One of the biggest issues CISOs and other security experts face today is communicating the intricacies and gravity of cybersecurity to less tech-oriented team members. Put more loosely, it’s difficult to help your team ‘get it.’ This can be a huge problem when it comes to allocating resources – how can you convince leadership that cybersecurity needs more tools to succeed? How can you get your employees invested in the cybersecurity aspects of their work if they don’t really understand why it matters in the first place?
To be fair, most people do understand that it matters. There’s enough data breaches these days that we’ve all seen the risks, and most people want to mitigate those risks. But when it gets down to the specifics of how to do that, or next steps to take, many might not have the depth of understanding necessary to take it seriously.
That’s where you come in.
The ‘soft skills’ of communication and connection are invaluable to those in a cybersecurity leadership role for exactly this reason. It’s not just about making your team feel good (although we can’t discount that benefit). It really is about building a knowledge base in your team that means they’ll be able to keep an eye out for suspicious activity. They’ll feel motivated to give more time, money, or energy to developing and maintaining cybersecurity. They’ll understand more about what you do, and therefore will be much less likely to take you for granted.
The problem is, many people entering the field of cybersecurity tend to be lacking in soft skills. There’s nothing wrong with that, per se; they tend to focus on IT and have a particular skill set that’s well suited to much of the work in tech. But when it comes to cybersecurity, you might find yourself in a position with more responsibility; even a new hire in cybersecurity still has to communicate the importance of their policies to their colleagues. How you communicate might impact your very job security – or, at the very least, whether you have anyone supporting your work. When you consider how to best connect to your team, consider these three strategies:
1. Make sure to translate key terms. There are plenty of terms and acronyms that techies can take for granted – ssr, ISP, encryption, client, and more – that don’t make as much sense to those outside our sphere of work. If you’re speaking to someone in another department, make sure you clarify what your acronyms are. Even if it feels basic to you, explain terms like ‘encryption.’ Specify that when you say ‘client,’ you didn’t mean ‘customer.’ And, perhaps more importantly, do so in a way that doesn’t condescend to your listener. They’ll notice if you do, and when people feel talked down to, they’re not listening. They certainly don’t feel sympathetic to your cause. Clarify these terms in a casual, friendly, light-hearted way; they should feel that, if they asked any follow up questions, you wouldn’t think less of them. Sometimes it’s beneficial to have an actual document or glossary of them most-used terms for reference — but even then, it’s best to explain during your conversation if it’s natural to do so — it’s considerate, and will help you stay more connected with your team.
2. Listen to their needs. Whether you’re asking for more budget from your boss or assigning a task to your team, things will always go more smoothly if you consider their needs first. What is important to them? What are they trying to accomplish? Then, consider how your request fits into those needs. How will your private network ultimately lower costs for the CEO? How will a new password policy help your team meet their goals? Find out what matters to them and see how you can help – often times, there’s more connection that we realize. This is, first of all, a strategy of decency – wouldn’t you want others to do the same for you? But it’s also just good business sense. Any person is more likely to commit to a task if it’s connected to their own personal goals. Make it matter to them. And find out what matters to them by listening.
3. Offer Education. Cybersecurity affects everyone at the company, so why not offer a way to educate the company? Take a lunch hour every couple of weeks to discuss a new program or tool, or to go over the latest phishing scam. Have a developer review a more complicated project and leave room for questions – the more everyone on the team understands the tools and strategies behind your cybersecurity plan, the better able they’ll be to be able to offer support. These educational hours are also key opportunities to communicate why all this matters, and build buy-in with each team member present. Communication builds connection, and connected employees are much more likely to follow security protocol.
No matter where you stand on the proverbial ‘corporate ladder,’ if you’re in cybersecurity, your work affects everyone on your team – from marketing, to leadership, to the janitorial staff accessing the building Wifi. Everyone has a part to play, because anyone could inadvertently cause a vulnerability if they don’t follow protocol. You can help make sure they understand that protocol. With the right communication, you can bring your team together to protect your company from a breach.
Your technical skills build the protocols, yes — but it’s your soft skills that will implement it.