technical leadership

Are You Effectively Motivating Cybersecurity Professionals?

cybersecurity professional motivationMotivation is a very personal and subjective thing. What motivates one person may not the next. How leaders inspire their teams isn’t a one-size-fits-all approach, and motivating cybersecurity professionals can be challenging on many fronts.

While you can “lump” cybersecurity professionals into a group of being technically minded, digging deeper into what motivates them requires various approaches. So, we have to determine first what motivation means in the field, something I cover in my book, The Smartest Person in the Room.

In this post, I’ll provide points made in the book and offer some tips on more impactful motivation strategies.

What Does Motivation Mean in the Cybersecurity Field?

To consider what motivation means to those whose job it is to protect your data, it’s also essential to look at what it means for those on the other side. Cybercriminals are intensely motivated to do what they do. They have a lot of passion for it, either because it’s their livelihood or for other nefarious reasons.

Sometimes, understanding the enemy in the cybersecurity war can be a source of motivation for the good guys. But your employees and the field, in general, don’t have that all-consuming drive like cybercriminals do.

Defining what motivation means in cybersecurity isn’t easy. You could broadly say it’s money or power or recognition, or they really love it. What you’ll learn is there are only two true motivators in the world, and everything starts from there.

There Are Only Two True Motivators for People

Motivation is complex, with many shades of gray. But, fundamentally, there are only two — pain and pleasure. We either want to do something that will bring us positive consequences or avoid negative ones. It kind of creates a spectrum, and everyone lands in different places. These true motivators are always going to be the starting place when you want to influence others.

There’s No Motivation Without the “Why”

Everybody has a “why.” It’s their internal engine that guides them through the decisions they make and the actions they take. A “why” isn’t always straightforward and strong. Some people are still figuring it out, and it can certainly change over time. For example, someone’s “why” for starting a cybersecurity career could have been because they were eager for responsibility. Years later, it could be more of a desire to bring home a good paycheck for their family.

Unless you know the “why” behind your folks, it will be nearly impossible to motivate them. Sometimes, it’s apparent because of the way they act. Other times, it’s not so obvious. And a “why” doesn’t always correlate with a strong desire to do good work. So, how do you do this?

Understanding Their Motivation

From actions to words to performance, you can hopefully build the framework of understanding motivation. It’s going to fit in those two categories. Are they motivated toward gaining something positive or avoiding something negative?

Once you recognize what influences them, you will need to craft better communication that makes an impact. If you do, you can help those people grow and improve their people skills. That can lead to permanent change that enhances their life and the company’s ability to manage cybersecurity initiatives.

Using Exercises to Determine Motivation: 7 Levels Deep

Seeking out the motivation of others can be a bit of an expedition. You have to dig deep into someone. I’ve tried a practice called the 7 Levels Deep Exercise from Millionaire Success Habits by Dean Graziosi. It consists of asking questions that keep building on the previous answer, and every question begins with why. Seven is the average number of questions to reveal the motivation, but it may take more for some people.

By continuing with “why,” you can peel back the layers to find the true motivation. To come away with an “aha” moment, the person answering has to have an emotional connection to the “why.”

Everyone needs a reason for what they do or how they act. Before you can support team members in improving their soft skills, you must crack that egg on the “why.”

There’s an exercise in my book that uses the 7 Levels Deep framework, and the starting question is, “Why did you start working in the industry?”

This exercise won’t uncover purpose, but it will define motivation, which is critical to shifting mindset because motivation and mindset are part of the same ecosystem.

Motivation Ties to Mindset

These two aspects of a person are intertwined. When they are both askew, that person probably won’t embrace change. If your team members don’t have the right motivation, it will be difficult for them to have a mindset about achieving goals around cybersecurity practices. What’s the “right” reason? There’s no definitive answer to this, but it’s about being committed to adapting, learning, and growing. If someone doesn’t have the desire to do these things, they won’t be very successful.

It’s also important to note that motivation is what prompts somebody to start something — a career, relationship, commitment to evolve, etc. It’s forming a habit from that, which enables a person to keep moving forward.

7 Tips for Motivating Cybersecurity Professionals

How can you be a great motivator? Rousing speeches and pointing to an “other enemy” (cybercriminals) are traditional approaches to motivation. Looking at it from a different perspective may be more impactful. Based on the Secure Methodology, a big part of my book, I’m going to share some ways that you can motivate to create a desire to change and grow.

  1. Be empathetic: Empathetic leadership is critical to so many aspects of working relationships. Being compassionate means putting yourself in another’s shoes and doing so with compassion. It doesn’t mean you make excuses for bad behavior or work, but empathy is vital in motivating others. If you don’t have it, everything will fall flat.
  2. Help them figure out their “why”: The 7 Levels Deep framework is an excellent tool for this, but some people may need extra help because they don’t know, at least not consciously. Investing time supporting someone as they define their “why” can go a long way in building trust. If employees trust you, it’s much easier to motivate them.
  3. Consider their necessity motivations: Before, we talked about that there are only two motivators — pleasure and pain. The basis of these is necessity. Motivation is strongest when we need something. Talk to team members openly about necessity in motivation, but that’s the foundation for creating habits.
  4. Communicate with transparency: Another critical point in motivation is communication. It’s an integral part of every component of leading a team. Communication drives motivation, either to the positive or negative. If your communication lacks transparency, emotion, and authenticity, it will fall on deaf ears. Cultivating your communication skills will enhance this and instill a behavior model that others may emanate.
  5. Foster autonomy: Technical folks don’t want to be micro-managed. In fact, no one does. People usually respond well to autonomy. They have a feeling of responsibility, which could be a motivator. Autonomy isn’t blindly given because that can go awry if someone doesn’t have a growth mindset or a deeper “why.” People can earn it by being dependable, honest, curious, and receptive.
  6. Create a collaborative culture: For any group to be successful, collaboration is necessary. While technical departments have a history of working in silos, that’s not going to benefit anyone. If you can create real moments of collaboration, both on specific work and through other team-building exercises, it can effectively motivate people. If people feel part of something and that others depend on them to do their job well, it could go a long way to developing a healthy environment.
  7. Embrace agility: Adapting in cybersecurity is fundamental because everything’s constantly changing. There’s also been an acceleration of digital transformation. If your group can be nimble and embrace agility, it will help their people and technical skills. It can also be a motivator. If team members see that the cybersecurity strategy isn’t stuck and is evolving, they may appreciate that they can, too.

Is Your Team Motivated?

Motivating cybersecurity professionals is tricky and so personal. Once you zero in on it and understand it, there are specific steps you can take to inspire others. For more insights on how to do this, read my book, The Smartest Person in the Room. You’ll learn a lot about yourself, your team, and how to navigate the cybersecurity ecosystem.

The Value of Empathetic Leadership in Technical Roles

empathetic leadershipThere’s a misconception that leaders, especially in technical fields, should do so with only their brains. They should be logical and data-driven. Those skill sets are important, but leading from the heart is just as important. Empathetic leadership is about compassion for employees and customers. And it fits nicely in cybersecurity, an area that requires trust, communication, and collaboration for success.

Empathy is good for culture and customer loyalty — it’s also good for your bottom line. Many studies have supported this, including one that found that companies that express empathy outperform their competitors. And there’s more to reinforce this idea:

Thus, it would seem that leading with empathy is a win for all if it were only that simple. There are many challenges to building an empathetic business and leadership.

What Is Empathetic Leadership?

What exactly is empathetic leadership? Is it listening? Communicating? Caring? It’s all those things, but specifically, it’s having the ability to understand others’ needs. It’s about being aware of those outside yourself. It’s stepping into the shoes of others. Those are hard to master, and empathy isn’t all innate.

Being empathetic aligns with having emotional intelligence. There are some factors of it that are genetic traits. Women also tend to be able to show it more, but it’s still a skill. Yes, empathy is a skill, one that you can hone and develop if you commit to personal and professional growth. You have to be willing, vulnerable, and open-minded. That, of course, isn’t always how people or leaders think. It requires a fundamental change to become really good at empathy. While change is hard and scary, it’s often the best thing that can happen.

How Can You Apply Empathetic Leadership to Cybersecurity?

Cybersecurity is about protection. It would seem a natural parallel with empathy. Yet, most would agree there is a gap here. There’s a lot of focus on technology and tools to fight the cybersecurity war, but there have to be people behind.

In many cases, cybersecurity failures are human-related, not technology-focused. If that’s the case, then we can’t cure it with more systems and products. Instead, we need to focus on the people. And those people need to have an empathetic leader.

Empathy Is a People Skill

There are stereotypes that technical folks are devoid of people skills. That’s not true; they aren’t robots! Often, they get caught up in logic and forget the emotion. It is possible to improve people skills for technical professionals. I write about how to do this in seven steps in my book, The Smartest Person in the Room.

You can develop people skills the same way you do technical ones. Through practice and learning, it’s possible to become more empathetic. To achieve this on a cultural level within a company or firm, it has to start at the top. If leadership doesn’t demonstrate it, it’s hard to expect others to follow.

Empathy Is Hard for Everyone When We Focus on Differences

We can all collectively say the world right now needs more empathy. Compassion and care often get lost, as societal and cultural pressures tell us to look out for number one and focus on our differences. There’s a lot of “us vs. them” mentality in every aspect of life. It’s not hard to find that every time you scroll through social media or turn on the TV.

Why a Differences Mindset Handicaps Cybersecurity

Focusing only on differences creates divides. Those can then manifest as bad behavior within the team and toward other people in a company or even customers. The usual suspects are bullying, posturing, and egotism. Acting in these ways is often rooted in insecurity, as they want to be the smartest person in the room always. Being trapped in your head and only seeing differences leaves little room for empathy.

Lacking Empathy with Clients Can Be a Disaster

Clients, whether internal or external, expect cybersecurity professionals to protect what matters to them. To really understand this, empathy is imperative. Lack of it leads to not looking at specific needs and, instead, offering up a complicated cybersecurity framework. Complex doesn’t mean effective, and many professionals will miss the point.

If leaders don’t practice empathy and expect it in others, security will be much less effective, leaving clients unsatisfied and untrusting.

Colleagues Should Have Reciprocal Empathy

Empathy among the team is just as essential as having it with clients. Leaders model this (or don’t), as well. If a leader never acts with empathy toward their staff, why would they exhibit it with one another?

When there’s a void of empathy in these situations, communication, honesty, and transparency all suffer. It becomes a dysfunction instead of a collaborative working environment. It’s hard to be successful in this setting, no matter how technically astute you are.

The Tangible Value of Empathetic Leadership in Cybersecurity

I’ve shown you some data, studies, and leadership that illustrate the correlation between success and empathy. But how can it support cybersecurity?

  • It supports human connection: More technology and more budgets won’t cure cybersecurity shortcomings. Having sincere human relationships will, and a leader that exhibits this will have an impact.
  • It helps understand the needs of the client: An empathetic leader will dive into the challenges and pain points of the client and have clarity on these points. That’s the ideal foundation to develop a plan that works.
  • It removes the ego: This is a problem in the field. But if a leader’s behavior is egoless and focuses more on listening to others and making careful decisions, this helps all aspects of the company.
  • It improves communication and collaboration: Imagine a leader that never wants to hear anyone else’s thoughts or ideas. Well, we don’t have to imagine it because many leaders like this exist, and they fail over and over. An empathetic leader wants to hear from the team and practices active listening.
  • It helps ensure the right people are on the team: A leader that possesses empathy will use that in hiring and recruiting decisions. They’ll look for these traits in others, realizing soft skills are just as valuable as hard ones. Those smart hiring choices will lead to longer retention as well.

How You Can Cultivate Empathy in Others

If leadership commits to empathy — and they should for the value it delivers — the next step is fostering it in the entire team. Intelligence, knowledge, and experience will only get you so far in cybersecurity. They aren’t nearly as powerful without the missing piece of empathy.

Empathy is Step 6 in my Secure Methodology, and the following are some insights from that practice that can bridge the empathy gap:

  • Realign to emphasize similarities, not differences: Each of us is unique in our own way, but we have more similarities in the long run. That’s the first step for building the skill of empathy. This realignment can help cybersecurity teams immensely. You’re all in this together, and the “enemy” is cybercriminals, not each other.
  • Understand the motivation of others: Motivation and empathy have synergies. If you know someone’s “why,” then it can serve as a way to get them in touch with compassion.
  • Acknowledge wins: If you want technical employees to express empathy, you have to acknowledge their accomplishments. When you do, they feel appreciated for their work and more connected to you.
  • Adapt communication: Technical people often struggle with admitting they don’t know something. As a leader, you need to remember that when you communicate. I recommend not using “why” statements and instead leading with “what” and “how.”

These are a few highlights that demonstrate basics steps to take. There are also exercises to try and other specifics, which you can find in my book. Cultivating empathy is an ongoing process, so there’s really no finish line.

Is Empathy Part of Your Organization?

Right now, if you had to say, as a leader, if empathy is part of your organization, what would the answer be? Few can probably adamantly say yes, and that’s okay. It’s a complex attribute to introduce, cultivate, and maintain.

However, it is possible and provides so many benefits to companies. No matter where you are in the journey, I want to help. You can start by reading my book, The Smartest Person in the Room.