people skills

5 People Skills Every Successful Cybersecurity Professional Possesses

cybersecurity people skillsIf cybersecurity were just a collection of robots, maybe the need for people skills wouldn’t exist. However, we’re not at that juncture yet. There’s always going to be a need for human intervention in the cybersecurity war.

People skills are hard, not just for technical folks. It’s more than just being personable or sociable. Much of it deals with communication, and as a collective human race, we all have work to do.

The concept of people skills as necessary for cybersecurity roles is something relatively new. In many cases, hiring staff was probably 99% based on their technical aptitude and experience. There was no test on people skills, and leaders often thought they’d be fine. Unfortunately, that’s not true, and I’ll go as far as to say that technical acumen is something to seek but is less important than those relating to communication, collaboration, and adaptability.

This argument is the basis for my book, The Smartest Person in the Room. I’ll sum up how technical skills cannot trump people skills with this example:

Would you keep or let go of your most proficient technical employee if they didn’t align with your culture? And by culture, I mean they were combative, condescending, and had no emotional intelligence.

I would, without a doubt, let that person walk. Why? Because you can upskill, train, and coach a person to become more technically able. Cybersecurity is an industry that’s constantly changing and requires agility. Are you going to let an inflexible, stubborn person run the show? Trust me, I’ve known many of these people over the years, and it’s not worth it. They corrode culture and never learn because they believe they are the smartest person in every room.

So that brings us back to people skills and their importance in cybersecurity teams. Next, we’ll examine why cyber professionals struggle with them, the most critical skills for success, and how to fix the problem.

Technical People Often Struggle with People Skills

My analysis of the industry is from my own experience. I’m not lumping every technical person into one category. Many people working in cybersecurity have these skills, but it would be a disservice to pretend this isn’t a major problem. So, why do technical people struggle with people skills?

Black and White Thinking

When we’re young, black-and-white thinking makes sense. We don’t have the experiences or brain power to see the shades of gray. When people are drawn to technical disciplines, they often hold onto some of this perspective.

In coding and math, there is one right answer. However, those things don’t encompass all of cybersecurity. There are actual people behind these attacks, and people are always gray. With this type of subject, communication is critical. You have to ask questions and talk about stuff outside the ones and zeroes.

Insecurity Is a Key Indicator of People Skills Deficiency

Those smartest people in the room types need to be right all the time. They don’t want to hear any alternatives or learn from discussions. They have a massive fear of someone questioning their logic, so they avoid it.

Insecurity means that two-way dialogue is impossible. It’s a dead end, and they’ll resist it through any means necessary.

Honest, Transparent Communication Scares Them

In cybersecurity, clear and open communication is critical to keeping data and systems safe. It doesn’t mean that technical people can’t have conversations and discuss projects cordially. The problem is that they don’t listen or articulate their points very well.

When communication is only surface-level, and no one’s challenging anyone to think more creatively or consider new approaches and information, it’s not effective. It will put your organization at risk in so many ways.

Now that you understand how grave these issues are, you’ll want to seek out staff with the soft skills that will make them successful. Or at least find people with the potential to develop these and have an open mind.

People Skills Cybersecurity Professionals Need

Cyber teams need to be just that. Everyone has to work together, which requires leaning into soft skills rather than hard ones. The following are the most critical ones.


We could all agree that there’s an absence of empathy these days. While empathy is great in the real world, it’s also a core component of successful companies. There’s been considerable research on the value of empathy. Data suggests that those with empathetic managers have higher levels of creativity and engagement. It can also be critical for preventing burnout and turnover.

There are some misunderstandings about empathy. It’s not the same as sympathy. Rather, it’s connecting with another individual and understanding their perspective as your own. Being empathetic also means sharing your feelings with others and letting them do the same.

Empathy is a big part of my book, and I write that a culture without it will fail. The people skills to hone in around empathy include cognitive and affective. Cognitive is logical empathy in that you can understand a person’s mental state. It’s not a feeling; it’s a skill to develop.

Affective empathy is the sharing part where someone can actually feel the emotions of another. In the cyber world, cognitive empathy is the goal. Deeply emotional influence won’t be an asset as you work toward solving technical challenges.


We’ve talked about communication a lot, and in these terms, it’s a specific skill set. Communicating includes how you speak to others as well as how you listen. How you communicate with others consists of your words, tone, and body language. Someone can say something that makes sense and moves the conversation, but people may dismiss it because of an arrogant tone.

The best communicators think about all these things before they express their thoughts. They want to deliver an impactful message but also invite discussion. They are deliberate with their words and work hard to speak with people, not at them.

The second part of communication is listening. Those with poor communication skills only listen to respond. They are looking for things to either validate their “rightness” or be ready to counter something they disagree with, and that’s not listening.

Those that are successful communicators are active listeners. They comprehend what others are saying and give them their attention. The responses are then more thoughtful and helpful.

So, why does communication matter in cybersecurity? Miscommunication or assumptions are a leading cause of cybersecurity failures. You’re also never going to evolve your cybersecurity operations to the next level if your technical folks stay in their own silo and don’t have meaningful conversations that go beyond technical elements.


Of course, adaptability is a sought-after people skill. It’s a dynamic field with new threats emerging every day. Yet, most cyber professionals aren’t flexible. They cling to certainty and will not bend, and that leads to broken states.

I opened this article asking if you’d keep or let someone go who is technically adept but inept at people skills. It’s got to be in their DNA to hack it in cybersecurity. They must adapt to the industry’s dynamics and be open to change within themselves and the team.


A curious nature is critical in technical fields because there’s always a need to uncover things — bugs, breaches, incidents, etc. Having an investigative mindset is good for cybersecurity. These people want to know why. As a result, they are often more natural communicators and collaborators.

They see puzzles to solve and get excited about what they’ll learn and experience. They are eager to innovate, adapt, and try new things. Those are all positives for cybersecurity teams. Curiosity can be a bit contagious, too. Once others see that asking why leads to new information, they may be more apt to ask more questions.


Many think that being vulnerable means being weak. It’s the opposite. Vulnerability as a people skill means that you are honest and willing to share your ideas and opinions, no matter what response they may elicit.

Vulnerability has everything to do with trust. It’s a hard skill to develop for any person. It also requires that the space in which the sharing occurs is a safe one. That’s something you must build for your team. If you do, and there’s trust there, then vulnerability can lead to some great outcomes. No one is scared to be wrong, and that kind of approach is helpful in solving cybersecurity challenges.

Fixing the People Skills Challenges with the Secure Methodology

You can enhance and build soft skills in those willing to do the work. Not everyone will believe they need these or want to change. So, first, you have to take the temperature on how people feel about these skill sets (and their lack of them). Open minds (and hearts) can grow. My book has many exercises, tips, and strategies to develop these in your teams through the Secure Methodology. Get a copy to find out how to use the framework to upskill your people.

Check Out The Smartest Person in The Room

Why Communication Aptitude Is the Number One Soft Skill Cybersecurity Professionals Must Possess

communication skillsHaving effective communication skills is an asset in any career, even cybersecurity. It’s a soft skill that nicely complements technical ones. Having communication aptitude is a must for cybersecurity professionals. Without this cybersecurity soft skill, a lot can go wrong.

Poor communication and interpersonal skills are often the roots of cybersecurity incidents. That’s a theme in my book, The Smartest Person in the Room. Unfortunately, some organizations may not see the value in developing communication because they believe cybersecurity is black and white. It’s not. It’s many shades of gray filled with assumptions and a lack of understanding. These things breed when communication isn’t consistent and clear.

The question becomes how to improve communication and make it a priority. In this post, I’ll explain why technical people struggle with people skills, why they need them, and how to develop them in your team.

Why Cybersecurity Professionals Struggle with Communication

My perspective on the struggle comes from years of being a cybersecurity leader as well as research. The points I make in no way are a denunciation of the field. I’m just here to help organizations improve with employees with well-rounded skillsets.

Here are the key reasons cybersecurity teams have a hard time being excellent communicators.

They Are Afraid to Look Vulnerable or Incompetent

One thing that’s necessary for healthy communication is asking questions. Cybersecurity professionals rarely do this for fear they’ll look like they don’t know everything. They’ll make assumptions and fall back to standard ways of resolving issues. That’s not effective in a dynamic and ever-changing landscape with new threats always on the horizon. Fear keeps these people from discovering what they don’t know, which increases risk.

Technical Folks Never Want to Be Wrong

Instead of facing the fact that everybody is wrong at some point, cybersecurity professionals cling to certainty. Except certainty is impossible in the field. This, combined with never wanting to be wrong, prevents healthy communication.

Misconceptions That Technical People Don’t Need to Be Great Communicators

There’s a deep fallacy that exists in technical jobs. The prevailing misconception is that technical people don’t need to be great communicators. They’ll let their technical skills do the talking. But they really need to engage in conversation to improve their technical aptitude and do their job effectively.

Lack of communication sinks cybersecurity. It doesn’t just apply to the technical person’s inability to have productive conversations. They also don’t actively listen when others share their insights, opinions, or other information. They only listen to respond in a defensive posture, so they don’t hear what the other person is conveying. They are only planning their rebuttal.

We’ve touched on the need for cybersecurity communication skills. Next, we’ll dive further into why they are so critical.

Why Do Cybersecurity Professionals Need to Be Effective Communicators?

At a foundational level, cybersecurity professionals need to be effective in their communications because they are part of the problem without it. Data breaches, ransomware attacks, and other cybersecurity failures are often directly tied to poor communication. It’s not that you didn’t have the best technology or strategy. It’s that your people didn’t talk to each other or anyone else!

Here are the other reasons why technical roles need these soft skills:

  • It improves transparency in operations, which typically leads to a greater understanding of the threat landscape and greater trust among teams.
  • Healthy, consistent communication supports problem-solving. That’s a big part of a technical person’s job, and teams can’t excel at this without proper discussions.
  • Good communication builds trust and respect among teams, and that’s essential for their ability to solve cybersecurity problems.
  • Soft skills allow people to be more adaptable to change, and cybersecurity is full of that. New people and threats come into the ecosystem routinely. Without flexible communication skills, adaptability remains low.

Current Communication Styles Are Often Off-Putting

Some of your cybersecurity employees may be talkers. Again, that doesn’t make them great communicators. The style they use is often off-putting and aggressive. They like to use a lot of jargon, which doesn’t mean anything to people outside their technical bubble.

They approach communication in this way because it makes them seem superior. It also covers up their lack of comprehension. The strategy is to make communication so technical and abstract that non-technical people will simply defer to them and end the conversation.

This type of speak can also impact how technical people work together. Because cybersecurity is so broad, there are many roles, and they all have their own “language.” As a result, communication failures happen here, too.

When they learn these soft skills, it can change the dynamic completely. However, communication isn’t just about what you say. It also includes body language and nonverbal cues. Those are just as critical as words.

The 7-38-55 Theory of Communications

Mehrabian’s 7-38-55 Theory of Communication highlights that it’s more than just words. The principle states that communication is 7% word choice, 38% tone of voice, and 55% body language.

This is an important concept to share when helping people evolve their communication styles and how they interact in conversations. It can also make them more aware of their tone and body language, which may be causing a barrier. Awareness is the place to start when you begin to navigate communication skills.

Such a theory also taps into technical minds. Communication isn’t just some soft skill. They can recognize its power in influencing how they work and why it could mitigate risk.

Once you have more awareness, you can begin implementing plans to improve communication. The process will take time and commitment. What you get in return is well worth the work.

How to Improve Cybersecurity Soft Skills

We’ve looked at the why and how of communication failure. Now it’s time to talk about how to fix the problem. That’s not an easy road because you’re up against a resistance to change. That resistance often consists of your people being unaware of the communication issues.

Thus, they have to become aware before they can work toward adapting behavior.

Encourage Self-Awareness

Technical people have to get out of their own way, so to speak. They need to be self-aware of how they communicate and why it’s an issue. This requires introspection and a new perspective.

In The Secure Methodology, the framework from my book, Awareness is the first step. In that chapter, I offer multiple ways to help your people through this transition.

Demonstrate the Importance of Communication

If you want your team to be better communicators, you need to make it a priority and lead by example. If there are specific examples you can point to that were communication breakdowns and the consequences, it’s no longer this intangible thing. Now it’s in front of them, and that’s impactful to those that are more logic-based in their thinking.

Champion Active Listening

Technical people who master active listening perform much better than those that don’t. In every conversation we have, we may hear the words but not really absorb and comprehend them. It goes back to the earlier notion of people just listening to prepare their response.

Providing guidance on how to listen actively and exercises can make a difference. As with any change, your team has to be willing and able to adapt.

Make Perspective Key to Communicating

Perspective is another challenge in communication. Often people have no way to see anything other than from their own eyes. That impacts how people collaborate and solve problems.

If you can guide people to open up their perspectives, better communication is more likely. In my book, I spend a bit of time talking about perspective and the best ways to approach it.

Tap into Their Motivation

Everyone has different things that motivate them to change (or not). If you can understand their motivation and make it part of their awareness, communication will improve. It can also help people think with their hearts and minds. Motivation doesn’t have to be altruistic for this to work.

Coach People to Be Flexible

Being flexible and adaptable is critical to becoming a successful communicator. Technical folks are usually either of these. However, that doesn’t mean they can’t be, and it will serve them well in a dynamic landscape like cybersecurity. You can coach your people to be more agile with the right strategy. You’ll find tips and exercises to do this in my book.

Through exercises and the development of soft skills, your team can embrace flexibility. When they do, it can be a turning point in their success and performance.

Help Your Team Master Cybersecurity Soft Skills

Setting your cybersecurity team up for success depends a lot on their communication soft skills. If they hone and develop these, they’ll be better at their job and more engaged. It’s also a skill that can have a profound impact beyond their career.

There will be challenges in evolving people. The exercises, tips, and strategies presented in my book, The Smartest Person in the Room, can help. Get your copy today to start the journey.

Check Out The Smartest Person in The Room