You think yourself to be the best hacker and you might well be, but in a meeting with your colleagues your pride spills over into a haughty, overweening attitude. You’re a security manager and you’ve made your own way to the top, working up from a good technical base, so you’re perfectly genned up, but when it comes to defending your budget before your bosses you get bogged down despite yourself in technical niceties. You’re the best salesperson of the best cybersecurity vendor; you think your clients are queuing up to snatch the product from your hands but when it comes to positioning your product you stray into empty verbosity … In other words you’re replete with hard skills but you’re woefully lacking in soft skills and maybe you’ve never even realized it.
Let’s look at an example calling for a lot of soft skills: a cybersecurity diagnosis in an industrial environment. The service consists of analyzing the current cybersecurity state of an industrial plant, comparing it with cybersecurity good practices and standards and proposing the necessary actions to reach the best solution. To carry out the initial fact-finding analysis you need to glean information from a lot of people, who may or may not be collaborators; who may or may not bridle at being audited; who, deliberately or otherwise, may hide information, etc. The consultant therefore needs to hone his or her soft skills to get the necessary information. This will involve drawing on such talents as empathy, a listening ability, humility and savoir faire. It goes without saying, obviously, that any consultant will be master of the hard skills; the moot point here is the soft skills.
After a long and painstaking research procedure the crux comes when the findings are presented and the improvement recommendations made. This presentation of results is usually made before client executives from various departments, all affected in one way or another. The irony is that many of them will not have promoted the diagnosis; each one will have his or her own vested interests, which may not tally with the interests of the cybersecurity department. Here is where the soft skills come into their own, the ability to talk in public, flexibility, leadership, rapport and negotiation savviness, to ensure the presentation is productive and even exceeds the clients’ expectations.
During the latest Basque Industry 4.0, held in Bilbao last November, I ran a workshop on “Cybersecurity diagnoses in industrial environments”, as part of my ongoing collaboration with the Industrial Cybersecurity Center (Centro de Ciberseguridad Industrial: CCI). The workshop ended in a roleplay, with students volunteering to act as the consultancy team and me taking the part of various clients to whom the results were being presented. Despite the contrived situation, one thing became crystal clear; even the best consultancy work and a past mastery of hard skills might flounder if you address clients in terms they can’t understand, if you overkill the fear factor or slip into technicalities, if you fail to look for value beyond the project’s strict borders, if you’re not fleet-footed enough to field the complaints made on the spot, if you come across as too clever by far, or incur in any other of a whole host of soft-skill blunders.
That being so, if you work in any cybersecurity area, look to your soft skills and see the difference.
Author: Javier Zubieta
Las opiniones vertidas por el autor son enteramente suyas y no siempre representan la opinión de GMV
The author’s views are entirely his own and may not reflect the views of GMV