Soft skills: the most important skills for cyber security
08:00 Tuesday, 27 July 2021
UK Cyber Security Council
On the surface, cyber security seems a fairly black-and-white concept: as with functions such as finance and HR, cyber policies tend to be clear, unequivocal and strict, with no wiggle room or opportunity for negotiation.
Yet although one can get away with relying on technical qualifications for the pure engineering functions, soft skills are an absolute necessity for the average cyber role.
Communication is by far the most important of the soft skills in cyber. Cyber security is an inherently difficult subject for the average person to comprehend – particularly if they are not particularly technical and they don’t have a background in a related subject such as compliance. More importantly, though, even if the organisation’s cyber policies are absolutely clear, staff are most likely to follow them if they understand why they exist. Staff comply with financial policies because they know the consequences – such as the Board going to jail for breaching financial regulations. But since our prisons aren’t full of people who used their colleague’s Windows password to send an urgent payment to a supplier, the logic behind cyber policies is less clear. So the ability to communicate with our people about the reasons behind the policies, to persuade them to embrace security rather than complying grudgingly, and for that matter to educate them about their responsibilities in general, makes all the difference.
And when we look at other soft skills, we see that each of them is directly relevant to cyber security. Critical thinking lets us understand that going too far being secure can impede people from doing their jobs. Leadership is essential when we have to persuade the executives and the board to adopt the security concepts we’re telling them they need. A positive attitude is vital because we know that there will be times when a security recommendation we make will go unfollowed because it lost out when considered against other business benefits. Honesty and ethics should be taken as read, as we’re in cyber security because we want to protect the organisation, its data and its people. And teamwork is also right up there on the list because there’s no way one person can run a security regime.
So of course cyber security jobs demand formal, technical cyber security skills – you no more want a CISO with no security knowledge than you do a CFO who can’t read a balance sheet. But without soft skills, it’s simply not possible to do the cyber job properly.