7 Step Secure Methodology - Christian Espinosa
The Secure Methodology Improves People and Life Skills

People skills are a challenge for many individuals. It’s often a combination of personality and experiences. Technical people often get put in a category of lacking them. While this is not universal, it does account for some of the failings of cybersecurity strategies.

Without a robust soft skill set, these professionals get caught in a cycle of bad communication practices, a lack of curiosity, and posturing. It’s time to peel back the onion on why they struggle in this area and how to fix it.

Why Technical People Struggle with People Skills

This analysis comes from years of experience, research, and asking the hard questions. Again, it’s not a condemnation of those in technical fields. Many have a nice balance and are thriving. Through the years, I’ve met and worked with many highly articulate, open, and excellent cybersecurity experts. However, in general, this is the exception, not the rule.

In my book, The Smartest Person in the Room, I lay out the evidence for why this struggle is all too real.

They See the World Exclusively in 1s and 0s

It’s hard to communicate and collaborate with others when your world is solely 1s and 0s or very black and white. The reality is that the world, people, and cybersecurity are gray. That’s hard for some technical minds to grasp.

In a lot of technical disciplines, there is a right answer and a wrong answer. No discussion required. It’s probably more applicable to some areas of math and science. However, cybersecurity isn’t just math and science. It’s an ever-evolving field. New risks and threats emerge all the time.

Further, it requires asking questions and understanding business needs. That can send some technical folks into a free-fall. They don’t have a naturally curious nature in public, so they fall back on what they know and don’t try to find out what they don’t. They fear curiosity in front on others may appear as a lack of knowing or incompetence.

Insecurity Leads to Soft Skill Failure

Many cybersecurity professionals never want to be wrong — another reflection of black/white thinking. The feeling often comes because they are insecure. They cling to certainty, and interacting with other people and having meaningful conversations are too uncertain.

They let insecurity guide what they do, pushing back on the need for two-way dialogue. They’ll figure it out on their own and don’t want to entertain outside ideas. That then leads to posturing.

Poor Communication Sinks Cybersecurity

There is a misconception that technical jobs don’t require communication skills. That’s not true. Every role depends on communication, and when that’s a challenge, it’s a house of cards filled with assumptions. It’s the biggest shortfall for many technical people. It doesn’t mean they aren’t articulate or don’t have a good vocabulary. It means they can’t converse in a healthy and productive manner. Having honest and transparent communication is about listening more than talking. Unfortunately, many people aren’t good at that. These communication issues will bring down any company department.

People fail at communication for many reasons, as discussed above — insecurity, fear, a closed mind, a lack of empathy. This revelation isn’t unknown. A study on business communications found that 89 percent of respondents believe effective communication is important. Yet, 80 percent of those same people said that communication in their company was average or poor.

However, it’s not a dead end. There are ways to develop communication and other soft skills.

Fixing the People Skills Problem for Technical Professionals

Attaining better people skills was a self-journey. The consequences, however, didn’t just benefit me. They helped me create a process that any technical employee can navigate and come out the other side.

There’s no magic fix for evolving people, and they must want to change. So, that’s a barrier for sure. If you’re going to invest in helping your team, you want to know they’re open and have a growth-mindset.

What I’ve developed to counter this problem is the Secure Methodology. The following is a quick review of the framework and how it works. By employing it, people can start to see the gray in the world and be better cybersecurity professionals and experience personal growth as well.

The Secure Methodology

Step One: Awareness

The first step is about being aware of yourself and others. The lack of awareness in a professional setting causes you to miss blind spots. It also causes relationship issues at work because without awareness, communication is poor, and posturing reigns.

The mind has to open itself to new perspectives to achieve awareness. That requires coaching on communication and understanding what motivates a person. There are exercises that can strengthen the awareness “muscle” and open eyes.

Step Two: Mindset

You either have a fixed or growth mindset. Those with poor people skills are trapped in fixed. It’s not permanent. The key to a growth mindset is accountability. It’s no secret that a growth mindset is critical for cybersecurity. So, you must open those minds. The best way to approach it is to encourage reflection, ask the right questions, and urge quick decision-making.

Step Three: Acknowledgment

Acknowledgment in the workplace is a rampant issue. In cybersecurity, without positive acknowledgment, employees fall into disengagement and resentment. Many times, if there is acknowledgment, it’s negative, which feeds into further anger.

The other issue is that a cybersecurity team that receives no acknowledgment can’t concede their overly complex framework isn’t working. They lose the ability to simplify. To end this cycle, you should recognize their positives in the present before you expect them to master acknowledgment. You can improve this by building rapport and trust with exercises from the book.

Step Four: Communication

We’ve talked a lot about communication because it’s applicable in every aspect of nurturing people. We’ve identified the reasons why people are bad at it. Another critical factor is that technical folks like to speak geek as a sign of their higher intelligence. For those outside the industry, it may as well be another language, and technical professionals have to interact with non-technical folks. They build a wall with it instead of a bridge.

Shared language is inclusive and promotes active listening. Getting to this involves reframing and simplification, achievable through specific activities.

Step Five: Monotasking

The world wrongly praises multitasking, believing it epitomizes capability. In fact, humans weren’t born to multitask. It’s a real problem in the cybersecurity field, leading to errors and mistakes. It also creates a lot of anxiety — as if anyone needs more of that.

Retraining to monotask means that you can focus completely on one task. It can be much more productive than trying to do five things at once. Fostering this behavior includes blocking time for specific tasks and blocking out distractions (that means not answering a call, email, or text immediately).

Step Six: Empathy

A cybersecurity culture without empathy will not succeed, at least not long-term. You may wonder why it matters in technical roles. It matters in everything, really. The problem in the workplace is an us vs. them mentality. There’s no room for consideration and compassion in this model.

Empathy is a core people skill, but we’re not born with it. It’s something people develop. When it’s nonexistent, technical people don’t care about their clients or their data. Nor do they have concern for colleagues. If you’ve been able to make it through the first five steps, then you’re on a path to spreading empathy. There are also specific activities to do on the team level to develop it further.

Step Seven: Kaizen

The final step is a Japanese term meaning “continuous improvement.” In terms of the Secure Methodology, it’s a more tangible action of root cause analysis. Root cause analysis helps understand real problems and how to improve them. That applies to cybersecurity and people skills. Mastering it requires constant change and adaption, and you can’t get there without the former six steps.

Do Better People Skills Really Lead to Better Cybersecurity?

You may look at the Secure Methodology and think it sounds great in theory but are skeptical about its real-world implications. That’s fair. Again, there isn’t a guarantee because nothing is. What you should know is that it’s proven. I’ve witnessed it, and I can without hesitation say that better people skills lead to better cybersecurity.

If this is a path you want to send your team on because you realize the deficit of soft skills, your next step is to get the complete picture of the Secure Methodology by reading my book, The Smartest Person in the Room. In it, you’ll find activities specific to the seven steps to build the people skills they’re missing.