In Cybersecurity, Look to Your Soft Skills
You think you’re the best hacker, and you might well be, but in a meeting with your colleagues your pride spills over into an arrogant, overbearing attitude. You’re a security manager and you’ve made your own way to the top, working up from a good technical foundation, so you know exactly what you're dealing with, but when it comes to defending your budget with your bosses you get bogged down in technical details in spite of yourself. You’re the best salesperson for the best cybersecurity vendor; you think your clients are lining up to snatch the product from your hands, but when it comes to positioning your product you stray into empty verbosity. In short, you’re loaded with hard skills and woefully lacking in soft skills and you might not even realize it.
Let’s look at an example calling for a lot of soft skills: a cybersecurity diagnosis in an industrial environment. The service consists of analyzing the current state of cybersecurity at an industrial plant, comparing it with cybersecurity best practices and standards and proposing the actions necessary to create the best solution. To carry out the initial fact-finding analysis you need to glean information from a lot of people, who may or may not be collaborators; who may or may not bridle at feeling audited; who, deliberately or otherwise, may hide information, etc. The consultant therefore needs to hone their soft skills to get the necessary information. At a minimum, this will require using empathy, listening skills, humility, and savoir faire. It goes without saying, obviously, that any consultant will master the hard skills.
After a long and painstaking research procedure the crux comes when the findings are presented and the improvement recommendations made. This presentation of results is usually made to client executives from various departments, all affected in one way or another. The paradox is that many of them will not have promoted the diagnosis; each one will have their own vested interests, which may not tally with the interests of the cybersecurity department. Here is where the soft skills come into their own, public speaking, flexibility, leadership, rapport, and negotiation savviness, to ensure the presentation is productive and even exceeds the clients’ expectations.
During the latest Basque Industry 4.0, held in Bilbao last November, I ran a workshop on “Cybersecurity diagnoses in industrial environments,” as part of my ongoing collaboration with the Industrial Cybersecurity Center (Centro de Ciberseguridad Industrial: CCI). The workshop ended with a role play with students volunteering to act as the consultancy team and me playing the part of various clients to whom the results were being presented. Despite the contrived situation, one thing became crystal clear; even the best consultancy work and a mastery of hard skillsmight flounder if you address clients in terms they can’t understand, if you overkill the fear factor or slip into technicalities, if you fail to look for value beyond the project’s scope, if you’re not fleet-footed enough to field the complaints made on the spot, if you come across haughtily clever, or incur in any other of a whole host of soft-skill blunders.
So, if you work in any cybersecurity area, look to your soft skills . They will make a difference.
Author: Javier Zubieta