Blog

Enterprise Security

Apr 3, 2024

Soft Skills for Cybersecurity Leaders: CISO’s Perspective

The emphasis on technical skills and knowledge in cybersecurity has always been present. However, as the field becomes increasingly complex and intertwined with every facet of business operations, the spotlight has shifted to the indispensable role soft skills hold in cybersecurity leadership.  This perspective was the focal point of our recent webinar, led by Thereasa

5 min read

The emphasis on technical skills and knowledge in cybersecurity has always been present. However, as the field becomes increasingly complex and intertwined with every facet of business operations, the spotlight has shifted to the indispensable role soft skills hold in cybersecurity leadership. 

This perspective was the focal point of our recent webinar, led by Thereasa Roy of OffSec and featuring the insights of Jason Haddix, CEO of Arcanum Information Security. Jason delved into the pivotal role that soft skills—such as strategic communication, empathy, and storytelling—play in navigating the challenges of cybersecurity. 

As we’ve seen with recent attacks like the one on casino giant MGM, cyber threats are technical but also deeply rooted in human behaviors and interactions. The ability to communicate complex concepts in an accessible manner, foster collaborative relationships across departments, and lead with a vision becomes critical.

The significance of soft skills

LinkedIn’s 2019 Global Talent Trends report showed that 92% of talent professionals and hiring managers consider soft skills equally or more important than hard skills. This reinforces that to progress in your career, you need to have mastered soft skills as well as the hard, technical ones. This is valid across various industries, but especially important for cybersecurity. 

The journey from technical roles to leadership within cybersecurity embodies a transformative process, where technical skills are augmented by the development and application of soft skills.

Jason Haddix’s career trajectory serves as a prime example of this evolution. Starting in deeply technical roles, Jason honed his skills in penetration testing, bug hunting, and cybersecurity assessments, accumulating a lot of technical knowledge. However, as his career progressed toward leadership positions, the scope of his responsibilities expanded beyond the technical domain to encompass strategic planning, team management, and cross-departmental collaboration.

The necessity of communication

One of his critical realizations on this journey is the necessity of effective communication. In technical roles, the focus is often on the precision of language and the accuracy of technical details. However, in leadership positions, the ability to communicate complex technical issues in a manner that is accessible and compelling to non-technical stakeholders becomes paramount. This involves not just simplifying the language but also framing the conversation in a way that aligns with the business objectives and priorities of the audience.

The power of storytelling 

Jason emphasized the importance of storytelling as a tool for effective communication. Storytelling allows leaders to contextualize technical challenges and solutions within narratives that resonate with their audience, making the abstract and complex nature of cybersecurity more tangible and relatable. This skill is particularly crucial when advocating for security measures, budget allocations, or strategic shifts, where the ability to connect on a human level can significantly influence decision-making processes.

Beyond the technical with strategic thinking 

Another critical aspect of the leadership transition is the development of strategic thinking. While technical roles require a deep focus on specific problems and solutions, leadership demands a broader perspective. Leaders must consider not only the immediate technical challenges but how these fit into the larger organizational strategy, the potential impacts on various stakeholders, and the long-term vision for the cybersecurity posture of the organization.

Strategic thinking involves prioritizing initiatives based on their alignment with business goals, assessing risks and opportunities from a holistic perspective, and planning for future growth and evolution. It also includes the ability to navigate the complexities of organizational politics, build consensus among diverse groups, and drive change in a way that is both effective and sustainable.

Building relationships and transparency

Fostering relationships has been an invaluable tool in Jason’s growth. His approach to establishing productive relationships, even in environments where security teams may have previously been viewed with skepticism or as barriers, centers on empathy, communication, and strategic engagement.

Personal engagement and empathy are valuable skills to not only build rapport but also show that security leaders are invested in the broader goals of the organization. This could involve informal meetings, such as taking individuals out to lunch, to understand their perspectives, challenges, and objectives.

Jason highlighted the role of transparency in his leadership style, advocating for open lines of communication about security strategies, vulnerabilities, and the rationale behind certain security measures. This openness helps demystify the security process for non-technical stakeholders and fosters a culture of trust.

The art of collaboration, and especially with other departments to address security challenges is also one of the key soft skills. This involves not just dictating security measures but working together to find solutions that align with the operational and business needs of different parts of the organization.

Forming strategic alliances with finance, legal, and other critical departments can further enhance the security team’s integration into the organization and better collaboration. These alliances can help ensure that security strategies are aligned with organizational priorities, compliance requirements, and business objectives.

Leveraging gamification and visual tools

Jason also discussed leveraging gamification and visual tools as innovative strategies to enhance security awareness and engagement across the organization. His insights into these methods reveal a creative approach to fostering a proactive security culture: 

He highlighted the use of gamification to create a competitive yet collaborative environment that motivates teams to prioritize security. By introducing elements of competition, such as leaderboards or rewards for security achievements, organizations can encourage a more engaged and proactive stance towards cybersecurity practices.

Gamification strategies can also make the process of learning about and adhering to security protocols more engaging and less tedious. This approach can help demystify security concepts for non-technical staff and encourage participation in security initiatives, making security a shared responsibility across the organization.

Additionally, incorporating visual tools into security training sessions and presentations can significantly improve comprehension and retention. Whether through infographics, interactive dashboards, or animated videos, visual content can make security training more engaging and memorable.

Conclusion

The webinar provided invaluable insights into the evolving role of cybersecurity professionals. It highlighted the critical importance of soft skills, strategic communication, and leadership in navigating the complex cybersecurity landscape. As the field continues to evolve, these skills will become even more crucial in developing effective security strategies and fostering a culture of security awareness within organizations.

To listen to the full webinar, go here