problem solving, which are two huge assets in cybersecurity.

Empathy

Empathy is the sixth step, and in this connotation, it means the ability to understand someone’s perspective and feelings. It’s one of the hardest things for anyone to build, and yes, we must learn it. We are not innately empathetic. Achieving this can help with stress, burnout, and frustration toward others.

In speaking with prospective hires, ask them about a time when empathy would have been a good response to a problem. The answers they give can reveal a lot about their inner workings.

Kaizen

The last step is Kaizen. It’s a Japanese term that means “change for the better.” It never ends because continuous improvement is forever. When hiring, you want to put people on your team who believes in this approach to work.

Ready to learn more about the Secure Methodology? Start by reading The Smartest Person in the Room and explore the Secure Methodology course.

Why Cybersecurity Deserves a Seat at the Leadership Table

May 15, 2023 by Christian Espinosa

Adaptability and the ability to evolve are core components of cybersecurity. To combat threats and mitigate risk, an organization has to make security a priority and a pillar. Managing this dynamic environment and ensuring these things are part of a company’s foundation means cybersecurity deserves a seat at the leadership table. Cybersecurity leadership is essential to any business’ pursuit of cyber resilience.

However, not every organization has provided this space. Even those with CISOs don’t necessarily bring them into the C-suite. As a result, cybersecurity doesn’t have support at the highest levels. Often, it’s due to culture or a misconception about security’s role in the enterprise. With the threat landscape only becoming vaster and more complex, it’s a pivotal time for cybersecurity leadership to step up.

Cybersecurity Leadership Must Make Risk Real

Senior leaders in most companies have an awareness of risks and threats. They see the same headlines as everyone else and likely know of peers who have been the victim of an attack. Awareness is a start, but you’ll need something more tangible than words. Your communication of this to non-technical people doesn’t have to be fear-mongering. Instead, you can discuss emerging trends that need attention and a plan.

Here are some examples.

Digital transformation and the proliferation of identities.

Your organization is likely on a digital transformation journey. These pursuits push companies forward, allowing them to be more agile, reduce costs, and improve productivity. Those are business goals from a technology strategy. However, with digital transformation comes cyber risk.

A diverse set of endpoints, identities, and access points create more vulnerabilities, giving hackers more opportunities to cause harm. Identity compromise is a favored attack mode, so you must express how this progress needs a security guide.

Attack techniques continue to rise in sophistication.

Cybercriminals are persistent and focused on the goals of infiltration and breaching. They continue evolving their toolset to deliver more realistic phishing messages in many channels to launch a ransomware attack or steal valuable data. Further complicating this is the cybercrime-as-a-service trend. Threat actors don’t have to be technically astute. They can simply hire a hacker.

This is a concerning topic and one your C-suite needs to know. They need to understand that as cybercriminal tactics evolve, your strategy must, as well, which often requires funding for headcount and/or technology.

Cybersecurity talent is scarce.

The cybersecurity workforce landscape remains challenging. The ISC 2022 Cybersecurity Workforce Study reported that there are over 3.4 million jobs unfilled in the field. As a cyber leader, you’ll get all too aware of this problem. Without the right staff, risk increases, and 80% of organizations that experienced a breach attributed it to a lack of cybersecurity talent or awareness.

Your company’s leadership needs the facts on how cybersecurity recruitment and retention impact risk and security. Making them realize how crucial this is can result in more funding for you to attract and upskill cyber professionals.

By giving people concrete examples of why cybersecurity matters, you get your seat at the table. Then you can turn to maturing the program. With that comes new challenges to keep that place.

Maturing and Modernizing Cybersecurity Requires Leadership Support

There are discussions you’ll need to have on an ongoing basis with your leadership peers. Don’t keep cybersecurity in a black box. Instead, communicate what’s really happening in a way that they’ll get. Some of those conversations should include these topics.

Emphasize the need for automation: You can’t introduce automation into cybersecurity workflows without consensus and support. Embracing automation can deliver a high return, as it reduces manual, repetitive work, so your cyber employees can focus on more strategic work. Overall, it promotes efficiency, consistency, and productivity.
Play offense with cybersecurity: Most C-suite members who aren’t technical think of cybersecurity as a defensive strategy. Being proactive is what will keep you in the game. With this approach, you can identify the most serious risks and map your cybersecurity strategy to them. You’ll be able to close gaps faster and stay ahead of threats.
Make the business case for cybersecurity: There’s often a disconnect between business goals and cybersecurity. They need a connection for all leaders to understand the implications and the quantifiable impact of risk. You and your team must be able to simplify the messaging and hit the right points for the business side to consider cybersecurity as a bedrock to everything versus an afterthought.

What’s the key to all these actions you need to take? It hinges on people skills, not technical skills. A CISO isn’t a technical role, at least not anymore. Today, CISOs are risk assessors, strategy builders, people developers, and priority determiners.

Enhancing and building your people skills along with those of your staff is imperative to remain at the table. So, what people skills do CISOs need?

Cybersecurity Leadership and People Skills

Cybersecurity leaders will need a high number of soft skills to be successful at the table. Geek speak won’t work with this crowd. Continuing to work on these skills and impart their importance to your staff matters. Here are the things that will make a difference in keeping your seat.

Be a great communicator and speaker.

Communication skills are at the top of the list. You’ll need to be sincere, genuine, and honest with what you say and be an expert listener. As a strong communicator, you can engage others in a discussion that helps them learn about risks and countermeasures. Presenting findings and information to the board and C-suite requires explanations that make sense and are relevant to the audience.

Develop policies that serve the enterprise.

You are now responsible for many policies about security. When bringing these to leadership, you’ll need to do so in a way that benefits and means something to the entire organization.

Interact and persuade.

You’ll need some political skills to manage priorities and deliver recommendations. You should do so by listening first and responding with convincing arguments with proof.

Understand the business and its objectives.

As a CISO, you must ensure that what’s important is secure. Being successful with this requires you to be aware of what the big picture is for the company.

Embrace collaboration and manage conflict.

You’re making the case that cybersecurity doesn’t live in a silo and that it impacts every area of the business. As such, you have to develop deep collaboration with your leadership peers and foster within your team and their work with others. Being able to manage conflict is vital, as well, as others will have competing opinions and priorities.

Act strategically at all times.

Every plan you design needs a strategy behind it. There are often many layers to this, and you must balance the protocols of security with innovation and business goals. Your approach should also be flexible, as you’ll always need to pivot in cybersecurity.

Manage your people effectively and with transparency.

Another critical part of your soft skill toolbox is being an excellent manager for your team. Your staff executes the strategies you’re presenting to leadership. They are essential to keeping everything secure and thwarting attacks. Being open and transparent builds trust and respect. If you achieve this, it’s easier to express how your team will implement plans.

It’s not always easy to be consistent here, as cybersecurity is a high-stress environment. However, there are ways to keep yourself on the right path and instill this in others.

Ensure empathy is part of how you lead and collaborate.

Empathy in business means seeing the perspective and view of others. Organizations that lack it often have rampant mistrust and disengagement. Expressing it within your team and your collaboration with colleagues can go a long way to demonstrating the value of cybersecurity to the organization.

If you want to further your own soft skill development and that of your team, you can with the proper framework. This idea is the central theme of the Secure Methodology™. It’s a seven-step process for encouraging and developing people skills.

How the Secure Methodology Helps You Keep Your Seat

In seven phases, you can improve how you interact and communicate. It’s important to have the skills and build them in others. If your cyber team operates in this way, all the things you need to do as a leader become easier.

Each step has specific lessons and exercises that focus on communication, collaboration, change, growth, motivation, and transparency. It’s a framework designed for technical people to transform how they behave and react to be more positive, inclusive, and aware. There’s also an element of continuous improvement. The evolution of yourself and your team propels you forward with less friction, animosity, posturing, and strain.

The Secure Methodology is something that can support cybersecurity and the whole enterprise. Its pillars promote a healthy culture so that innovation and security can walk parallel. This is really important to other leaders who often think security is the enemy of innovation.

Start your Secure Methodology journey today by checking out the course.

Cybersecurity and Meaningful Work: Why New Generations Entering the Field Want Purpose

December 18, 2022 by Christian Espinosa

The cybersecurity talent pipeline is facing the same challenges as many industries. A strong job market and low unemployment mean that many well-qualified professionals aren’t actively seeking new jobs. As a result, cybersecurity needs to look to the latest generation entering the workforce, Gen Z. Gen Z is a unique generation, which makes the ability to recruit and retain them much different. They have new ideas about work and that it should be more than a job and provide them with purpose and fulfillment—a trending topic in the world of HR known as meaningful work.

In this post, we’ll examine the Gen Z demographic, what matters to them, the concept of meaningful work, and how cybersecurity leaders can use this information to connect with a new generation of workers.

All About Gen Z and Their Entrance into the Workforce

Gen Z describes individuals born between 1997 and 2012. They currently make up almost 21% of the U.S. population. The oldest of this group have entered the job market, with many more to come in the next few years.

Gen Z is described as the most racially and ethnically diverse generation. They are also digital natives who have had a device in their hands most of their lives. This demographic has also been through many major events during their young lives, including the war on terror, a major recession where they witnessed parents and family members lose jobs, and the pandemic.

All these factors shape how they view work and what’s important to them. They are often adamant about work-life balance, flexibility, autonomy, and having modern technology as part of their job. In addition to these expectations, they also want to work for organizations that share their values. In fact, 77% of Gen Z said this was important in response to a survey conducted by Deloitte. Another thing they value highly in an employer is diversity, equity, and inclusion (DEI), which 87% agreed was critical when considering jobs.

Gen Z also cares about company culture. Cybersecurity should be very culture-focused, which could entice them. Overall, they want to work for a company that cares about their well-being.

Work for them isn’t about a “grind” or purely a transactional relationship. They desire meaningful work, and if it’s not present, they’ll have no problem moving to the next opportunity. Long gone are the days when employees worked for a single company their entire lives.

As a cybersecurity leader, ingesting this information about Gen Z may give you pause. Yet, they have some key attributes that make them attractive as workers beyond technical skills.

How Gen Z Workers Can Benefit Cybersecurity

Gen Z had a big head start on technology aptitude. It’s been part of their lives forever, and they’ve been early adopters. Beyond these skills, cybersecurity leaders are placing more emphasis on people skills, which is the central message in my book, The Smartest Person in the Room. These can be very hard to develop in older workers that have been in the industry for years.

The nature of Gen Z’s life experiences naturally predisposes them to value being communicators and collaborators. The stereotype of this group as never putting down their phones and being detached in communication isn’t accurate. They do love tech and spend lots of time on social media, but it’s not their entire personality.

Since they sincerely care about the world around them, they also understand the value of having strong interpersonal skills. Some might not be as confident in soft skills, but they won’t “fight” you on realizing the need to develop them as older generations may. As a result, they may be more amenable to participating in exercises, programs, and activities that will help them cultivate better people skills.

All these things make Gen Z an attractive group for cybersecurity careers. The onus of making your industry and company appealing has a lot to do with meaningful work.

What Is Meaningful Work?

Meaningful work is a newish concept in the world of HR. Its definition is somewhat flexible because “meaning” is subjective to an individual. The idea is universal in that it means that an employee believes the work to be important for the greater good and is part of something. As a result, workers are motivated and engaged in what they do.

Another aspect of meaningful work is that employees can use critical thinking skills and be problem-solvers versus taskmasters.

Both align with a career in cybersecurity and what Gen Z wants in a career. In the end, meaningful work is good for workers and businesses.

For example, employees who engage in meaningful work from their perspective may positively impact their mental health, something Gen Z is serious about. Healthier employees typically have fewer absences than their depressed counterparts. They’ll also be more engaged in building a strong cybersecurity culture and collaborating to do great things.

An environment of meaningful work supports retention, as well. The attachment that occurs in this situation delivers tangible benefits. Companies can see 50% less turnover and a 56% increase in job performance.

It can also deter burnout, which can be a problem in cybersecurity. It’s a high-stress field with many risks, threats, and stakeholders. If you have a team that feels the work is meaningful, that you and the organization value them, and is a culture that’s inclusive, you have an advantage over others. As a result, you’ll be a more attractive option for those entering the field.

So, how do you promote your company as one that delivers meaningful work?

Attracting Gen Z with the Promise of Meaningful Work

There are a few key strategies to consider when recruiting Gen Z and using the angle of meaningful work. First, it’s essential to know that Gen Z is proactive in their job search. For those in college, a quarter of them began job searching in the first two years. Second, they seek internships to get experience for the future and test out a field to see if it’s a good fit. Taking this into consideration, here are some ideas.

Partner with Universities and Community Colleges to Find Talent

Get to Gen Z while they are still learning by creating relationships with educational institutions. It’s an excellent way for students to become aware of your company. This can lead to mutually beneficial internships. The first impressions that Gen Z has about your company will matter, so talk about culture and how much you value interpersonal skills as much as technical ones.

Add Meaningful Work to Job Descriptions

Most cybersecurity job descriptions are dry and standard. It looks like a computer wrote it! Gen Z will not respond to this, as they value authenticity. Be honest in how you position your roles. Yes, it’s important to talk about technical skills, but you can also include that meaningful work is part of your organization and that you provide an environment where people can learn and grow.

Tap Your Current Gen Z Employees for Referrals

If you already have Gen Z workers on your team, talk to them about referrals. Ideally, if they are happy with the company and the work, they’ll be up for this. A referral is better than most applications for both parties. For you, it’s a sign that your employee vouches for them. For the candidate, they’ve heard about what it’s really like to work for you and weren’t discouraged by what they learned.

Once Gen Z becomes part of your group, you have another consideration that makes or breaks. How will older generations react to them?

Is Your Team Ready for Gen Z and Meaningful Work?

If you’ve made meaningful work a priority, then your current employees know this. However, it’s not going to matter to all of them. Some are still stuck in old perceptions about cybersecurity. Their “meaning” is that they are the smartest, most capable technical people. If that’s your current predicament, there will be some friction.

In a way, you have to prepare them for the entrance of Gen Z, which will require that they work on their people skills. Hopefully, they’ll realize this process benefits them in many ways. However, it involves change, and resistance is inevitable. Through the Secure Methodology™, which I developed in my book, you can find a seven-step guide on how to transform these outdated mindsets.

They’ll be helpful for all your employees, regardless of their generation. The way they respond and their effort will vary. Ultimately, you’re trying to work as a cohesive team that respects each other, cooperates well, communicates clearly, and can find meaning in what they do.

The journey ahead will be challenging at times. You have a chance to make a real difference in the lives of your employees and your company’s ability to manage risk and mitigate threats. Use the Secure Methodology as a blueprint to do that. Get the entire message by reading my book and check out the Secure Methodology course, as well.

The Secure Methodology™ Step Four: Communication

October 8, 2022 by Christian Espinosa

Communication is the core of any organization, department, or process. It’s a topic I talk about extensively in the world of cybersecurity. That’s why it’s step four of the Secure Methodology and why it’s a critical aspect of every effort.

In this post, we’ll go in-depth on step four. You can read up on the first three: awareness, mindset, and acknowledgment. We’ll start with a recap of the Secure Methodology.

The Secure Methodology: Turning Technical People Into Solid Communicators and Collaborators

Before we jump into communication, here’s a recap on the Secure Methodology. It’s a seven-step process I developed as part of my book, The Smartest Person in the Room. I designed it as a guide for cybersecurity leaders to help improve interpersonal and people skills so that they can work together to combat cybercrime. It’s not about technical aptitude but rather empowering cyber professionals to look beyond the ones and zeroes by being honest communicators. It’s a reframing of cybersecurity culture to be collective and collaborative in solving challenges.

So, let’s dive into step four.

Technical Staff Aren’t the Best Communicators

It’s a total stereotype that logical thinkers are bad communicators. Except, in this case, it’s mostly true. I’m not making a blank assertion, but I’ve been in the business for a long time and witnessed this to be accurate time and time again.

When I talk about poor communication, it’s not that someone isn’t articulate or functions with a limited vocabulary. It also has nothing to do with intelligence. The problem is that there’s a communication gap between technical people and company leadership. It’s so bad that they might as well be speaking another language, and they kind of are with geek speak and jargon.

Why do they do this? Well, it helps them validate to themselves that only they know about the technical world. Those who are outside of it couldn’t dare understand what they do. It keeps them in a place of feeling superior. They’re in this club, and no outsiders are allowed. Except those outsiders are running the company and hold all the budget dollars. When technical workers fail to communicate effectively, they alienate their internal or external customers.

Keeping Geek Speak Alive Assuages Insecurity

At the core of geek speak is insecurity. Most technical people believe they hold the title of the smartest person in the room. If they have this “coded” language, few can make sense of it, so there’s less chance that someone will push back. Speaking in normal terms could expose the fact that they aren’t sure, which would be the worst thing for these people. They never want to admit that they don’t know.

Different stakeholders may request that they simplify the message around cybersecurity because it impacts more than just IT. Cyber attacks are considered a primary risk for any business, so their management and impact are enterprise-wide. All tech people will take away from this is that they need to dumb it down.

Another issue is that cybersecurity training and certification reinforce this by providing pages and pages of acronyms to memorize. Every industry has its shorthand, but this is taking it to a new level that’s not consequential to their ability to be equipped cybersecurity professionals.

Communication also has much to do with listening, just as much as talking. Most technical people don’t score well here, either.

Poor Communicators Are Poor Listeners

Being an effective communicator isn’t just about what you say and how you say it. It’s also about listening! In a fast-paced, dynamic world, attention is fleeting, and the consequence is people who don’t pay attention. It can be hard to stay present and observant.

In addition, many people only listen for agreement or rebuttal. They aren’t taking in what someone is expressing and are simply waiting to give their response either in agreeance or to dispute and argue.

Without active listening in cybersecurity, we can’t fully understand the problem. That creates massive challenges in the field.

Dysfunctional Communication Has a Major Impact on Cybersecurity

As I’ve said, we (the good guys) are losing the cybersecurity war. The defeat isn’t because technical skills, innovation, or tools are subpar. I’d argue it has more to do with the fact that communication is in a state of brokenness. It goes back to the gap referenced above.

If technical people aren’t more inclusive with language to decision-makers, they aren’t likely to get the responses they expect or need. The excuse of “they just don’t get it” isn’t helping matters. They have to get it. If they don’t, then risk increases and resources decrease. That’s the crux of the communication gap between technical people and company leaders — they need to speak about cybersecurity in terms of risk to the business.

Leaders want to protect data and networks. They realize the threat landscape is widening with cyber-attacks in the daily headlines. This group knows that if it happens to them, it will cost them a lot of money and harm their reputation. They are hungry for the facts but not in sentences that don’t sound human. It’s the responsibility of technical teams to express risk and threats in a way that makes sense to anyone and what steps need to be taken to mitigate them.

That becomes the hardest part — getting technical people to first realize their communication is ineffective and then get them on board to make changes.

Why Technical Employees Struggle to Evolve Communication Styles

As noted, the jargon and tech speak are a place of comfort for cyber professionals. They act as a veil over uncertainty. They are also logical creatures that see their work as black and white, so they immediately think they don’t need to improve communication or people skills. They know what’s best, and all the non-technical folks can’t grasp the fundamentals.

Continued thinking in this way will only lead to failures and mistakes. To be a great communicator, you have to be flexible, which seems foreign or negative to them. It’s very uncomfortable for them to be vulnerable in their communication because it might reveal that they don’t know everything. Of course, they don’t because no one does, but change is even more challenging if people can’t see this as a possibility.

So, what can you do in a leadership position to incite people to embrace transforming their communication styles?

How to Support Technical People on a Journey to Being Better Communicators

If your technical team improves its communication skills, it can be the best weapon you have in the cybersecurity war. It’s more potent than new technology or the highest technical aptitude. Here are some key things that can make a difference.

Remember Awareness

Awareness is the first step of the Secure Methodology and is something to revisit. Communication isn’t effective without listening. But you can’t do that until you have a level of awareness, which requires putting yourself in the shoes of others. So, encourage them to practice awareness with communication.

Reframe Objectives

Communication is effective based on the result. The point of communicating something is to receive a response. When you reframe the concept for technical people in this way, they can have an “aha moment” as they understand the results and objectives.

Simplify the Message

There is always a way to simplify the point. Technical people don’t need the comfort of their acronyms to emphasize what matters. Instead, urge them to consider who they are discussing subjects with and how to express things in a way that translates to the non-technical people of the world. They need to refrain from going into cyber talk because they aren’t going to get the result they need or expect.

Bring it back to the purpose and the idea of building rapport with others. Remind that listening for insight helps everybody. The bad guys aren’t sitting in the room with them — the people who can help them are.

Foster a Culture That Appreciates Communication and Sharing

Another part of improving communication is ensuring you create a culture that welcomes it. Your people need to know that if they are trying to share information effectively, you will support them. They’ll certainly make mistakes and revert to old habits, so you’ll want to remember acknowledgment factors — praise them when they communicate well. When they don’t, speak to them privately.

If you create a team that is certain you welcome change, they may be more apt to try harder. Remember, these people don’t like to fail and crave certainty. Of course, change disrupts these patterns, but they’ll do much better if they feel you have their backs.

Moving Forward: Communication Is the Center Point for Cyber Success

Communication is really part of every step of the Secure Methodology. It’s that essential, and it will come up again and again. By focusing on it, your technical people can make great strides in their journey to be better at their jobs and life. You can find more strategies along with exercises to build communication skills in my book, The Smartest Person in the Room, available now, or in my People Skills for Smart People course.

What Is Total Intelligence, and How To Build a Cyber Team to Lead with It

July 21, 2022 by Christian Espinosa

total intelligence - christian espinosa When making any decision, intelligence certainly plays a key role. However, often it’s only the logical, rational side of intelligence that people rely on, especially in worlds like cybersecurity. It’s a field that’s ones and zeroes, so many would think there’s no heart involved. Except those on the other side of the battle are using all their intelligence, something I call total intelligence.

The concept of total intelligence and applying it well as a decision-maker and leader have much to do with cybersecurity. It’s a term that I repeatedly use in my book, The Smartest Person in the Room.

You’re probably wondering what total intelligence is, so that’s where we’ll start.

What Is Total Intelligence?

My definition of total intelligence involves your body, heart, and head. It’s all the information you gain from experiences, training, education, and life. It’s the ability to lead with all of these aspects. Another way to think about it is what many call a “gut feeling.”

Being a cybersecurity leader requires total intelligence in every part of the job. However, you’ll find it challenging to get technical people into this mindset because it’s not all logical, and that’s where those folks like to stay.

Technical People Trust Their Head

Most of those in technical roles are creatures of logic and habit. They lead and interact with others using their heads. They have a skewed worldview, believing that everyone else thinks just as they do. Of course, they would think this because they always think they have the best approach — possibly the only approach.

They trust their head. It’s what comes naturally, and it doesn’t cause friction. They disregard feelings or instincts because they don’t trust them. This limited view isn’t good for any area of life and causes many problems in cybersecurity. This desire to be right and the smartest person in the room seems logical to them. It may seem like posturing, bullying, and a lack of cooperation to others. It hinders communication and actually prevents problem-solving.

Using only the mind part of total intelligence does not result in an environment where incidents and failures don’t occur. Technical people may argue that intelligence’s heart and body parts are unnecessary and have no place in cybersecurity. They are wrong! Cybersecurity is not black and white; it’s a field of gray.

So, how do you get these people to turn on other areas of their intelligence?

Driving Toward Total Intelligence Requires Self-Awareness

To empower technical teams to lead with total intelligence, they must be self-aware. Awareness is the first step in the Secure Methodology, a framework that I developed and is the focus of my book. It’s a guide with seven steps and a collection of strategies to transform technical teams into excellent communicators and collaborators. It’s the best way to convert those that live in very fixed mindsets.

The path to awareness isn’t easy for technical people or anyone else. A good starting point is assessment tests. They are not free of gaps, but they can lay the groundwork, informing takers on who they are, how they see themselves, and how others perceive them.

The test I’ve found to be useful is the Enneagram test. It embodies all the elements of total intelligence:

Instincts (body)
Feeling (heart)
Thinking (head)

The findings can benefit those who want to journey further into self-awareness. I highly recommend it to you and your team, as it can uncover fascinating and accurate information. I also share my results in the book.

Total intelligence becomes a greater possibility if you can move people toward self-awareness. But should total intelligence always be a guiding force? Like everything, its application varies.

Total Intelligence Changes Thought Patterns and Perspectives

The starting point of total intelligence is self-awareness, which changes how you think and, ideally, feel in any situation. It gradually happens as people adjust. They’ll find themselves running through scenarios in more than a logical mindset. It can open up a lot of self-discovery, and that’s a good thing.

Self-awareness can benefit your employees in every facet of their life. One thing it does is really provide people with a “why.” That’s their primary reason for doing what they do. It could be for financial reasons only, and that doesn’t discount someone from reaching total intelligence.

Having a passion beyond this sets your organization up to be on par with those of hackers. The hackers have a “why,” and many times, it’s stronger than those on the right (good) side. There is a lot of emotion behind the actions of most cyber-criminals. Understanding that helps everyone realize how crucial it is to think not based on logic alone.

Total intelligence also brings a team together, creating powerful connections.

Total Intelligence Connects You to Others

One of the most critical elements of attaining total intelligence is having open conversations that are vulnerable and uncomfortable. You have empathy and compassion for others when you’re leading with your body, heart, and head. You can stand in their shoes and see their perspective.

Those people skills gained with total intelligence are a changemaker in cybersecurity. Total intelligence opens you up to possibilities beyond that black-and-white world. You can see the fault in your logic and learn from others. With a team leading in this manner, you can mitigate all the failures created by poor communication and contrariness.

Great Leaders Have Total Intelligence and Understand the Balance

Many very smart and successful people say that you shouldn’t make business decisions with your heart, which is a bit ironic in a few ways.

First, most had to have the passion and connection to achieve what they have. Aside from those born lucky, entrepreneurs who have made a mark on the world did so by using their hearts, minds, and bodies.

Second, we live in a world where emotion is the key driver in buying decisions. There’s lots of data to back this up — studies from neuroscientists. There are experts on the subject, like Harvard professor Gerald Zaltman, who asserted that 95% of purchasing decisions are subconscious. To link this back to cybersecurity, consider that purchasing decisions are a big part of any business and who and what they involve in their technical needs. So, I’d draw a correlation that emotion backs many more business decisions than most people would attribute.

Emotion is essential, but the total intelligent leader knows they shouldn’t solely be led by their heart. They need all three elements to make decisions in the best way for the team and the company. If your people stay trapped in logic, they’ll make bad choices. They may not be bad today or tomorrow, but eventually, it will bite them.

In leading with total intelligence, there is a way to go through all three areas to come to a conclusion.

What Leading with Total Intelligence Looks Like

I try hard to be in a space where total intelligence guides me. I start with logic, but I listen to my heart and body. If those two are strongly opposed, I take that into consideration. I don’t ignore what’s happening outside my head.

As I describe it, the process may sound easy. Maybe you go through the outcomes, ask questions, and bounce around ideas. For a technical person, this is not a simple task. Adapting to this requires practice. Total intelligence is at the top of the people skills triangle. Your people will need:

Heightened awareness
A growth mindset
The right language
Hyperfocus
Empathy
A desire to keep improving

That’s a long list, and it will take time and effort to develop these skills. It’s a journey, and the route to take is the Secure Methodology. All seven steps work to build total intelligence. You’ll find many exercises and strategies in my book for each step. Doing these activities is key to building communication and other people skills.

The moment that everything clicks together for your team comes is when they allow emotion and instinct to complement logic. In practice, this looks like using logic as the first rung on the ladder. Emotion and instinct are next, and people achieve this by seeing problems through the eyes of the client. With all three applied, the solutions proposed are better.

Achieve Total Intelligence to Win the Cyber War

Your technical employees may seem resistant to change. The Secure Methodology takes that into account. Not everyone will make it through the steps, and it’s okay to conclude that some aren’t right for your team. If the goal is for everyone to make decisions based on the heart, body, and mind, you don’t want to devote too much time and energy to the “never-changers.” Concentrate on those people who want to evolve and can commit to the journey.

It all begins by reading the book and applying the Secure Methodology. Get your copy of The Smartest Person in the Room today.

Understanding the 6 Human Needs To Become a Better Technical Leader

September 3, 2021 by Christian Espinosa

Being a great technical leader is more than just about strategy. Many people believe that if a leader is smart enough and has the right skills, they will be great at their job. In reality, leading with intelligence doesn’t always guarantee results.

Most leaders fail by trusting that their intelligence alone can resolve issues. Often, they forget that they are working with people who, just like them, have needs. With the technological world constantly changing at a rapid pace, the brightest minds must always be ready to adapt or be left behind.

To adapt effectively, a leader must understand people’s needs as well as their own. When a leader connects with others on an emotional level, it’s easier to work on a common goal. So, to get good results as technical leaders, they must have a solid grasp of how the six human needs work.

An Overview of Tony Robbins’ 6 Human Needs and How They Influence Us at Work

Tony Robbins’ work on the six human needs states that we behave a certain way in different situations because of core needs. They are developed from childhood and shaped further by our life events. Understanding these needs will help us work on ourselves to become more efficient at work.

Need for Certainty

Our need for certainty revolves around finding pleasure and avoiding pain. Workers need to feel safe and secure at their jobs. This is why we do all that we can to make things familiar and relatively predictable so that we gain a sense of stability.

Need for Variety

Our need for variety alongside our need for certainty is one great paradox of human need. We want to feel secure about our jobs, but we get bored when things get too predictable. However, the way we crave new stimuli every now and then ensures we gain considerable experience to be more adept at what we do.

Need for Significance

The need for significance drives us to feel unique and important, so we push ourselves to make the most of our capabilities. We find motivation in the praise and recognition we receive from coworkers. When people take notice of our accomplishments, it brings us validation and strengthens our drive to do more.

Need for Connection

Our need for connection makes us relate well with others to establish closeness. This is why we seek camaraderie at work and form groups. Employees feel satisfied with a strong sense of team affiliation. When we feel that we belong, it is easier to have shared goals.

Need for Growth

Our need for growth compels us to expand our capabilities. We have an innate tendency to be better and reach our full potential. We are inclined to test the limits of what we can do by challenging ourselves at work. We are more productive when we know we are better today than we were yesterday.

The Need for Contribution

Our need for contribution is largely based on our longing to be part of a community. When we feel that we are an integral part of a group because of the value we add to it, it gives us a sense of purpose. When we put others before ourselves, it improves our capacity for empathy and compassion.

How Our Identity Ties to the 6 Human Needs

Our identity ties to our needs. Our behaviors are positively reinforced depending on how our needs are met. We also compensate for unmet needs through unhealthy behaviors. We make decisions at work based on what we value the most.

How we value stability or recognition at work, for example, shapes who we are through our behavior. Patterns of behavior in turn create our identity, which people see through their lens, and to which we strongly associate ourselves.

How the 6 Human Needs Relate to Maslow’s Theory

Abraham Maslow first introduced the concept of human needs. The model shows how we prioritize physiological, safety, love and belonging, esteem, and self-actualization needs, moving from the bottom of the pyramid all the way to the top.

There are parallels between Maslow’s Hierarchy of Needs and Tony Robbins’ 6 Human Needs. Both theories show how we can achieve our goals in life by focusing on our needs.

We cannot give others certainty when we do not feel safe. We cannot feel close to people when we are uncomfortable with ourselves. We cannot become great leaders at work when we have nothing to give. That’s why we must meet our needs first before we can give to others.

How to Create Emotionally Intelligent Workers Through the 6 Human Needs

The success of a well-coordinated organization can be attributed to workers who have a full understanding of human needs. In order to thrive in such a competitive environment, employees in the field of technology must be emotionally intelligent apart from being knowledgeable about their jobs. Every company is essentially composed of people who are subject to their own weaknesses when certain needs are not met.

In our Secure Methodology, the goal is to create emotionally intelligent leaders with strong people skills. These leaders must lead with their hearts, not their minds. They must set a good example for the workers by demonstrating a thorough understanding of the human psyche. Leaders must encourage their workers to do the same.

The Seven Steps of the Secure Methodology:

Awareness: A technical leader must have a full grasp of who they are before they can begin to understand others.
Mindset: A technical leader must have a growth mindset and always be open to change.
Acknowledgment: A technical leader must recognize that their workers are enough by making them feel appreciated.
Communication: A technical leader must consider that the right words, tone, and body language all influence effective communication.
Monotasking: A technical leader must allow workers to focus on a single task first to achieve mastery and stability before asking them to work on another.
Empathy: A technical leader must foster strong connections with others by understanding where they’re coming from.
Kaizen: A technical leader must encourage others to make progress through their contributions.

Practicals to Better Understand the 6 Human Needs

Knowing the six human needs by Tony Robbins will not guarantee leaders the instant ability to work well with others. It takes a proactive approach to develop a conducive environment for developing emotionally intelligent workers.

One good way to get started is by encouraging workers to take this quiz to discover their top human need — the “driving force” that influences their behaviors. There can be a focus group discussion afterward where workers are free to evaluate how their needs are being met at work. This exercise allows people to connect and better understand each other’s needs.

Wrapping It Up

An understanding of Tony Robbins’ six human needs is essential for today’s technical leaders. It is not enough for leaders to be smart and skilled. They must also know how to work well with others. Emotionally intelligent leaders can easily get ahead in such a competitive industry because they have the support of motivated workers whose needs are being met.

For technical leaders to be successful, they must remember these key takeaways:

Before leaders can understand others’ needs, they must first understand their own.
Leaders must learn how to empower workers in meeting their own needs.
A leader’s team of workers thrive best when their needs are consistently met.
To properly execute the Secure Methodology, the leader must have a full grasp of the 6 human needs.
A leader must proactively improve their understanding of the six human needs and encourage workers to do the same.