Curiosity, analytical thinking, adaptability — there are dozens of soft skills nontechnical people bring to cybersecurity. While technical skills are, of course, important and cybersecurity pros need to know the tools of the trade and the latest threats, nontechnical skills also play a role in stopping hackers and securing networks.
“I think women, even men, are afraid they can’t do tech because they don’t know computer science,” said Lysa Myers, security researcher for ESET, vice chair of CompTIA's IT Security Community and a member of CompTIA’s Advancing Women in Technology Community (AWIT). “You don’t have to have those skills going in – the tech you can learn. Having empathy is going to go a long way during a stressful break in. That’s when you need the most compassion – when things are getting scary.”
Myers was a florist before she changed careers to IT security and took a job at a security company when she got tired of the ebbs and flows of seasonal work. She worked her way up from technical editing to training new malware researchers.
Coming from a nontechnical background, she relied on her innate soft skills to get ahead:
- Attention to detail
- Communication
- Organization
She started learning IT security from the ground up, first editing technical documents for content and grammar, and then adding more technical skills as she started to understand the world of malware research.
“A suspected malware file would come in, and I’d look at it in a variety of ways to determine whether it was malicious or clean,” she said.
The job of malware researcher required identifying patterns and flagging unusual activity. Soft skills like being detailed-oriented and responsive plus having baseline computer skills helped Myers pivot her career to IT security.
Communication Skills in IT
Good communicators know how to get a point across, another skill that’s essential in good IT security. The high stakes of cybersecurity require clear communication and follow through, and this is an area where women often excel.
“I’ve known women in this industry who can be very frank, especially when they’re telling people what needs to happen,” Myers said. “I worked with one client and was very straightforward, telling them ‘You guys are doing it wrong, and here’s how you’re doing it wrong.’ After I left, the client said, ‘You have to bring her back, she’s the only person who tells it like it is.’ Bluntness can sometimes be taken really well, although not everywhere.”
Being able to talk to people is another unsung skill in cybersecurity. Social engineering is often used by hackers to break into systems and steal data, so those trying to protect data employ people to hack their own systems.
“Some types of penetration testers are paid to essentially break into offices using social engineering,” Myers said. Since social engineering consists of written messaging and relationship building, this is another area where soft skills come into play.
Diversity of Experience
Nontechnical people can learn how to spot suspicious activity as easily as anyone else – you don’t need a computer science degree to recognize phishing emails.
“We all have thousands of files on our phones or our desktops,” Myers said. “Once you start looking at enough of them, you start to see the patterns of things that are clean versus things that are sketchy.”
If only one segment of the population determines a company’s cybersecurity policy, things are going to get missed. Security needs diversity overall, and companies are looking for men and women who bring collaboration skills, communication, resiliency and emotional intelligence to the industry.
“If you’re able to see the bigger picture and not get stuck in the minutia, that’s critical,” Myers said.
Diversity goes beyond gender, too. IT security needs to tap into the experience of people in different geographies, socioeconomic backgrounds and abilities.
“A lot of the differences in people’s experiences are not intuitive,” Myers said. “By having all these different kinds of people, you build a product that works for more people, and that’s what security is about – protecting people.”
Learn how you can complement your soft skills like empathy, collaboration and communication with a cybersecurity certification from CompTIA. Hear more about Myers’ experience as a security researcher and her path to cybersecurity in this episode of the AWIT TechCast.
Michelle Lange is a writer and designer living in Chicago.