As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team.

But Jim was especially valuable when I needed help with other developers — especially Bill, who was brilliant but not very good at communicating with anyone else in the office. Simply put, Jim was a leader. And he bridged the gap between technical and non-technical staff better than anyone I had ever met. If I was really struggling to get information from Bill or figuring out what he needed to deliver a component, I would ask Jim for help. And usually, with just a quick conversation, he could help me translate Bill’s technical needs into project manager speak.

Working with others is key in cybersecurity

As collaboration in the workplace becomes more important than ever before, companies are increasingly looking to hire people like Jim over Bill. According to a survey of tech industry workers by Reign, 76% of managers thought soft skills were more important for success in tech jobs compared to 44.9% who said tech skills mattered most. Even more interesting, tech employees felt the same way. Employees (72%) ranked soft skills as most important, with 42% believing tech skills were more valuable.

When hiring for a cybersecurity position or looking for a job, it’s easy to focus on technical expertise. But I think it’s time to start thinking of technical expertise as the baseline requirement for a position. Soft skills should then be the reason you hire a specific tech employee over another once the expertise is relatively equal.

Yes, technical skills are a must for those working in cybersecurity. That’s a given. But even the most brilliant cybersecurity expert in the universe isn’t going to be very effective if they can’t share their expertise with others. And their brilliance can only go so far if they can’t collaborate with others who bring different skills to the table to create an innovative product or service.

Overall, a team member with poor people skills holds the team back and makes it very challenging to function as a high-performing unit.

Soft skills are more important with hybrid work

With the increase in hybrid work, soft skills are even more important than they used to be. According to McKinsey’s 2022 American Opportunity Survey, 58 percent of Americans can work from home at least one day a week, with 35 percent able to work fully remotely.

When everyone was in the office, it was possible to get by with mediocre soft skills. But working with people virtually requires a higher level of communication and collaboration. And the opportunity for miscommunication and frustration is even higher when working with others solely through video and email.

Team members must communicate proactively, such as when they make a change to a feature or spot a potential risk. In the past, you might remember to tell someone about an issue because you passed them in the hallway or saw them in the breakroom. But now, cybersecurity professionals must take the step to let everyone know about issues and changes without the visual reminder of seeing them in the office. While collaboration software helps, cybersecurity professionals must still proactively reach out.

Assessing people skills during the hiring process

The cybersecurity industry has evolved in its assessment of tech skills, with many companies now using certifications and badging for hiring. Even with a spectrum of expertise for tools and skills, assessing tech skills is relatively black and white. Either someone has them or they don’t.

But soft skills are harder to assess. Doing so is relatively new, and it feels a bit uncomfortable. Making it even more challenging is that these skills can be very subjective. I thought one of the developers on my team was a poor communicator, but both Jim and Bill felt differently. Here are some ways to make assessing soft skills more accurate:

  • Include a range of roles in the interview process. Many organizations have applicants talk to employees with cybersecurity expertise, which is important. However, also have candidates talk to people who they will be working with on a day-to-day basis. For example, if the role involves collaborating with marketing and sales, include these roles in the interview process.
  • Create a list of soft skills to evaluate for each position. Talk to employees in that role and the people they work with closely to determine which people skills are most important.
  • Have interviewers use a scale for ranking skill levels. It’s hard to say whether or not someone is a good communicator in a yes or no question. But by using a numbered scale, interviewers can compare candidates and feel more comfortable with the evaluation.
  • Ask questions that highlight soft skills. If you only ask technical questions during the process, you have a lower ability to evaluate their people skills. Try asking about a time when a candidate disagreed with a coworker, or what they did the last time they were working on a project that ran behind schedule.

Collaboration builds success

Teams that work well together are typically the most successful. By hiring employees who can skillfully collaborate, you set up your team for success. And if Jim ever applies for a job with you, be sure to hire him. He’s awesome.

More from Intelligence & Analytics

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…