“Soft” skills are often undervalued, or not valued at all, when people think about the skills needed to be successful in a career in cybersecurity. Many job descriptions for cybersecurity roles don’t mention them at all. And within the category of soft skills, emotional intelligence might just be the least mentioned and thought about.
A common theme is that people who work in cybersecurity and IT are mostly geeks. Smart and capable when it comes to all the “technical stuff” but probably socially awkward or just not very concerned about being nice or looking for interaction with people rather than computers. If you’ve ever watched any episodes of Mr Robot or The IT Crowd you’ve seen that come across clearly.
I’m not going to claim that there’s nobody who matches that sort of profile working in IT and cyber. I’ve worked with a few people who fit that mold, who hated even the idea of emotional intelligence being something they needed to think about, but also with lots of other colleagues who don’t fit it at all. Based on my experience with co-workers inside and outside of cybersecurity teams and emotional intelligence training I’ve taken, I’m a firm believer that developing strong Emotional Quotient (EQ) skills leads to being more successful and happy while working in cyber.
These are some of the core elements of emotional intelligence:
Self-awareness: The ability to recognize and understand one's own emotions. This includes knowing one's strengths, weaknesses, values, goals, etc.
Self-regulation: The ability to manage one's emotions effectively, especially negative emotions. This involves staying calm under stress, controlling impulsive behavior, being accountable, etc.
Motivation: Having the drive and optimism to set goals and work towards self-improvement. It involves taking initiative and having resilience when facing setbacks.
Empathy: Understanding and relating to how others feel. It means being able to put oneself in someone else's position to understand their perspective.
Social skills: Managing relationships well and communicating effectively. Key social skills include influence, communication, conflict management, collaboration, etc.
All five of those feel equally important. I feel lucky that 3,4, and 5 have always come naturally for me. I will admit though that I’ve had to (and still have to) put in effort to stay on track with self awareness and especially self regulation. I know I’ve had times where I did not have a good “poker face” when feeling frustrated during meetings and probably didn’t hide that emotion well in my tone of voice. Getting better at self awareness has helped me on this. I also find these simple things helpful, and I think they have helped me form better relationships with and work more effectively with people:
Being friendly - taking moments to ask people about life away from work
Trying to “walk a mile in their shoes” in my head - thinking about the work other teams have to do to adhere to cybersecurity policies, for example
Not defaulting to having a “users are dumb” mindset when users fall for crafty social engineering tactics
Remembering to try to ask good questions, more often than just saying how I think something should be done, and looking for “everybody wins” solutions
Having a collaborative approach - keeping in mind that we work with other teams and people, we should not act as if they’re working for our cyber team
One more bit of simple common sense on this: ideally, we put equal focus and effort towards our soft skills/emotional intelligence and on our purely technical skills.
Thanks for this, Patrick. Like many teachers today, I am trying my best to help my students develop these core skills. Since Corona, we've been seeing many students displaying a more self-centred and entitled perspective.