Anyone looking into cybersecurity as a career can quickly become overwhelmed by the sheer number of job listings along with the educational and technical requirements. These requirements can range from fundamental skills such as networking and administration to those that enable navigation of the complex landscape of cloud, Kubernetes, and DevSecOps.
However, there’s increasing recognition that some of the most crucial skills for candidates aren’t those focused on technology, but on interpersonal, communication, and personal attributes, which are known as “soft skills.”
In keeping with this trend, major recruiting and job listing site Dice recently published “Cybersecurity Hiring Managers Are Looking for More Than Tech Skills.” The article cited a study from ISACA, a major cybersecurity industry credentialing organization. The study found that the “most significant skill gap” is related to soft skills, including communication, writing, and company culture.
This isn’t to say that deep technical skills are irrelevant or experience be damned, but the reality is that underneath the hardware is humans. This means egos, communication preferences, personality traits, and internal organizational politics, all of which take soft skills to navigate.
Let’s take a look at some of these skills and why they are relevant to ensuring modern cybersecurity practitioners are effective.
Communication
Communication ranks at the top of the list of soft skills in tech job postings in the past 30 days.
Communication in this context does not mean IPs, networking, and machine-to-machine communication; it’s about humans communicating with other humans. This communication may be in written or verbal form, but the key point is that cybersecurity practitioners need to be able to communicate with peers.
This skill runs the gamut of experience too. For example, you may be a chief information security officer (CISO) communicating with the board about the state of the organization’s cybersecurity and helping facilitate 8-K materiality disclosures per the latest Securities and Exchange Commission (SEC) rules, or you may be an entry-level analyst or governance, risk, and compliance (GRC) practitioner helping engineering and development teams navigate compliance frameworks or logging and telemetry insights.
Regardless of the role, you inevitably will be communicating with your peers and this aligns with other industry trends we’ve seen: breaking down silos in the world of DevSecOps, bringing together development, security, and operations, as well as CISOs being called to “speak the language of the business” with their C-Suite peers.
Empathy
Empathy, the ability to understand another person’s perspective, is a key skill when it comes to cybersecurity. You often interact with developers, engineers, and other technical staff across the organization. While cybersecurity is your primary focus and objective, it is almost never theirs, and that is because they have competing priorities such as product and feature development backlogs, customer requests for product roadmaps, and developing needed features and functionality.
This reality can be frustrating as a cybersecurity practitioner until you step back and take a look at things from their perspective and realize they aren’t incentivized to hyper-focus on security like you are. Having this empathy can be very impactful in building rapport and trust with your development and engineering peers and ensuring they are willing to work with you to achieve secure outcomes for the organization.
Ask Cloud Wars AI Agent about this analysis
Storytelling
This one may sound odd at first, but given that security is a hodgepodge of acronyms, opaque concepts, and complex compliance and regulatory requirements, being able to spin a compelling narrative to your peers can be invaluable. Good storytelling can convince them that resources need to be dedicated to a specific security objective. This objective may be achieving alignment with the latest compliance framework; bolstering product security to be a competitive differentiator for prospects; or burning down vulnerability backlogs and eliminating systemic product weaknesses. Being able to tell an enthralling story to peers with a message that they can understand helps get that key buy-in from peers from the C-suite down to the engineering and product team level.
Culture
As cited in the Dice article, the ability to fit into a company culture is key. Everyone knows the persona of the “brilliant jerk.” It doesn’t matter how technically proficient and capable you are if no one likes working with you. If you can’t gel with the broader teams and organization, counterparts across the organization will inevitably avoid you and this can impede the success of security initiatives. This is why more and more organizations have begun integrating not only technical assessments into hiring but also cultural/personality assessments to ensure a new hire is a good cultural fit.
Final Thoughts
In the cybersecurity landscape, the demand for soft skills alongside technical expertise is gaining prominence. The narrative of a cybersecurity professional now extends beyond technical proficiency to encompass effective communication, empathy, storytelling, and cultural alignment. As cybersecurity practitioners navigate this shift, fostering these interpersonal skills can elevate their effectiveness within cross-functional teams and enhance collaboration.
