As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team.

But Jim was especially valuable when I needed help with other developers — especially Bill, who was brilliant but not very good at communicating with anyone else in the office. Simply put, Jim was a leader. And he bridged the gap between technical and non-technical staff better than anyone I had ever met. If I was really struggling to get information from Bill or figuring out what he needed to deliver a component, I would ask Jim for help. And usually, with just a quick conversation, he could help me translate Bill’s technical needs into project manager speak.

Working with others is key in cybersecurity

As collaboration in the workplace becomes more important than ever before, companies are increasingly looking to hire people like Jim over Bill. According to a survey of tech industry workers by Reign, 76% of managers thought soft skills were more important for success in tech jobs compared to 44.9% who said tech skills mattered most. Even more interesting, tech employees felt the same way. Employees (72%) ranked soft skills as most important, with 42% believing tech skills were more valuable.

When hiring for a cybersecurity position or looking for a job, it’s easy to focus on technical expertise. But I think it’s time to start thinking of technical expertise as the baseline requirement for a position. Soft skills should then be the reason you hire a specific tech employee over another once the expertise is relatively equal.

Yes, technical skills are a must for those working in cybersecurity. That’s a given. But even the most brilliant cybersecurity expert in the universe isn’t going to be very effective if they can’t share their expertise with others. And their brilliance can only go so far if they can’t collaborate with others who bring different skills to the table to create an innovative product or service.

Overall, a team member with poor people skills holds the team back and makes it very challenging to function as a high-performing unit.

Soft skills are more important with hybrid work

With the increase in hybrid work, soft skills are even more important than they used to be. According to McKinsey’s 2022 American Opportunity Survey, 58 percent of Americans can work from home at least one day a week, with 35 percent able to work fully remotely.

When everyone was in the office, it was possible to get by with mediocre soft skills. But working with people virtually requires a higher level of communication and collaboration. And the opportunity for miscommunication and frustration is even higher when working with others solely through video and email.

Team members must communicate proactively, such as when they make a change to a feature or spot a potential risk. In the past, you might remember to tell someone about an issue because you passed them in the hallway or saw them in the breakroom. But now, cybersecurity professionals must take the step to let everyone know about issues and changes without the visual reminder of seeing them in the office. While collaboration software helps, cybersecurity professionals must still proactively reach out.

Assessing people skills during the hiring process

The cybersecurity industry has evolved in its assessment of tech skills, with many companies now using certifications and badging for hiring. Even with a spectrum of expertise for tools and skills, assessing tech skills is relatively black and white. Either someone has them or they don’t.

But soft skills are harder to assess. Doing so is relatively new, and it feels a bit uncomfortable. Making it even more challenging is that these skills can be very subjective. I thought one of the developers on my team was a poor communicator, but both Jim and Bill felt differently. Here are some ways to make assessing soft skills more accurate:

  • Include a range of roles in the interview process. Many organizations have applicants talk to employees with cybersecurity expertise, which is important. However, also have candidates talk to people who they will be working with on a day-to-day basis. For example, if the role involves collaborating with marketing and sales, include these roles in the interview process.
  • Create a list of soft skills to evaluate for each position. Talk to employees in that role and the people they work with closely to determine which people skills are most important.
  • Have interviewers use a scale for ranking skill levels. It’s hard to say whether or not someone is a good communicator in a yes or no question. But by using a numbered scale, interviewers can compare candidates and feel more comfortable with the evaluation.
  • Ask questions that highlight soft skills. If you only ask technical questions during the process, you have a lower ability to evaluate their people skills. Try asking about a time when a candidate disagreed with a coworker, or what they did the last time they were working on a project that ran behind schedule.

Collaboration builds success

Teams that work well together are typically the most successful. By hiring employees who can skillfully collaborate, you set up your team for success. And if Jim ever applies for a job with you, be sure to hire him. He’s awesome.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today