When someone thinks of the skills needed for a successful career in cybersecurity, the primary thought often goes to technical skills or “hard skills,” such as programming or data analysis.
But what about important interpersonal traits that show someone can communicate with others effectively and work well in a team dynamic? What about these often forgotten soft skills? What soft skills does someone need in order to create a successful career in cybersecurity?
These rarely discussed qualities of a great defense analyst, network engineer or penetration tester are just as important as having a firm grasp on programming languages or the ability to analyze threat data. Being team-oriented, being a critical thinker and having strong ethics are some of the many necessary soft skills needed in the constantly growing and ever-important field of cybersecurity.
Boise State University and its cyber operations and resilience program understand the importance of incorporating soft skills in the program in order to help students gain and further hone these necessary skills.
Ashley Vanpraag is the director of information security/chief information security officer (CISO) at Pets Best Insurance, the president of the local chapter of Information Systems Audit and Control Association (ISACA) and a career mentor for Boise State’s cyber operations and resilience program.
Elizabeth Khan is a cybersecurity auditor at St. Luke’s Boise Medical Center, a Boise State cybersecurity policy instructor and the founder of Dove Cyber, where she explores innovative approaches to cybersecurity grounded in mindfulness, ethics and human resilience.
When discussing the topic of necessary soft skills in cybersecurity, Vanpraag and Khan kindly shared their insight on the subject.
Demonstrating a continuous learning mindset and community
Having a continuous learning mindset and being able to showcase it are huge benefits to someone’s career path in cybersecurity for many reasons. Cybersecurity is about always staying up to date on cyber-related news, new hacking techniques and new technologies. Security professionals have to stay ahead of their adversaries through education. This can be accomplished via self-study, tinkering in a home lab or achieving a new certificate or degree.
Additionally, this attribute can be visibly demonstrated by sharing knowledge with others, attending free events and having an online presence within the cyber community.
“Highlight your learning experiences on LinkedIn,” Vanpraag said. “Add information about seminars attended or labs done to show expertise. Gaining certificates can also show hiring managers that you are a continuous learner.”
“View mistakes as learning opportunities, stay active in industry groups and share knowledge,” Khan said. “It’s not about what information you hoard, but what you freely share. Being a lifelong learner is key for success.”
Maintaining composure under stress
Cybersecurity, while incredibly rewarding, can also be very stressful. It’s imperative to one’s success to be able to stay resilient under that pressure.
The ability to be calm under pressure is something Vanpraag highlighted the importance of in stating the need to prioritize tasks and maintain perspective.
“Direct that calmness under pressure, both up and down the security hierarchy. Have a list of priorities and be able to triage,” Vanpraag said.
Khan suggests it’s important to “cultivate a non-reactive mindset through self-care, time management, exercise, meditation, work life balance and thinking and checking before acting.”
The power of communication
The ability to explain complex topics in a way others can understand is another crucial facet of the soft skills needed to excel in cybersecurity. Security professionals often have to communicate with different departments across an organization and with outside personnel about cybersecurity topics.
The ability to explain intricate security topics to someone who has less knowledge about cybersecurity is vital in being able to secure a CEO’s buy-in on purchasing assets for a more secure network topology or teaching fellow employees how to keep their organization’s data secure.
“Use analogies and simplify jargon for non-technical audiences,” Khan said. “The ability to simplify concepts or make them relatable with analogies or metaphors is very valuable when communicating.”
It’s also important to be able to tailor communication to the audience you are speaking to.
“Executives care about cost and impact — quantify the risks to get their attention,” Vanpraag said. “They need to understand what you mean, not a lecture from a textbook. They typically want to know ‘how much is it going to cost me and why do I need to do it?’”
Being able to explain difficult-to-understand ideas in a way that anyone can understand is critical in the quest to spread knowledge and understanding about complex cybersecurity concepts.
Ethics, integrity and empathy
Security professionals hold the keys to mountains of private data and guard the many types of doors to that data from adversaries. These adversaries can take the form of an outside threat actor or even an insider threat within an organization.
A strong moral foundation and a high level of integrity are crucial facets of what makes a great security professional. That responsibility, in the wrong hands, can lead to disaster if the person does not have a high level of ethics, integrity and empathy.
“Integrity is demonstrated through consistent, high-quality work and teamwork. It’s about the example we set daily,” Khan said. “Our integrity and commitment can be demonstrated in different ways.”
For a student, Khan said she would focus on things like how they are delivering their work product, timeliness on deadlines and how their assignments demonstrate commitment to learning the assignment. For those already in the workforce, Khan would look at met deadlines, solid work product and how they carry their weight in the team.
“These are all the ways we can demonstrate our integrity and ethics,” Khan said. “It’s the way we live day to day and the example and tone we set.“
Empathy specifically is something that is rarely discussed but is beyond important as a building block of a great cybersecurity professional.
“Show support and understanding during audits and team collaborations,” Vanpraag said. “Let people know you’re there to help, not to criticize. We need to care about each other and how we are impacted and work on an end goal together.”
The ability to understand outside perspectives and treat others with empathy is crucial in both personal and professional growth.
“Reflective listening and emotional intelligence can help someone thoughtfully address issues and navigate challenges. It’s important to be more responsive and less reactive,” Khan said.
This emphasis on the importance of empathy can also reduce the risk of a policing culture in the workplace, along with increasing one’s ability to gain “buy-in” from one’s peers. When teams are collectively focused on helping in a way that is ethical, empathetic and integral, everyone wins.
How Boise State’s cyber operations and resilience program sharpens one’s soft skills
Boise State University’s cyber operations and resilience program integrates soft skill development into its curriculum through collaborative projects, hands-on skill building and opportunities to present their work to a larger audience.
The program provides the course, Cyber Systems Thinking. The course highlights the importance of considering various aspects of an entire system holistically. This helps enhance consideration of various parts of the system and therefore improves collaboration, empathy and communication. Unlike strictly technical cybersecurity programs, these ideas of a balanced skillset are foundational to the program. This can set aspiring cybersecurity professionals apart from others, which can help to open doors to greater opportunities.
By acquiring and sharpening soft skills, aspiring cybersecurity professionals can not only strengthen their technical foundation but also position themselves as adaptable, trustworthy and effective professionals in the field.
Learn more about the cyber operations and resilience program
Boise State’s cyber operations and resilience program can open doors to new opportunities and a brighter future — and we’re here to support you every step of the way. Whether you’re exploring if an online program is right for you or need help transferring credits, connecting with a student success coach is the perfect first step.
Ready to learn more? Attend one of our online information sessions or contact a student success coach today.
Written by Ashley Furr