Unlocking the Power of Soft Skills in Cybersecurity

Show Notes

In this episode of the Cyber Security Mentors Podcast, we discuss the critical role of soft skills in the cybersecurity field. We emphasize that while technical skills are essential, soft skills such as communication, empathy, adaptability, critical thinking, and teamwork are equally important for career growth and success. We provide insights on how to improve these skills and their relevance in various cybersecurity roles. We also introduce a new networking course aimed at helping individuals build meaningful professional relationships.

Networking is King Course

Connect with us and leave us feedback:

• Cybersecurity Mentors Podcast Swag
• Sign up for our Newsletter
• Mentorship - Sign up for a FREE session
• Join us on Discord
• Follow our LinkedIn page
• Check out our YouTube channel for more content
• TCM Affiliate Link

Chapters

• 0:00: Episode Introduction & Soft Skills Overview
• 8:55: Why Soft Skills Matter in Cybersecurity
• 18:46: Communication: The Foundation of Success
• 30:22: Emotional Intelligence & Empathy Skills
• 38:26: Critical Thinking & Adaptability
• 47:06: Teamwork & Conflict Resolution
• 52:02: Role-Based Soft Skills Examples
• 58:20: Networking Course Announcement & Closing

Transcript

Steve: 0:03

Could you teach me First learn stand, then learn fly. Nature ruled on your son, not mine.

John: 0:12

I know what you're trying to do.

Speaker 3: 0:16

I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it. What is the most inspiring thing I ever said to you don't be an idiot changed my life hello everyone.

Steve: 0:38

Welcome back to the cyber security mentors podcast and welcome to episode one of season four. I am Steve Higuretta and with me my good friend and co-host, john Hoyt. What's up? So we are starting this season with a topic that we believe doesn't get enough attention, but it's something that we have both seen make a huge difference in the world of cybersecurity. And what is that? That is soft skills. So in today's episode, we're going to talk about what are soft skills? Do they really matter? How do they apply to different career roles, and how can we help you improve those skills and what can they do for you. So, john, your thoughts.

John: 1:31

No, this is going to be a great episode. I'm excited to talk about this. This is a very, very big deal, very important to me. Speaking of that, we're going to talk a little bit I'm going to tease a little bit here. A new course that we developed called Networking is King, based off of our episode, one of our favorite episodes that we reference often and how to build a career through real connections, and this is another exciting thing we're happy to share here. Another exciting thing we're we're happy to to share here um, for the first time that we built, this course around networking, how to actually do it, what are the tactical, practical steps that you can take to to level up in this very important skill? So we'll get more into that later, but just wanted to tease it here yeah, thanks for that, john.

Steve: 2:24

That, John, yeah, we are very excited about this. So, yeah, very excited to talk more about it. One more thing before we get started. We always always appreciate the support and the feedback we get from our listeners. If you want to keep supporting the podcast, please check out our Cyber Mentor swag shop, where you can get yourself a hoodie, a mug, a t-shirt and just help represent and step one of taking over the world. So show your picture. Show your picture.

John: 2:50

That's right. Yeah, yeah, polo, right here.

Steve: 2:53

Beautiful, beautiful. All right, so that's it, let's get started. So what are soft skills, john?

John: 3:01

Yeah, you know, everybody focuses on technical skills, right. This is, if you look at the training that's out there, what's available? It is 99% technical in skill sets and how to level up everything from operating systems to TCP, ip networking, to system administration, to development, programming, combining all those around SOC skills using a sim, whatever, whatever right, but really our case are are we're making a case today that soft skills and what these are are really at least as important, if not more important, than technical skills, and we believe this. We've seen this and we'll talk about that. But some of these skills are communication I mean, this is huge and we're going to dive into this, but we'll keep going Empathy, adaptability, teamwork, critical thinking, emotional intelligence, right IQ, eq, time management, conflict resolution and leadership. So what do you think, steve?

Steve: 4:21

No, I think that's great and I agree with you. I mean hard skills help you do the job. So that is your technical knowledge. Soft skills help you grow in the job and help you thrive within a team, because those are the skills that you really need once you're in there to grow your professional career, get along with your teammates and be able to to just lead one day, if that's the route you want to take. Um, so yeah, so um. Why are soft skills essential in cyber security, john?

John: 4:53

yeah, they're essential, and not just cyber security, but just as a career. And I'll just I'll kind of use this as an example. You know, if we imagine we get a resume 150 resumes for a position, which has happened, plus 150. And we're obviously looking for technical skills, we want to know if you have the chops to be able to do the job. But as we are interviewing and we start connecting with people that we we look at their resume, they look solid. Let's talk to these people.

John: 5:30

What we're really looking for, can you do the job? Do you have the skills? Or what is what do we need to train you on? Because we, we know we can. You're going to get up to speed if you at least are proficient and can learn, and you've proved it to us that you can learn and get better technically. But what we're really looking for is how you come across with your soft skills, how you come across when you communicate, how good of a team player you're going to be, how much you can relate to others. You know, do you show empathy? Do you show humility? You know, are you open to feedback? You know? These are the things that we really want to dive into, to understand how you stand out, and this is this makes you stand out, because we can always think about well, I can add, I can send you to a training course, I can send you to a Splunk or Elastic or whatever you know. You can pick up technical skills as long as you have that capability.

John: 6:31

But the soft skills, the way you work with others, that's the stuff that sets you apart. In our opinion, it's like look, when we interview people, we're like this person, they're going to be great, they're going to come in and hit the ground running, they're going to work well with others, because all it takes is one bad apple and it really can upset your whole team Absolutely. You bring in drama, you bring in poor communication, all these things that can really cause a team to go downhill fast. So that's why it's so important when you are interviewing that you, you highlight these. Yes, I could solve your technical questions, but really, things we've talked about before how do you handle pressure? How do you communicate under pressure? How do you are humble about being under pressure? Hey, I'm nervous right now. Now I'm really excited about this, but I'm nervous right. Um, how do you work during those times? That that's the stuff that puts you apart.

John: 7:33

And, honestly, back to my point about how the focus is on technical skills. This isn't what people work on. They're not trying to get better at these skills, they're trying to get better. I'm gonna take this cert. I'm gonna take this course. I trying to get better at these skills. They're trying to get better. I'm gonna take this cert, I'm gonna take this course. I'm gonna get better at linux and get better at windows, whatever.

John: 7:50

They're not thinking how do I get better at communication? How do I write a better report? How do I make it sound better? How do I make better a clearer, concise language? How do I speak better? How do I actually present do public speaking like this is the things that level you up in a career. When we're looking around the, the organization, we're thinking who could the next leader be? And we're going to talk about leadership and in another episode this season, the things we're not thinking about is well, that guy or that girl, they're the best technically ever. We're thinking who can, who can communicate, who can work well with others, who can lead others, how can they build their team, how can they encourage their team? Those are all soft skills related, and that's what puts you apart and stands apart. So that's, that's my case.

Steve: 8:43

Yeah, no, I, I completely agree with you, john. I mean, we've said it here before in previous episodes that we, we would hire someone that shows that they have strong soft skills over the actual technical cyber security background because, like you just said, we can send you to a training. You know, we can teach, we, we can show you the technical um, but it's the soft skills that sometimes. I'm not saying that they cannot be improved and they can't be learned, but sometimes it can be a bit more challenging, uh, to have someone change their ways, to just be a better fit with what you already have within your team Communication, for example, in cybersecurity.

Steve: 9:26

You may think, oh well, communication, that may not be so important, especially if I'm starting wrong. If you see something weird, suspicious on the network, you might be the first set of eyes that notices it. You need to be able to not only do the technical investigation work, be able to identify it, but when you're communicating with your teammate, with your supervisor, when you're reporting it up the chain, you need to be able to have good communication, solid communication skills to make sure that you are letting them know what you see, the importance, your opinion, all of that, all that plays a fact. Now, again, some of you may say well, I, like many others, solely focus on the technical because I believe that's what's going to get me the job. When we are in a job market where we have so many jobs available and not enough people, maybe that might be enough. But now things have changed. We are in a job market where there are so many open positions and there are so many more people trying to go after those positions. So focusing on your soft skills will help you be one step ahead of the competition, because a lot of people, just like you, will go out, get certifications, get training, just be there and be strong technically, and they're not thinking about this. They're not thinking about the soft skills and not thinking about hey, how do I present myself? How do I communicate? Showing empathy, like what? What is empathy? Some, some people, may not even know what that means. Um, so all those things really do matter and that's really what this episode is about Just us talking about them, highlighting a few, talking about them. Um, but yeah, and and that's and that's what we believe is important to help you better, get better and just move forward in your cybersecurity journey.

Steve: 11:11

So I spoke about communication. So let's just talk about that. What exactly does that mean? So for someone in cybersecurity, you know, being able to write clear incident response, incident reports sorry, risk, talking about risk, explaining the risk from your point of view, doing executive summaries right, you may be in a position where you have to escalate something that you're working on or something that you seem think it's suspicious. So, being able to communicate that verbally, being able to communicate that in an email, in a Slack message, teams message, whatever it is, and explaining, being able to simplify something that is very technical to someone who may not be as technical as you are, and then just presenting findings, right, just, really, it's all centered around the incident response part or section. Also, just communicating with you, with your, with your coworkers, people you work with day in and day out, right, being able to communicate with them and being able to have a good relationship with your team. Yeah, did I miss anything there, john? Any thoughts on just communication?

John: 12:22

No, you know, we have a whole episode on using storytelling to communicate.

John: 12:29

That's right, right. We interviewed Matthew Dix and talked about his books, those concepts. That's why we've delved into those, to help communicate the technical in a better way to understand for others to understand, and abstract the technical into more business, speak, into more business lingo, to make to get on their level. You know, they, you know and everybody knows all the details that you know and you have to be able to get out of your head and speak in a way that it relates to them and that's. This is so, so important. It's just the big. Probably the biggest thing in here is really communication.

Steve: 13:15

I completely agree, and I would say that this is not just focused or aimed at people getting started in their career, but also people that are in cybersecurity and are trying to advance, trying to grow, trying to move up the corporate ladder per se. There's a lot of things here that we're going to talk about that you need to be good at if you do hope to step into a leadership role down the line, if that's kind of where you see your career going. Um, and communication, like john said, is probably the number one, uh soft skill out there that you really really need to focus on and make sure you you feel confident and comfortable with it.

Steve: 13:56

Yep, um, so I mentioned empathy, and this is something that I've had issues with in the past. Uh, I I tend to be like, okay, black and white, right. Like hey, there's no gray, this is just, we do it or we don't do it. And like you know, and the biggest thing for me that kind of gets me going is in our organization, fishing right. Especially if you have people that are repeat offenders, and it doesn't matter the amount of training, doesn't matter the amount of one-on-one or whatever it is that you go in there and you say, hey, this is what you're doing wrong, we really need you to do this or do that, or how can we help?

Steve: 14:36

Whatever it is, and people just keep falling for things and patience wears thin and it's just being able to put myself in their shoes and being able to understand how they are seeing things right, how they are processing. You know they. They may not see things how I see things, especially some of the users that we deal with. Some of the users may be a little older, some of the users may be not as technically knowledgeable as I am. So, just those things being able to put yourself in someone else's shoes and being able to kind of see things from their eyes and being able to, to communicate with them and help them, being patient, you know, just working, working around those individuals, not working around working with those individuals, and just making sure that you are thinking about the human factor as well. Right, we are all humans, we are all different, we all think of things differently, but there is a way to work towards something that everyone can participate in. Work in yeah, I feel like I'm rambling, john. What do you think?

John: 15:55

This makes me think about this is why, if you are going into security, it can be very helpful to work in other roles in IT, like the help desk, like support, desktop support, those kind of roles. I mean, you get those calls. This happens less in security, but this is what happens when you're in a support role. Daily, almost Somebody calls you up and their day is ruined. Right, my printer doesn't work, my computer's fried, my laptop's broke, my whatever and they're venting. They're going to vent their frustration on you. You're the it person and, even though you had nothing to do with this, you, you're just there to help, but they're going to take it out on you and it's easy to get defensive, like you know, and then and then reflect that energy back on them versus like, okay, you know, let's, let's take a look at this. Right, I mean, you got to put, put yourself in their shoes, just like you said. It's really all what it's about.

John: 16:58

So a lot of times in security you're doing that over and over again in different ways, and you need to do that so that you can understand hey, okay, what is it right now that they're facing as a challenge that? If I was, why do they need to keep this data Right. What is their daily job? Why do they need to be able to have this on their system? Why do they think they need to use this software that we see as a risk? Maybe there is a special case there that they do need it and we don't like it. But we try to find a middle ground. So there's many, many, many of those situations where you're trying to let me understand. That's the way you should approach it. Let me understand. Tell me what your use case is. Approach it with an open mind first. Then you can bring the hammer down. That's right. But you want to do the best you can to try to meet in the middle. That's really what it comes down to, with empathy.

Steve: 17:53

All right. Next, adaptability. So cybersecurity this is very important. Right, there are new threats, new tools, new regulations, all kinds of stuff. It's like every day some new vulnerability is coming out, every day, some new security tool is, every day some new security tools coming out, and you just have to be able to adapt, especially within your organization.

Steve: 18:11

Right, you may have leadership change. Right, you may have someone who may not be as supportive of the security team as you would like, and then someone comes in, or vice versa. You have someone there who comes in, very supportive of the security team, they leave, someone else comes in. Or vice versa. You have someone there who comes in, very supportive of the security team, they leave, someone else comes in and they don't see security as important as you see it. So, not only on the technical aspect, but just leadership and just running the security team as a whole, you need to be very adaptable, working with your teams as well internally, and just be flexible and just the ability to slow down, take a deep breath, know everything's going to be all right and just keep moving forward and figure it out.

John: 18:53

So, john, your thoughts yeah, if you're not adaptable in security, you might as well get out yeah.

Steve: 18:59

If you don't like, change yeah security is the right it.

John: 19:02

It's probably not the right for you and even IT in general, like it's changing all the time. I mean, as we know, ai is everywhere, ai is everything. It's a new day, new dawn, and if you're not flexible, resilient, adaptable, you might need to rethink it for sure.

Steve: 19:19

Yeah, absolutely. Next one we got is critical thinking. So this is also very important within cybersecurity being able to you know you're analyzing logs, you're analyzing behavior, incidents, you're trying to find patterns. You're going to have to make decisions under pressure, um without you know, sometimes without having maybe a supervisor or someone there, and you see something wrong and you have to focus on stopping the bleeding Um, you know, and, and that that's that's your focus. So, just being able to think through things and being able to to um be okay under pressure, um, what do you think, john?

John: 20:05

Yeah, I mean a good way and we got some training on this about decision-making under stress and being able to get as much information as you can. Make a call you know you're going to have, especially in leadership you're going to have to make a call, you're going to have to make a decision. What do we do first? Sometimes it's just the first, most logical next step, just to move things forward. You may not have everything, you may not have all the answers, you won't but how do you think through that? You know this is where you're using your logic, but you're also being able to think through a problem and get feedback. Be humble being able to think through a problem and get feedback. Be humble, get as much information as you can in the time that you have available and then move on to the next thing.

Steve: 20:55

Yep, absolutely so. This leads to the last one we've listed here for us to just kind of run through, and that is teamwork and collaboration, another very important skill for you if you are within a team of cybersecurity. So no cybersecurity team should work in a vacuum, right Should. Now they are those one man security teams out there. I feel for you much love and you may not have other choices. You may not have someone to bounce ideas off of, you may not have someone to work with no-transcript creating a solid, solid culture within our security team. And you can see it, because when shit hits the fan and it's all hands on deck, I mean you can really tell the just how close we are as a team. And I also believe that part of that is you know, we are really focused with the hiring. We make sure that we hire the right people from the get go. Now, obviously, some, some people may get through that. It may not be best, but we're we're pretty quick to see that. And then you know, move forward and move on.

Steve: 22:26

But being able to build good relationships within your team, also within your organization, just general IT and just other departments within your organization Also. Just, we security never wants to be the roadblock, we never want to be the, the speed bump or anything right. We want people to come and tell security hey, this is kind of the projects I'm working on, this is what I would like to do. Can you help me accomplish this and not be like, oh no, we don't want to tell security anything because they're just going to say no or they're just going to stop us or whatever? So just teamwork, collaboration, not just around your, your security team, but just around the entire organization. Huge, huge, huge importance. Yeah, that's my thoughts.

John: 23:12

Yeah, I mean. One of the other sayings that Steve and I have been through training on is relationships are currency. That's right. Really, your relationships are, in every way, the most important thing, one of the most important things maybe not the most, the most important thing, one of the most important things maybe not the most, but it is super high on a priority list of with your team, outside your team, with your leadership, with your subordinates, with everybody you know across the board. And so if you're not, if you're just thinking, well, we're security or where well, we know better than them and they should just do what we say, then there's going to be a time it will.

John: 23:54

It is going to happen when you need their help and if you've burned that bridge because you just don't like that person or whatever, then it's going to come back to bite you, right? So this, obviously, having a good team we talked about having about one bad apple and being able to work well with others that makes sense within the team, but definitely even outside the team. And how you let me see how you work with that group. That is kind of prickly. It can be a bit challenging to work with. Um, that's the stuff that stands out. That's the stuff that also makes you look very top-notch and A-player like. No, I can put them in a bad situation or with that group that sometimes it's a little rough to talk to and I know they're going to do their best to build that relationship and not burn the bridge.

Steve: 24:44

Yeah, absolutely so. Just to recap, we just did a brief overview of what are some of the soft skills that are essential in cybersecurity. They were communication, empathy, adaptability, critical thinking and then teamwork and collaboration. So for those of you listening, you may think well, how can I improve these skills? What can I do to help me improve these skills? So that's our next section. So, john, what can someone do to help improve communication?

John: 25:19

Yeah, I think there's. There's obviously, there's written and there's verbal communication. Both of those are skills that you know. Number one realize that these are skills that you can get better at. Some people may think, well, that person is just a born good communicator, and that is true. There are people that it's naturally easy to come by for them to be able to do public speaking, be more open, be more gregarious. They love being in front of an audience. That's not me, right? I mean you, steve, thinks I'm joking when I say this, because because I like talking, gregarious, they love being in front of an audience. That's not me, right? I mean you, steve, thinks I'm joking when I say this, because, because I like talking, but really like it is it? It can be draining to get up in front of people and speak right, and there's a lot of preparation. But these are all skills and what I would say, just a good. Let me just give you one good, practical, easy tip that I learned and helped build into.

John: 26:14

What we're doing today is you know, you can go in and record yourself talking about a topic. You've got your phone, you've got a computer. Make this a daily you know, few times a week practice where you are talking about something related to cybersecurity and you do that on a regular basis to build this skill and when you start out, it's going to suck, you're going to sound terrible, you're going to go back and you may not even want to watch these, but because I've done this before and but you do that and you just get better at it. So, just like us doing these episodes, we get better every time because we're getting these reps, we're getting practice Speaking about a technical topic and communicating it. Imagine you're going to share it with an audience and maybe you do. Maybe you stand up your own YouTube channel and you start just riffing Right, research, something, share it. This is easy, free, you don't have to, you don't have to pay any money, you don't have to have a fancy camera, you don't have to have any of that stuff. But the more you do this, the better. You're going to be able to articulate this to a team, your team, an audience, to an interviewer, your future employer, maybe. And it's all about.

John: 27:37

Being able to speak in front of a camera is similar to being able to speak in front of a group, in front of an audience, in front of maybe your own Zoom, like today. It's weird because you don't have that immediate feedback when you're speaking in front of a group, but it's still the same kind of thing, it's just a little bit different slant on it. But yeah, that's something you can do every day. That's for the verbal side. For the written side, here's the thing, right. Everybody loves ChatGPT. We love tools like Grammarly, right?

Speaker 3: 28:10

Yeah, everybody loves chat gpt, we love tools like grammarly right.

John: 28:11

Yeah, I just saw this research paper that at least one research paper that said that use the ai to write your reports make you, makes you dumber. Just saying they did a test where they like, had somebody write the report and then they had to ask them about what they wrote. Versus, like, using ai to write their report and then asking them and they couldn't, they didn't know what they wrote. That right. So, yeah, use ai as a tool, use ai as a brainstormer, don't use it as just your. Hey, I'm gonna have it. Write this full summary for me, right? Um, because it's just like google. We don't know everything. We google everything we know. We know google's there. We don't have to know what year this happened. We can Google it. Well, does that mean there's knowledge there that we're missing? Yeah, but my point is that you should practice writing things. Emails, a report.

John: 29:04

When you do your hack-the-box challenges, write up a summary of what you learned. Write up a pen-test-like report. When you're doing an assessment, assessment, you do a new course. Maybe you're going to try hack me. Write that up as a project. Here's what I did. Here's what I learned.

John: 29:20

We talked about this with craig sheffield, about what he did on his project page. Right, I can go out there and look at his projects and what he wrote about them and interpret how he puts that down on paper and see what how he's doing with his writing ability. Has he gotten better? Um, written communication emails they're not going away anytime soon, so being able to communicate in the written form is definitely a skill that you can practice and get feedback on, right, like, hey, I wrote this up, could you take a look at this? What do you think I should clarify?

John: 29:55

Sometimes I'll reread an email that I've drafted up five times, or I'll start it and leave it and I'll come back the next day and totally change it because my mind is a different place or fresher place, right. But when I, when it lands, I want to try to think about kind of back to empathy how are they going to interpret it? How are they going to read it? What are they going to take out of it? I'm doing reports for the board and these are big, full reports that I'm trying to figure out and determine how they're going to interpret these metrics and data and things like that.

John: 30:27

So writing, you know, know, really is super important. You don't have to be a novelist, but you do need to be able to take complex things, especially cyber security related, and cipher those down and curate that data to a way that you could give it to your grandma maybe a little bit higher level than your grandma, but you can give it to somebody that's not a technical person, yeah, but is informed and they can read that and say, okay, I get it, I get what you're saying, right, yeah, that's what I got, that's what.

Steve: 31:01

Those are some things for communication yeah, no, I agree with all of that. I really don't have much to add. Um, definitely, practice makes perfect, you know, um, for we just got done doing performance evaluations at our organization, and communication is something that a lot of my team they do very well, but it's something that I can I'm going to continuously push them to work on, because it's it's that is that important and that valuable for for us, for the organization, for our team, but for them individually, for their professional growth. So, yeah, thanks, sean.

Steve: 31:35

Next up, so we talked about empathy, but really, in order to get better at empathy, you need to work on emotional intelligence, eq. So why is it important? So you need to understand your own emotions first and those of others, especially in high-pressure environments, like for us in cybersecurity, especially when there's an incident. So one of the simple things right, always reflect before reacting, especially during incidents and I'm specifically focusing on incidents, because that's really when those are high pressure situations and you will find yourself in those more within. You know, as you are in cybersecurity, as you grow your career within cybersecurity, incidents is really what it's about, right, because that is when we are up against the bad guys. Right, that is what we do. Our job is to help protect an organization, and when we are being attacked, that is when, hey, everything flies out the window and you're just let's go to action. Like John says, let's get after it. So, you know, learn to read body language right, learn to kind of understand different tones within meetings.

Steve: 32:51

Asking for feedback when you are communicating with someone you know, figure out, you know you may have a team member, you may have someone that you're working with who they rather you pick up the phone and talk to them than send them an email, or vice versa. Someone may rather, hey, send me an email instead of, you know, give me a phone call. Or someone may prefer you meet with them in person. Um, there are different things that really matter, that are simple, uh, things that you can kind of figure out or ask um around and within your team to kind of help you with this. Um, and then just asking for feedback, asking for, hey, how would you like for me to approach you about XYZ, especially when you know there's just so much pressure, right, it's like, hey, we need to figure out what's going on.

Steve: 33:43

You know we're getting attacked, we need to do this, we need to do that, and sometimes, you know, different people handle pressure differently and some someone may you know raise their voice or someone may you know start putting pressure on someone else, and it's just a lot of things that could happen within that team that if you are not emotionally intelligent to highlight and see the things that could go wrong, that could affect how you handle certain situations and how people view you within your team. Right, and it just all comes back to just taking a step back, taking a breather and then approaching things as they come. But yeah, that's my two cents on empathy, aka emotional intelligence. Any thoughts there, john?

John: 34:33

So a couple of things. We did an episode with adam anderson on eq emotional intelligence so we can link to that too. Um, but there's a whole episode on eq that would be helpful. Um, things that stand out to me you talked about body language and reading body language and um joe navarro. He has a few books on this topic. I read a couple of those and he's very interesting.

John: 34:57

Former FBI agent used body language to when he was doing interviews with informants or other people that he's he's doing questioning on and how important body language was during that to understand where they were, were they anxious, were they upset, were there hidden tales there that they were giving away that could help him relate better to them and be able to connect Really. That's what this comes down to is being able to understand how that other. What this comes down to is being able to understand how that other person is. Put yourself in their shoes so you can make a better connection. And one thing he mentions and talks about one book in particular is what everybody is saying. It's about body language. But he said you know, you think you see the movies and people go in and they're interviewing, they got the big light on them and they're, they're grilling them and they're. It's very adversarial, but really that's not how it works. The best technique is to build rapport, connect with that individual, even if they're a bad person, then you're able to. They see you, they see that you see them as a person, now they're more likely to share information. That that's, that's the the real way, and obviously we're not interviewing bad guys, but this is this is true across the board being able to use these, these things. Another thing that stood out about empathy is just DISC, the DISC profiling which stands for.

John: 36:38

I had to look it up, I couldn't remember, but dominance, influence, steadiness and conscientiousness, which there's other terms for those two, but basically there's tools you can use to take a score for free of yourself and it'll kind of tell you are you like d for? For what I remember was like driven. Are you the driven personality? Is this what you like to do? You just like to go, go, go, go, go, right, yeah, are you um more introspective, are you? See, I'm a high c, so my in my score, my C score was the highest, and that's a person that likes to have all the information, likes to do as much research, likes to have all that data before making the decision. But I've had to adapt Like you can is what you baseline in and then you have to adapt based off of the situation.

John: 37:26

A lot of times we don't have all that information, but what's cool about it is you can kind of see where you are, um, and see have other people. If they do this, you can understand oh, that's how they operate. This is you're finding out what their operating system is and you can see this and your teams and your groups and your family oh, that person, they're a type, a personality. They like everything a certain way, right, yeah, well, once you know that and you take that into account when you communicate with them, you can use that information appropriately. Well for me, if you're coming to me and you want to come and get me to sign off on something, if you haven't done your homework, well, guess what's going to happen? I'm going to say Denied. Yeah, please go back and do your homework, go back and do more research on this topic before you. You, I need more information before I make a decision. So that is all. Empathy, that all plays in empathy yes, sir, all right, thank you.

Steve: 38:25

Next up, adaptability. So why is this important? So cybersecurity, like we said, changes fast. You know. Threat actors evolve, tools change, teams shift. So how can you improve on this? So, staying up to date with new tools yourself, trying new tools outside of your comfort zone. Right, embrace feedback and just course correction. So, if you are within a team and you're doing performance evaluations and your supervisor or your manager whoever has feedback for you right, whether it's good or bad, whether you're doing something good or you need to work on something, embrace it. Embrace it and work towards correcting that. Right, because you are part of a team and someone in a leadership position has seen things where you can improve to make the team even stronger and to make you as an individual and as a professional stronger as well. Focus on things that are different, that you are interested in as well. That will help you get better and therefore help your team become stronger.

Steve: 39:37

Stay up to date with blogs. Stay up to date with just information, intel, just what's going on within the cybersecurity world. You really need to do this every day. If you haven't already, sign up to some newsletters. Really find some good, solid sources that are trustworthy, where you can take a look every morning, every other morning, and just really get a feel for, hey, what's the latest news around cybersecurity? Who got breached today? Oh, so-and and so All right, how did it happen? Do we know that so far? Oh, can I take that and double check that my organization is not as vulnerable or it can be taken down the same way, just being able to inform, inform, inform yourself. You have to, or you will be left behind in the world of cybersecurity. Be left behind in the world of cybersecurity, anything else, john.

John: 40:32

Yeah, this is a muscle, right.

John: 40:34

Yeah, and you can strengthen this, just like you every you know working out right. The more you do that, that strengthening exercise, the bigger it's going to get. And a key part of that is getting out of your comfort zone. And I know, listen, I got some Gen Z kids. I love you, but getting out of your comfort zone is not your favorite thing to do. Okay, but it's not going to get better if you don't practice it, if you don't get yourself out of the comfort zone. So back to public speaking, back to taking stretch assignments, getting out there, putting yourself out there. The way you become more adaptable and resilient is you need to build this muscle, you need to be able to stretch yourself a bit, not too much. You want a break, but with the proper guidance and mentorship and coaching of support. Somebody's got your back. Then get yourself out there, put yourself out there so that the more reps you get I've been through so many incidents, so many fires, that I'm cool, calm and collected. Something happens.

John: 41:44

You're in the bunker, you're getting bombed and you're like hey man, we got this, Don't worry, we're going to get through this. So these are the things, the way you can build that muscle to get over being nervous. Not that it goes away completely, it's not like you never. It doesn't mean the nervousness goes away completely. You're still nervous, but you've been through it before, you've worked through it. You breathe, you concentrate, you move on and then you look back and you're like see you know, not a big deal, we did it.

Steve: 42:17

That's right. I completely agree. All right, uh, second to last one critical thinking why is this important and how can we improve on this? John?

John: 42:28

Yeah, critical thinking. So, as we've talked about, with incidents, things are happening. You've got so many decisions you need to make. It's really decision making and I really like the decision making under stress, using that concept. How can you do that? Not only when you have a problem, you're trying to solve a puzzle, which is why a lot of people go into cybersecurity, because there's lots of problems to solve. Hey, how do I exploit this box to get access, to get root, whatever, right, if you're on the offensive side, how can I solve how this happened?

John: 43:02

Forensically, some systems got compromised. What were the pieces to connect together, to connect the dots, to see how it started? What was patient zero, those kind of things. There's a lot of problem solving. That we do on a regular basis.

John: 43:17

But the thinking critically, it's just really kind of using all that information to don't make assumptions, get as much facts as you can, get as much facts as you can, and then work together as your team and be able to gather that those facts and put it in a cohesive way of like, ok, here's what, here's what you said, here's what we know, here's what we don't know. Right, and then from a logical standpoint, like it helps inform maybe your emotional response. You know you don't want to be a robot, but you use. You can switch to data mode from Star Trek. You can be in data mode and you're like thinking like a computer. Okay, what do we know, what don't we know, what can we gather? What information do we need? Then you're able to use the logic to then communicate what the decision is or what you know about the situation. I'm calling you up. Hey, steve, I heard we got an incident. What do we got? Where are we? And Steve's done his homework again homework, and he's gone through, found out the facts, made a decision for what, what recommendations he thinks we should do. Here's what I know, here's what I don't know, here's what my recommendations are, right.

John: 44:36

So the critical thinking aspect of that and how to to do it, as far as how to practice it, really it's just trying to put yourself in those situations. You know, assume that you're going to have, you know, using capture the flag type scenarios or incidents, or or researching an incident and thinking through okay, what did they know? What didn't they know? What would I have done in those situations? What could have I done? What could have I done differently? What could have they done differently. Right, kind of looking case studies up and seeing like this was this breach it happened at whatever organization, what went good, what went bad, and then using that as an after action is really important when you're in a team. But even almost like doing after actions for practice of here's what went good, here's what went bad and here's what we could do better Right, that kind of critical thinking piece of it and using after actions, what do you think?

Steve: 45:35

Yeah, no, I completely agree. I really like the kind of reviewing real breaches, like real scenarios that happened, and putting yourselves in those shoes right With the information that you know, because sometimes not all information is available out there, but you know. You can kind of put yourself in that situation and running through it, using your environment as an example, to say, okay, well, all right, if we got a phishing email that came in that one of our finance people clicked on the link and they had access to this data, okay, and then I found out what would I do next? Just kind of running through those scenarios, because maybe not that exact same thing will happen in your organization, but something similar. And if you've already kind of played that in your head, right, I mean, and many things could change, many things could be different, but for the most part you are doing those exercises in your head of what will you do next, who will you call? What tools do you have? How would you do this, do you would do that? All of that just kind of helps you just build that muscle, kind of like what we were talking about. So I really like that example as well. All right, last but not least, teamwork, collaboration, which all kind of flows into potential conflict resolution. Right, because you can be a good team player and you can be good. But what is the worst case scenario? Friction within the team. So, um, so you know, just be able to, to, you know. So why is this important? Like we said already, being able to build those good relationships within your team, being able to build those good relationships within the broader it area, but also within the organization, executive leadership. All of that Conflict will happen. It's just going to happen Eventually.

Steve: 47:15

Someone may not see eye to eye with the other person, and then you have to figure out. Okay, it might be you, you may not see eye to eye with your coworker, your manager, supervisor, whoever it may be, but you have to be able to work it out. May be, but you have to be able to work it out, figure it out. And it all starts by listening. You know, active listening. Don't just speak or wait to speak, but just listen to what's going on. Take a step back I mentioned this before with empathy and just emotional intelligence. Take a step back, take a breather and then move forward.

Steve: 47:50

All right, so just be open to other people's perspectives, other people's ideas. You may have a vision in your head of how you want to tackle something and you may think that your idea is the best, but others within your team may have different ideas. They may have different experiences that they come in with and say, hey, I would actually approach it this way, right, and that's where you really need to ask okay, why, tell me, why. Like John says, find out more, right, get as much information as possible, because you may be thinking about solving a problem one way, but someone on your team may have experience of solving it already a different way. So, just being able to communicate within the team, being able to listen, being able to communicate within the team, being able to listen, being able to give other people a chance to say why they think so and so should happen just being open to other perspectives. There's not just one way to skin a cat. Okay, there are multiple ways of doing something.

John: 48:45

So so gross. I don't know why this is saying, but yeah.

Steve: 48:49

Hey, it is what it is, um, and then just be be open to you, know, learn how to deescalate a situation right, and this goes again with just emotional intelligence, body language, just really getting to know yourself and really getting to know others within your team. All this plays a part and all this really builds a strong, strong team. And yeah, I mean, that's that's to me, that is pretty much it right. The ideal person comes in. They're always a team player. They speak up when they feel strongly about something, but they are also able to take a step back, listen to other opinions and then work together within the team to find the best solution for them, for their organization, and then move forward and then just let things slide off your shoulder. So, john, what do you think?

John: 49:41

Yeah, man, I think this really comes back to humility and being humble. If you are right, you always have the right answer. If you're waiting to be heard because you, you, you want them to to agree with you, um, and they don't know what they're talking about, you know everything, you know all these things, excuse me, stem from arrogance, ego. Hey, I'm. Do you know who I am? Do you know what I'm talking about? You know I'm security. You know I can say I can stop your, your thing. All that stuff comes from ego and in what you want is humility and humbleness, to be open to like. Maybe I'm wrong, maybe I'm completely off base here. This is what I'm thinking, this is what the the solution is, I think. But maybe I'm completely wrong and maybe you have a better answer, maybe you have a better solution to this. Maybe I should listen, shut up and listen, right. That's why your mom said you got two ears and one mouth.

John: 50:43

You do more listening to speaking, right and that comes to humility, if you're not just listening to be heard for your turn to speak, because you should be heard, versus, like you've said, active listening, like maybe there's a lesson here. This is all I'm preaching to myself, right? This is all good for everybody. I'm not. I don't have this solved, I'm not. You know, everybody's got an ego and there's a healthy ego and there's an ego that can get a little too needs, a little bit too big, and get a little too much out there Needs to get checked.

John: 51:15

Yeah, it needs to get checked. And if you want to get your ego checked, try jujitsu. Then you get tapped out left and right and you're like, all right, all right, okay, I get it. But for real, humility is really the cornerstone, which really builds on empathy, builds on teamwork, helping others, encouraging others. You be out of the me, me, me, mindset, Again. Ego to the. What can I do to help you? Is there something in my day that I can do to serve my team, to be a better servant for my team, for my leadership? I want my leader to look good. I want him to look good. If he looks good, then I'm doing my job right. All those things play into. It's not about me, it's about helping everybody else.

Steve: 51:59

Absolutely. I couldn't have said it better. There's no I in team people, no I in team. Anyways, all right.

Steve: 52:05

So, yeah, we talked about quickly what are some things you can do to help you get better, help you improve on some of these core skills. Now, for those of you that may be interested, what are some examples of some role-based soft skills for some certain positions? Right, so let's start off with a SOC analyst. So a SOC analyst must stay calm under pressure, right, dealing with an incident. We talked about this already.

Steve: 52:31

They have to be able to communicate clearly under pressure, right. They have to say, hey, I've identified this, I've done my investigation, this is legit and this is serious. We need to, like, sound the alarm. Also, collaborate within a team, teamwork, be able to work closely with others within the SOC, but also maybe a level above tier one, tier two, tier three, even management, leadership, supervisors, whatever it may be, and even third parties. Third parties come in, people you've never worked with before and you need to be able to work with them and provide them the information they need so they can do their forensics and help you and your organization figure exactly what happened and what's going on GRC. What are your thoughts there, john?

John: 53:15

Yeah, I mean. Perfect example of translating technical speak into a clear communication plan or policy or procedure or guidance. Oh, you know, what are we doing about AI? What are we doing? What do we recommend about password policies, all that stuff? It's very good example of using your communication skills to communicate in a way that is, maybe every applies to the whole organization, right? So somebody needs to be able to read your policy and understand that it applies to them. Here's what they need to do. Here's what they applies to them. Here's what they need to do. Here's what they need to know, here's what they need to not do. And here are the ramifications.

John: 53:56

And if you can't write in a clear, concise manner, it's not going to be good, right? Because you're bringing in all these parties. You've got legal, you've got comms, you've got HR, you've got comms, you've got HR, you've got all these groups, you've got the technical people, and so it's got to be something, that part of that practice of being able to write in a clear, concise way, and then you may have to go speak on that topic. Hey, we have a new policy, guess what? Let me tell you about this policy. Let me tell you what it's about. Let me tell you why we wrote it. Let me tell you what you need to know. So huge, huge piece of GRC Awesome.

Steve: 54:30

So pen testing, so for pen testers, you need to be able to write clearly again with communication right, need to have actionable reports. You are basically a very technical individual who has done a test on someone's organization, someone's environment and now you are presenting them with your findings. Well, not everybody's as technical as you and will understand what you have done or what you have found. And some of these reports don't just go to the security team, who may also be technical, but they go all the way up to leadership, who may not be technical at all. So you need to be able to translate that again communication and then just be respectful. You know, I've heard horror stories where there's some pen testers out there excuse me who just find all kinds of bad things and they are presenting it in a way where it's like, you know, you are kind of making that client, you know, kind of feel bad and just like not being very respectful. You need to be professional about that.

Steve: 55:30

You know, not everybody is able to secure the organization the best they can and you don't know what the issues may be. It may be made. They may be missing manpower, they may be missing support from leadership, they may be missing fine money, money to buy more tools, money to buy whatever it is. So just being respectful, empathy, putting yourself in their shoes because you don't know what they're going through, and then just being able to communicate again and just adapt to new tools, new solutions, new ways of finding out what's wrong, the gaps, the holes, vulnerability, but also defending your findings, being able to communicate again, communication, communicate what you, what you found, and defend why you think it is a risk and why you think it is a problem that they should pay attention to and potentially resolve. Now, security leadership, john. What are your thoughts there?

John: 56:26

Yeah well, I don't want to spoil it, but we're going to have a whole episode on leadership. But let me just put it this way. I'll tease it a little bit. The technical side is easy. You think learning all this technical stuff is the hard part. No, sir, no sir, says I. The technique, the people side, the soft skills that you need as a leader that's the hard part. Conflict resolution, encouragement, building your team, uh, prioritize and execute these are the pieces that are the hard part. Now you're getting to the tough stuff. Um, technical problems are man, that's, that's the easy stuff. When you look at your day, you're like what's stressing me out? Oh it's, it's my team's not getting along, or or we can't figure out what we need to do next, or we we need to. You know, I need somebody who's down on my team and they're just discouraged, those kinds of things. That's where you guys step it up. So we're going to go really deep into that and, um, I think the next episode or an upcoming episode at least.

Steve: 57:42

Yeah.

John: 57:43

All right, awesome, all right. So yeah, those were some, just some quick examples, role based examples on some soft skills that really matter for those positions. They multiply those skills and they really make you stand out. Our argument is that you should consider not just working on your technical stuff. You should really spend time and energy into how do I get better at all these things we talked about, and there are skills you can get better. You know I've definitely increased and improved in these skills over the years Still getting better, still more to come. And especially with leadership, you shift more from the technical focus to the soft skills. That's really where you shift a lot of your focus on skill sets to improve. So, no, yeah, it's super important. We want to make sure it's on your radar. We've got a lot to talk about this season and further about soft skills awesome.

Steve: 58:37

Um, we kind of teased about the networking course. You want to tell our listeners a little bit about that, john?

John: 58:45

yeah, you know, we we see this definitely when we talk to individuals, when we do mentorship and coaching, and it's tough, and it's a tough time right now Just connecting and trying to get in the door, get an interview, get in front of somebody. And we went down this with the Networking is King podcast episode that we really stressed how important this is and how important your network is. But but you know, I don't see a lot in there or out there about how do you get better at this, how do you improve again a skill? What does it mean? Like, I want to get better in building my network, and the way I say it is that you should treat this as is your job.

John: 59:27

Your job, if you're trying to find a land, a position, is not just to apply for for new roles and to send out a hundred resumes in a week. Your job should be how many connections am I making, how many relationships in my building? That's what's going to make the difference, especially today, is not just what you know, it's really who you know more. Really, especially right now, it's more who you know that you build that relationship with. So we dive into that in this course. We dive into tactics and techniques again that you can use to build your network and build a strong network and keep it going.

Steve: 1:00:08

Awesome, thank you. So if you are interested, check out the link in our description and to learn more, and if you have any questions, just shoot us a message directly. We'd be happy to talk about it with you in more detail and go from there. Also, I said this at the beginning, I'll say it again check out our swag shop for any cyber mentor swag, like this awesome polo I'm wearing. It just helps support us guys. It really does. We really appreciate it and we truly do mean it when we say we want to take over the world and go to all these conferences and see our gear out there being represented by our listeners. We appreciate it.

Steve: 1:00:43

So if you want to check some of that out also, the link will be in the description. But a call to action. So one thing we want to start doing this season and just moving forward is really putting a question out there to our listeners. We really care what you think. We really care and we want to hear from you. So, based off this episode, what is one soft skill that you want to get better at this year? Or what is a soft skill that you have already gotten better at this year and you want to tell us just leave us a comment. We'd love to hear it and talk about it some more so, yeah, maybe maybe we missed something.

John: 1:01:17

Maybe our list is hey, it's probably not complete. What, what are we missing? What is something that you see is super important, that is also in in the soft skill domain. So, yeah, let us, let us know.

Steve: 1:01:29

Yeah, let us know With that, as always. Thanks for tuning in, and if this episode has helped you, please just leave a comment below and until next time.

John: 1:01:40

Until next time. See ya. Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

Speaker 3: 1:01:59

Do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast, and follow us on LinkedIn. We'd love to hear from you. Until next time. I'm John Hoyt and I'm Steve Higuretta.

John: 1:02:16

Thank you for listening.