For the past several years, “soft skills” have been identified as one of the largest skill gaps in the cybersecurity industry. According to ISACA’s State of Cybersecurity 2023 report, the top five soft skills that security professionals need are communication (including listening and speaking), critical thinking, problem-solving, teamwork (including collaboration and cooperation) and attention to detail.
While some might consider these to be innate human characteristics rather than skills to be developed, cross-functional communications and leadership components in the workplace are more important than ever, and honing these skills can add value to professionals’ organization and accelerate their career.
To learn more about how professionals can work on developing these skills, ISACA connected with several subject matter experts in digital trust to gather actionable, practical next steps. The following is their advice for anyone looking to level up their soft skills:
1. Soft skills are human skills—you must commit to their continued development.
Andres Ricardo Almanza, vCISO/CGO of CISOS.CLUB:
“When I had the privilege of giving this talk at one of the ISACA conferences, I said in the title that these are not soft skills—they are human skills.
“It turns out that the idea of treating them as soft skills, according to research data, means that they are left for later development because they are not considered relevant, especially in technical careers such as ours.
“The data suggests that this is a serious mistake, because more and more jobs related to engineering in general involve, among other things, communication, empathy and many other skills that, apart from anything else, because they are human, are subject to a permanent development. This means that they do not belong to one or the other, not even to the thought ‘I was not born for...,’ because it is a capacity that can be developed and, therefore, we can all do it.
“There are many things to do to develop these abilities, but I think it is important to:
Know the inventory of human capacities: empathy, leadership, resilience, curiosity, imagination, communication, emotional and conversational Intelligence, among others.
“I have called this model the 4Rs model:
- Discover: Knowing what the gap is, i.e., the most important human skill(s).
- Realize: Knowing what level I want to reach.
- Develop: How am I going to move forward? Will I be accompanied by a coach? Can I do it alone? What do I need to do to get to the level I have identified that I want to reach?
- Evaluate: What have I learned along the way?
“This helps me to maintain a continuous cycle of learning.”
2. Emotional intelligence is a better predictor of success than technical skills—develop it by volunteering and asking for feedback.
Sushila Nair, vice president of security services at NTT DATA:
“Emotional intelligence is the ability to recognize, understand, manage, and effectively respond to one’s own and others’ emotions. The reality is that soft skills and emotional intelligence are even more important than technical skills as predictors of success.
“Soft skills are important for auditors and cybersecurity professionals because they facilitate effective communication, build client confidence, foster trust, enhance teamwork and enable a nuanced understanding of organizational dynamics and human behavior, all of which are essential for identifying risks, conveying complex findings and ensuring the successful implementation of recommended security measures. You can teach technical skills, but soft skills are harder to learn and because they often don’t turn up on job descriptions. People do not prioritize them as part of their career strategy, yet they are critical for everyone’s success.
“When I am hiring, I am always working to validate a candidate’s ability to fit into the team well—bringing new ideas without friction. I work hard to understand if the candidate has the ability to listen to the community that is their client, really understand the business goals and mission, and work well as part of a team on how best to remediate, assess and advise the business on risk.
“I would recommend reading books, doing assessments to measure emotional intelligence and asking for feedback from managers about your soft skills. I also highly recommend working as a volunteer for an ISACA chapter. You really develop your soft skills when you are managing volunteers who are contributing because they want to and not because you are paying them. You have to learn to inspire, to lead and create enthusiasm, and to cultivate high functioning teams. Classes are also a great way of targeting areas of improvement. But you must know this is not one and done—it is a lifelong journey of improvement. Selecting mentors with skills that you would like to develop is also a great way of learning."
3. Remember your empathy.
Caitlin McGaw, Career Strategist and Job Search Coach, Caitlin McGaw Coaching:
“While speaking with hiring leaders in digital trust over 25 years of executive search and coaching, I have been struck by how frequently empathy is identified as crucial to career success. Empathy for team members helps you develop positive working relationships with your closest colleagues. When you demonstrate empathy for your clients and stakeholders, you build your reputation and skill as a trusted advisor. The goal is to really put yourself in the other person’s shoes and see the issue from their perspective. You will dramatically improve your empathy skills by doing these seven things:
- Put your own agenda aside.
- Listen actively and well.
- Show genuine interest in what the other person is expressing.
- Acknowledge their feelings as well as their facts.
- Ask follow-up questions.
- Demonstrate that your goal is a win-win solution—not a zero-sum game.
- Offer to help.”
4. Practice how you present ideas and information—both in one-on-one conversations and to executives or larger audiences.
Rob Clyde,Executive advisor for ShardSecure, Executive Chair, White Cloud Security, Past Board Director, ISACA:
“This challenge remains highly relevant. According to ISACA’s recently released State of Cybersecurity [2023] report, soft skills are the biggest skills gap for today’s cybersecurity candidates, ahead of others such as knowledge of security controls and software development. In fact, communication skills have become even more critical in the industry now that cybersecurity has emerged as an enterprise-wide priority that requires professionals to have cross-functional leadership skills and be well versed in business-vernacular that resonates with executives.
“It stands to reason, then, that the earlier security practitioners develop those communication and leadership skills, the better they will be at their jobs, and the quicker they can advance their careers. However, the challenge is that those abilities don’t come naturally to many IT and security-minded people, and you generally don’t obtain them in an academic setting. So, how can industry newcomers pick up those soft skills more quickly?
“The most important method is to practice communicating, and that includes presenting. If you can’t effectively present your ideas to others, it won’t be easy to succeed professionally. Joining organizations like Toastmasters and volunteering through industry organizations that provide collaboration opportunities—or student groups for those still in school—are great ways to gain confidence in communicating and leading.
“That’s not to let companies off the hook—they also have an important role to play in developing employees into more well-rounded professionals. Companies should make acquiring and polishing soft skills part of performance plans for newer employees and ask them: how will you improve your soft skills, and what type of external organizations will you be part of to grow beyond your day-to-day responsibilities? Inevitably, employees that take this challenge to heart will find great value in branching out and make significant strides that will translate nicely to the workplace."
Note: this is an excerpt from Rob’s previously published article, originally appearing here.
5. Remain dedicated to improvement in the face of change.
Jenai Marinkovic, Executive Director, GRCIE:
“In an era in which artificial intelligence is redefining boundaries and global regulations are dynamically adapting, the ISACA professional community stands at the nexus, sifting through vast data to unveil the critical trends that are reshaping the cybersecurity industry. Surprisingly, our latest findings in ISACA’s State of Cybersecurity 2023 report catapult ‘human skills’—commonly dismissed as ‘soft skills’—into the limelight, not merely as an important facet but as the most glaring skills gap in the industry today. Far from being peripheral, these human skills are becoming the linchpin in an increasingly interconnected and complex digital landscape.
“Problem-solving: Problem-solving remains a constant need, particularly as AI and LLMs introduce new challenges. The stable importance of this skill indicates that while AI can provide significant data analysis, humans are still needed for ultimate decision-making, especially when ethical or complex considerations are involved."
“Empathy: Empathy remains constant in importance as AI and LLMs cannot replicate human emotional intelligence. This emotional skill remains vital as AI systems can’t replace human emotional intelligence, which is crucial for negotiation, conflict resolution and customer interaction."
“Conflict resolution: Conflict resolution remains a constant need, especially as new conflicts arise with AI integration and regulation. The ability to mediate disagreements and make equitable decisions remains a distinctly human skill set, amplified by the introduction of AI systems that can present complex or controversial options.”
Note: this is an excerpt from Jenai’s previously published blog, originally appearing here.