Cyber Security Soft Skills

I have done a lot of technical training over the years. No doubt, this has allowed me to pursue a career in Cyber Security. Recently, I’ve been trying to focus more on my soft skills. In my early days in this field, I never really thought too much about the non-technical side. Presentations, public speaking, writing, listening, communication, team work etc. I wrongly assumed these were just a given skill that you should have. But I can now see that it is important to focus on these as much as we focus on technical subjects. You can become better at presentations. You can become better at writing. You can become a better team player. You can become a better listener. So I have recently started to seek out training or practice soft skills. In my experience, here are some soft skills that will help you perform well in Cyber Security and probably other roles in IT too.

1. Reading
2. Writing
3. Listening
4. Communication
5. Team work
6. Studying

READING

As a Security Engineer, I do a lot of reading. I read vendor documentation when configuring systems, instructions, incident reports, intel reports, books, articles, the list goes on. Most of the reading I do is technical and, to be honest, it can be a pain sometimes. The key is to be able to get what you need from the material. There is often a lot of technical terms I may not be familiar with, or the writing style is difficult to make sense of. So I think reading is a skill that can be trained. It takes discipline to sit down, focus for a period of time to try and understand what you are reading. Especially when the material is “dry”. After I finished formal education I didn’t read a book for years. But I can see now that reading is a gift and a skill that can be developed. Reading can help you become a better writer. Reading can help you explain yourself better. Reading can help you reflect better. Reading doesn’t have to be technical reading. I’ve found recently that reading a good book can help me to slow down my thoughts and focus on what I am reading, it can help me escape a busy day.

WRITING

One of the reasons I have started writing blogs is to practice writing. Could be argued this is a technical skill. But writing well is a skill nonetheless. As an engineer, I need to be able to convey my thoughts, in writing, to all sorts of stakeholders; management, colleagues, vendors and customers. They are all different and have different consumer needs. Some need to know technical details, some need a well explained high level summary to make decisions.

LISTENING

This is a big one. Listening, giving a person your attention, taking in information. I am not a fan of multi tasking while on a work call. I understand some people can do it and find it necessary because of their work load. I simply cannot listen and multi task at the same time. My wife would strongly agree with me on this point.

COMMUNICATION

This is a bit generic but I am specifically talking about verbal communication here. Just like writing, I need to be able to talk about technical issues verbally with a variety of stakeholders. Teaching is a great way to improve verbal communication because you get instant feedback. Does your audience understand what you are saying?

TEAM WORK

When I first started working in a SOC, I was lost. I had just left university, no real world IT experience, looking at tonnes of alerts and nearly everyone including my manager left the company within 8 weeks of me joining. At one point I was the second most senior person on shift at a company with over 100,000 users and I didn’t even know what a PCAP is. Then a new guy joined, a cyber security wizard. He became a mentor without knowing. He was sharing everything he knew without hesitation. He explained things , challenged me on alerts, gave me great training material and generally taught me how to be a good team player in a SOC when alerts are flying in left right centre, there’s pressure and you still need to be a nice person at work and home. (Top Tip, get some IT experience before switching to Cyber Security. Help Desk is an amazing school.) Cyber Security is a team sport. You need to rely on your team mates and vice versa to get through the day. There is just too much to learn and do all by yourself.

STUDYING

After you leave school you are studying for a purpose and not simply to pass an exam. Unless you are a genius, and I have worked with one, you need to put in the work. One trick that works well for me, if I read a book from cover to cover and all the exercises, I generally can solve problems about the topic, that includes passing the exam. Of course, doing trumps book study so get hands on with issues. When I passed the CCNA exam a few years ago, I read the two Cisco Press books on CCNA by Wendel Odom cover to cover and I did all the labs. Nothing else. Some may argue the CCNA is easy. Good for you. It’s not a walk in the park. When I do SANS exams, I read all the material, do all the labs and make the index. Nothing else. Then I apply what I have learnt to my work problems. Again, studying in my opinion is a skill of focus and determination. I am currently reading The Web Application Hacker’s Handbook, 2nd edition, to help me with my work on AppSec. I’ve been told this is old but gold.

There are probably more I think of later. Will update this blog when I do.