How to Develop Soft Skills in Your Cybersecurity Team

soft skillsCybersecurity roles are highly technical, so why should you care about soft skills? For any technical or non-technical position, there is, of course, human interaction. Having technical aptitude is essential in the field, but it doesn’t always translate to success. In my experience, cybersecurity soft skills matter greatly, and this is why I wrote The Smartest Person in the Room. They can be the reason for cybersecurity success or failure.

Developing soft skills in any person in any career is challenging. It’s not a one-size-fits-all approach. People are complex and have different experiences, motivations, and limitations. What works for some may not for others. In a way, you have to customize it to the person. However, there are some wide-ranging ways to apply principles and strategies to enhance soft skills and help professionals perform at work and in life better.

Soft Skills Are Harder to Master Than Hard Skills

The “hard” skills of cybersecurity aren’t easy by any means. Most industry experts still say there’s a skills gap, and cybersecurity certifications are not always an indicator of proficiency. The field is full of paper tigers, individuals who look experienced and knowledgeable on paper but don’t excel in the real world.

However, individuals can hone their hard skills with practice and perseverance. They can soak up information and improve every day through practice — although a lack of soft skills can impede the ability to do this.

You actually need soft skills to improve hard skills, and they are difficult to master. Soft skills like communication, collaboration, and having a growth mindset enable a person to learn and grow in new ways that can open their eyes to the fundamentals of cybersecurity.

Soft skills are harder because they require a change in thinking, behavior, and actions. Change is hard for anyone in any situation. Cybersecurity professionals often have the mentality that they are never wrong — they are the smartest person in the room. That’s a fallacy that you can’t transform with more hard skills. You have to do the hard work of soft skills.

What Are the Most Important Cybersecurity Soft Skills?

Cybersecurity is typically only successful when it’s a group effort. Silos don’t contribute to this, yet they exist. Breaking those down and collaboratively working depend greatly on soft skills. These are the ones most critical.


Communication is at the top of the list. As humans, it’s our means of expression and connection, but most of us aren’t great at it. That doesn’t mean we’re defective. It just means that experiences, trauma, failures, and more cause us to hold back.

Tapping into communication skills is crucial for a cybersecurity team, and it has many facets. Communication isn’t just what you say. It’s how you say it, your body language, and other nonverbal cues. You can have a great employee that’s technically smart, but if the delivery of every message they have is condescending or defensive, it’s not likely to be received well. Written words are communication, too. Tone is often hard to judge in these, which could be causing problems as well.

The other part of communication is active listening. While we all usually hear what people say, we don’t listen. Or if we do, we only catch things that validate our own positions.

In many scenarios, miscommunication — or lack of communication — is the cause of cybersecurity failures. Teams don’t share information or take into consideration ideas that don’t align with their own. That’s a huge risk that has nothing to do with the technical side.

Fostering communication is a slow process. You can’t just declare that everybody’s going to be better at it, and this happens. There are deep-seated barriers inside people that make them falter in communication. People must want to change and actively participate. If you can understand their motivations, that can help, but some people aren’t even clear about those.

In my book, communication is Step 4 of my Secure Methodology. It includes exercises and analysis on communication issues in cybersecurity. Those can be a good entry to solving these challenges, but it still requires acceptance and desire to change for individuals.


Collaboration is a complement to communication. Communication enables collaboration. Everyone comes to the table to work out problems and plan for the future. This is difficult in tech roles because sometimes they don’t see the big picture of what they’re doing and its impact. Collaboration in cybersecurity isn’t just about the internal team. It’s about working with non-technical people, too.

Those other parties could be internal stakeholders or external ones. They expect your group to protect their data and systems. They play an important role because they tell you why and what. If collaboration efforts stumble, you can almost guarantee that risk rises.

Communication exercises can support bridging this gap. Awareness is also key and is the first step in the Secure Methodology. Regarding collaboration, awareness of others is the soft skill needed.

Without awareness of others — their opinions, beliefs, and needs — we simply make assumptions. Those can be wrong and influenced by our own experiences. When you can cultivate awareness of others in a group, interactions become more productive and positive.


Curiosity is often associated with negatives because we know what it did to the cat. That early belief that curiosity is bad sometimes sticks. However, those who are naturally curious often find great success because they wanted to know why, and once they saw why, they were motivated to innovate.

Excellence in cybersecurity requires a lot of curiosity. There are lots of mountains to conquer, and the landscape is constantly changing. Someone that discourages curiosity in themselves or others will struggle in the field. They won’t be able to imagine what’s next. After all, those on the other side use curiosity to make them better hackers.

Inspiring curiosity often comes down to simply asking why a lot, or “what” and “how” variations of why. It moves people to articulate positions and dig deeper. There are some exercises for this in the book, and I’ve found that curiosity is a skillset that delivers tremendous value for professional and personal growth.

Comfort with Change

Many cybersecurity professionals find the field attractive because they don’t like uncertainty. No one really does, but it’s a fact of life. We can all agree that the only certainty is uncertainty. While some of the hard skills of cybersecurity seem defined and finite, change is a big part of the industry.

For people to embrace change, it requires acceptance that they can’t control everything, which is hard for technical folks. Fear of change and the inability to be more agile-minded can impact a team’s resiliency.

So, how do you get teams to be more willing to be changemakers? Working on communication and collaboration helps, but it also includes developing a growth mindset and empathy. These are two more steps from my Secure Methodology that directly affect soft skills development.

When people stretch their mindset from being fixed, they can change how they behave and react. They may gain patience and be better equipped to inspire change in others. Empathy can also change someone’s perspective. When they take the time to respect other views, they’ll deepen their soft skills, which allows them to perform cybersecurity work more holistically and strategically.

Does Your Culture Support Soft Skills Development?

Another vital consideration for soft skills development is how well your culture supports it. If you don’t, then the work you put in may not stick or resonate. Workplace culture impacts business success. When it doesn’t allow people to thrive and grow, the result is disengagement, high turnover, and greater risk.

If you want to improve the soft skills of your cybersecurity professionals, you need to assess the culture. Determine what the barriers are and how to overcome them. By doing that, you put your team and organization in a much better place to succeed.

Ready to Cultivate Cybersecurity Soft Skills in Your Team?

Soft skills development isn’t easy. There’s a lot of resistance, and some may not see the value. It requires change and motivation to grow. You might find that not every cybersecurity professional can commit to this, but there will be many who do. Organizations and their IT leaders can find a great resource in applying my Secure Methodology. You can learn all about it in my book, The Smartest Person in the Room, available now.

The Value of Empathetic Leadership in Technical Roles

empathetic leadershipThere’s a misconception that leaders, especially in technical fields, should do so with only their brains. They should be logical and data-driven. Those skill sets are important, but leading from the heart is just as important. Empathetic leadership is about compassion for employees and customers. And it fits nicely in cybersecurity, an area that requires trust, communication, and collaboration for success.

Empathy is good for culture and customer loyalty — it’s also good for your bottom line. Many studies have supported this, including one that found that companies that express empathy outperform their competitors. And there’s more to reinforce this idea:

Thus, it would seem that leading with empathy is a win for all if it were only that simple. There are many challenges to building an empathetic business and leadership.

What Is Empathetic Leadership?

What exactly is empathetic leadership? Is it listening? Communicating? Caring? It’s all those things, but specifically, it’s having the ability to understand others’ needs. It’s about being aware of those outside yourself. It’s stepping into the shoes of others. Those are hard to master, and empathy isn’t all innate.

Being empathetic aligns with having emotional intelligence. There are some factors of it that are genetic traits. Women also tend to be able to show it more, but it’s still a skill. Yes, empathy is a skill, one that you can hone and develop if you commit to personal and professional growth. You have to be willing, vulnerable, and open-minded. That, of course, isn’t always how people or leaders think. It requires a fundamental change to become really good at empathy. While change is hard and scary, it’s often the best thing that can happen.

How Can You Apply Empathetic Leadership to Cybersecurity?

Cybersecurity is about protection. It would seem a natural parallel with empathy. Yet, most would agree there is a gap here. There’s a lot of focus on technology and tools to fight the cybersecurity war, but there have to be people behind.

In many cases, cybersecurity failures are human-related, not technology-focused. If that’s the case, then we can’t cure it with more systems and products. Instead, we need to focus on the people. And those people need to have an empathetic leader.

Empathy Is a People Skill

There are stereotypes that technical folks are devoid of people skills. That’s not true; they aren’t robots! Often, they get caught up in logic and forget the emotion. It is possible to improve people skills for technical professionals. I write about how to do this in seven steps in my book, The Smartest Person in the Room.

You can develop people skills the same way you do technical ones. Through practice and learning, it’s possible to become more empathetic. To achieve this on a cultural level within a company or firm, it has to start at the top. If leadership doesn’t demonstrate it, it’s hard to expect others to follow.

Empathy Is Hard for Everyone When We Focus on Differences

We can all collectively say the world right now needs more empathy. Compassion and care often get lost, as societal and cultural pressures tell us to look out for number one and focus on our differences. There’s a lot of “us vs. them” mentality in every aspect of life. It’s not hard to find that every time you scroll through social media or turn on the TV.

Why a Differences Mindset Handicaps Cybersecurity

Focusing only on differences creates divides. Those can then manifest as bad behavior within the team and toward other people in a company or even customers. The usual suspects are bullying, posturing, and egotism. Acting in these ways is often rooted in insecurity, as they want to be the smartest person in the room always. Being trapped in your head and only seeing differences leaves little room for empathy.

Lacking Empathy with Clients Can Be a Disaster

Clients, whether internal or external, expect cybersecurity professionals to protect what matters to them. To really understand this, empathy is imperative. Lack of it leads to not looking at specific needs and, instead, offering up a complicated cybersecurity framework. Complex doesn’t mean effective, and many professionals will miss the point.

If leaders don’t practice empathy and expect it in others, security will be much less effective, leaving clients unsatisfied and untrusting.

Colleagues Should Have Reciprocal Empathy

Empathy among the team is just as essential as having it with clients. Leaders model this (or don’t), as well. If a leader never acts with empathy toward their staff, why would they exhibit it with one another?

When there’s a void of empathy in these situations, communication, honesty, and transparency all suffer. It becomes a dysfunction instead of a collaborative working environment. It’s hard to be successful in this setting, no matter how technically astute you are.

The Tangible Value of Empathetic Leadership in Cybersecurity

I’ve shown you some data, studies, and leadership that illustrate the correlation between success and empathy. But how can it support cybersecurity?

  • It supports human connection: More technology and more budgets won’t cure cybersecurity shortcomings. Having sincere human relationships will, and a leader that exhibits this will have an impact.
  • It helps understand the needs of the client: An empathetic leader will dive into the challenges and pain points of the client and have clarity on these points. That’s the ideal foundation to develop a plan that works.
  • It removes the ego: This is a problem in the field. But if a leader’s behavior is egoless and focuses more on listening to others and making careful decisions, this helps all aspects of the company.
  • It improves communication and collaboration: Imagine a leader that never wants to hear anyone else’s thoughts or ideas. Well, we don’t have to imagine it because many leaders like this exist, and they fail over and over. An empathetic leader wants to hear from the team and practices active listening.
  • It helps ensure the right people are on the team: A leader that possesses empathy will use that in hiring and recruiting decisions. They’ll look for these traits in others, realizing soft skills are just as valuable as hard ones. Those smart hiring choices will lead to longer retention as well.

How You Can Cultivate Empathy in Others

If leadership commits to empathy — and they should for the value it delivers — the next step is fostering it in the entire team. Intelligence, knowledge, and experience will only get you so far in cybersecurity. They aren’t nearly as powerful without the missing piece of empathy.

Empathy is Step 6 in my Secure Methodology, and the following are some insights from that practice that can bridge the empathy gap:

  • Realign to emphasize similarities, not differences: Each of us is unique in our own way, but we have more similarities in the long run. That’s the first step for building the skill of empathy. This realignment can help cybersecurity teams immensely. You’re all in this together, and the “enemy” is cybercriminals, not each other.
  • Understand the motivation of others: Motivation and empathy have synergies. If you know someone’s “why,” then it can serve as a way to get them in touch with compassion.
  • Acknowledge wins: If you want technical employees to express empathy, you have to acknowledge their accomplishments. When you do, they feel appreciated for their work and more connected to you.
  • Adapt communication: Technical people often struggle with admitting they don’t know something. As a leader, you need to remember that when you communicate. I recommend not using “why” statements and instead leading with “what” and “how.”

These are a few highlights that demonstrate basics steps to take. There are also exercises to try and other specifics, which you can find in my book. Cultivating empathy is an ongoing process, so there’s really no finish line.

Is Empathy Part of Your Organization?

Right now, if you had to say, as a leader, if empathy is part of your organization, what would the answer be? Few can probably adamantly say yes, and that’s okay. It’s a complex attribute to introduce, cultivate, and maintain.

However, it is possible and provides so many benefits to companies. No matter where you are in the journey, I want to help. You can start by reading my book, The Smartest Person in the Room.

NLP Presuppositions for Leaders

nlp communication modelThe unpredictability of life is one of the reasons why living it can be very exciting. We never know what will happen next.

However, it’s also because of this unpredictability that many people struggle. Aspiring leaders find it hard to adapt to unexpected changes and become ineffective in their roles as a result.

Fortunately, all is not lost. There are 14 NLP presuppositions that we can apply to become better leaders. NLP stands for Neuro-linguistic programming, and these presuppositions are languages, thoughts, and patterns of behavior that are used by successful individuals to attain certain goals. These NLP presuppositions can help us strengthen our leadership capabilities, manage difficult people, and develop more effective strategies for problem-solving.

With regular practice, it won’t be long before we can adapt to the challenges of life and even come to use these challenges to our advantage.

Listed below are 14 NLP presuppositions every aspiring leader should take note of.

1. Respect for the Other Person’s Model of the World

The first presupposition is the foundation of all other presuppositions. As a leader, it’s vital to show respect for colleagues, regardless of whether their opinions clash with ours. Individuals have unique traits, and leaders should accept these rather than forcing them to change or telling them that their stance is wrong.

Respecting other people’s views, opinions, and beliefs makes them feel safe and encourages them to express their ideas to the team. As a leader, understanding this concept makes it easier to work with other people and harness their skills for the advancement of the team.

2. Behavior and Change Are To Be Evaluated in Terms of Context and Ecology

In relation to the first presupposition, it also follows that individuals have different definitions of what is good or bad, and right or wrong. What seems like a good option for one doesn’t always mean that it’s also the best option for others, and vice versa.

Another presupposition that we should incorporate in our lives is to avoid looking at every situation as good or bad, and right or wrong as this is very subjective. Instead, we should dig in deeper and understand why individuals choose a certain route.

For instance, before we jump to conclusions and think that a person using drugs is a menace to society, we should think about the reasons why they’re doing drugs in the first place. Once we understand the context of other people’s behavior and choices, we can suggest other courses of action that can be better for us, the person involved, and any larger entity.

3. Resistance Is a Sign of a Lack of Rapport

The diversity of other people can become an issue for leaders. People sometimes resent when rules and instructions are given to them. But when we follow the NLP presuppositions, the diversity of these individuals shouldn’t become an issue, as long as we know how to build rapport with them.

Clients who seem resistant are often not responding to how we are communicating, rather than rejecting our ideas. To counter this, we need to be more flexible and effective communicators to build a rapport with the client.

Building rapport as a leader is important because the more we influence other people, the easier it is for them to follow the instructions. This works because creating an impact in other people’s lives through rapport encourages them to trust us, and eventually, our leadership.

4. People Are Not Their Behaviors

How people behave is not a reflection of their identity. If someone often jokes around, we shouldn’t label them as the joker. If someone can’t finish a task on time, this doesn’t mean that they’re inefficient in their job.

We should keep in mind that people and their behaviors are two different things, and as leaders, it’s our responsibility to improve their behavior while accepting them as a person. We should never label anyone based on how they act in certain situations, as this prevents us from truly knowing and understanding that person.

5. Everyone Is Doing the Best They Can With the Resources They Have Available

There are times when people’s choices irritate us and cause us to jump to conclusions. For example, if someone turned down a job offer, we might think that this person is ungrateful or too proud to work for someone else.

However, if we follow the 5th NLP presupposition, we can understand that the reason for someone’s behavior is because they’re doing the best they could in the situation. If they refuse a job offer, they might have accepted a better one or plan on delaying employment for other pressing matters.

When we trust that other people are doing their best and adapting to situations with good intentions, we can easily approach them and provide resources to help them achieve their goals.

Technical professionals often have problems in fixing their people skills because of insecurity and poor communication skills, but keeping in mind that people are always doing their best in every situation can help address the problem.

6. Calibrate on Behavior

Leaders are expected to know a lot of things about their team members — and we can easily achieve this goal by calibrating on other people’s behaviors. This simply means that as NLP practitioners and aspiring leaders, we should take cues from how people act and use this information to look for patterns or any physiological sign that can help us determine any changes.

By doing this, we can identify problems and help a person change for the better.

7. The Map Is Not the Territory

As leaders, we should understand that people have different experiences and interpretations of these experiences. This means that their ideas of the world (their maps) aren’t the reality or complete picture of what’s happening (the territory). Further, their words aren’t always a clear representation of what they represent either.

Two people can go through the same things in life but still have different experiences, meaning our map of the territory can be different even if we have the same territory as other people.

8. You Are in Charge of Your Mind and Therefore Your Results

This NLP presupposition talks about accountability and how we should own up to the results of our actions and decisions. If we weren’t able to meet a certain goal in our life, we should change our mindset and actions to have better results. Everyone is responsible for their own thinking and the results of that thinking.

9. People Have All the Resources They Need To Succeed and To Achieve Their Desired Outcomes

Humans are capable of doing a lot of things, yet not all of us attain the same results or achievements in life. The reason? It has nothing to do with personal resources and everything to do with having a resourceful state.

Regardless of how smart someone is, if they’re in an unresourceful state, they won’t achieve any of their goals. When translated into leadership, the resources we give to our team are useless if they’re always in an unresourceful state.

10. All Procedures Should Increase Wholeness

Conflicts are common in teams because members often have opinions that clash with others. To become effective leaders, we should make the most out of these conflicts by reconnecting and repairing any disconnects or miscommunications within the team. Keep in mind that disputes usually start with positive intent and desire for the same outcome.

By integrating conflicts, we can increase wholeness and eventually form congruence within the team.

11. There Is Only Feedback!

Regardless of how much we try, there are instances when we fail in life. But according to the NLP presuppositions, there’s no such thing as “failure” in life, only feedback.

We can use our inability to achieve certain goals in life as feedback telling us that we should seek another course of action to have better results. By changing our mindset and turning negative experiences into something positive, we attract different and better results from our efforts.

12. The Meaning of Communication Is the Response You Get

To communicate effectively with other people, it’s not enough to simply convey your message to them; you should make sure that they understand what you’re saying.

This presupposition means that the success of the message you communicated is measurable by the results you get. If you instructed your colleague to finish a task and they delivered it, then your message was successful. If they submitted output but done so weeks after the deadline you’ve set, then the message you’ve communicated with them was ineffective.

13. The Law of Requisite Variety

As leaders, flexibility is crucial. The more flexible we are with our team, the easier it is for us to manage a team and become effective leaders. Whatever system or person is the most flexible in what it can do is ultimately the piece that controls all the others.

14. All Procedures Should Be Designed To Increase Choice

Having lots of choices in life makes us feel empowered and free. Being able to experience these things should motivate us to remain open and flexible all the time to have even more choices in life. We should never restrict ourselves as this only prevents us from having choices.

Achieve Goals

Applying NLP presuppositions in our lives requires time, so it’s important to be patient in our efforts. We might feel discouraged at some point in the process, but if we want to improve ourselves as leaders, we should stay focused and determined in achieving our goals by using NLP presuppositions in our lives.

Aside from incorporating all of the NLP presuppositions presented in this article, our efforts to become effective leaders are more successful when using reliable sources, such as my book “The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity.”

Check Out The Smartest Person in The Roomv