May 4, 2022

Last Updated on January 15, 2024

In cybersecurity our focus is often on technology, processes and/or standards. We don’t talk that much about “people skills” or “soft skills,” aka emotional intelligence or EQ. The reasons are obvious. Most security professionals aren’t trained on those skills, nor are they measured on them. Soft skills are just not part of the job description, right?

Wrong. With the current cyber talent shortage, competing on the people front means collectively focusing on humans, how they function psychologically, and what they need to feel safe and happy in the workplace.

To share concrete, actionable steps that orgs and managers can take to attract and retain cybersecurity talent, Deidre Diamond, Founder and CEO at CyberSN, joined a recent episode of The Virtual CISO Podcast. John Verry, Pivot Point Security CISO and Managing Partner, hosts the show.

Towards an inclusive work environment and company culture

Deidre emphasizes that building strong teams and creating company cultures that foster diversity and talent retention starts with an inclusive work environment—one where people enjoy their work, respect each other and take concrete steps to succeed interpersonally.

Step #1 in Deidre’s 8-step process to build an inclusive work environment is creating emotionally intelligent managers. Emotional intelligence is the capacity to be aware of, control and appropriately express one’s emotions to handle interpersonal relationships empathically and thoughtfully.

“Today we work in teams more than we ever have, and it’s the fact that we’re working in teams at such a high level that makes us need to focus on this,” Deidre emphasizes. “If somebody is going to be in charge of somebody else’s career—which is what a manager is—then they need to be trained on EQ.”

People don’t leave companies, they leave managers

It’s commonplace to promote the most technically competent people to management roles in cybersecurity. Now suddenly that person needs a high EQ. Can we build our EQs? Or are we stuck with what we have?

Fortunately, EQ can continue to grow throughout our lives. Unlike IQ, which is believed to peak when our brain maturation is complete sometime in our twenties.

“The question to ask when promoting someone to manager is: do they want to care for others?” Deidre advises. “Because then they’ll be motivated to learn skills like win-win communication, listening skills, time management, making and managing measurable agreements…”

If you tell a potential management prospect, “You’re responsible for these peoples’ careers being successful or not,” would they still want the job? That’s a serious question. But often promotions come with increased pay and status, which many people want very much. So, building and measuring EQ needs to be baked in, not sprinkled on top at the end.

It starts with job descriptions

For roles that involve managing others, does the job description place enough emphasis on the talent management/development component of the role? To create a more inclusive and diverse culture, managers need to be measured on their ability to grow their team as much or more than their subject matter expertise.

Deidre and CyberSN take this very seriously. For example, when you make a job description for a management role in the CyberSN platform, you’ll be prompted to allocate time for managing people: career mapping, reviews, and so on. Allocating time concretely reflects that the company values its managers spending time with people.

What’s next?

Click this link to hear the episode with Deidre Diamond, Founder/CEO at CyberSN.

Want more tips on retaining cybersecurity talent? Here’s a blog post you’ll appreciate: Top 10 Tips to Retain Security Talent (and Only #1 Matters)

Need answers regarding ISO 27001 certification requirements?

Learn about the audits you will face to achieve and maintain certification, what's involved, and the cost you can expect to pay to achieve and maintain certification.
Download our NEW ISO Certification and Cost Guide now!