Honing your security manager soft skills on the job | Guest Cicero Chimbanda

The IT and cybersecurity job market is thriving. The Bureau of Labor Statistics predicts 377,500 new IT jobs annually. You need skill and hustle to obtain these jobs, of course, but the good news is that cybersecurity professionals can look forward to extremely competitive salaries. That's why InfoSec has leveraged 20 years of industry experience, drawing from multiple sources, to give you, cyberwork listeners, an analysis of the most popular and top-paying industry certifications. You can use it to navigate your way to a good-paying cybersecurity career. So to get your free copy of our Cybersecurity Salary Guide eBook, just click the link in the description below. It's right there near the top, just below me. You can't miss it. Click the link in the description and download our free Cybersecurity Salary guide ebook. Your cybersecurity journey starts here Now.

Let's get the show started Today on Cyber Work Hacks. My guest InfoSec Skills author, cicero Chimbanda, gives us a hack involving the role of cybersecurity manager. It's one thing to study security management techniques academically, but how do you develop your security manager skills on the job Now? Ciceroero has a lot of insights and we talk a bit about the importance of rapport and understanding between different generations of security professionals, among many other topics. That's all today on this Cyber Work Hack. Hello and welcome to a new episode of Cyber Work Hacks.

The purpose of this spinoff of our popular Cyber Work podcast is to take a single fundamental question and give you a quick, clear and actionable solution or a new insight into how to utilize InfoSec products and training to achieve your work and your career goals.

So for today's hack, I'm very pleased to welcome longtime friend and InfoSec instructor and collaborator, cicero Chimbanda. Now I like having Cicero back for this series of hacks for security managers and the security managers of the future, because today we're going to be talking about some of the ways that you can hone your cybersecurity manager soft skills every day, and this is something we talk about on the main feed podcast all the time. Everyone needs soft skills, and we say soft skills and don't just think about it when you're polishing your resume. You got to be practicing them all the time. So we're obviously enthusiastic for studying and constant learning on the tech side and the importance of security certifications, but today we're going to talk about the continuous quest to evolve as a security manager, and not just continuous one. So, as always, cicero, thank you for joining me today on CyberWorkX.

Thank you, Chris, for having me.

All right. So, cicero, let's talk out the concept of cybersecurity soft skills. What are the soft skills that are most necessary to do the job of a cybersecurity manager well?

Yeah, so thanks for the question. Thanks again for having me. I think, chris, me, I think, chris, we use a framework called STS and it's strategic trust and stability. And I always like to start with the strategic side, thinking big picture first, whenever you're thinking about your soft skills, really understanding your industry, right? So, whatever industry you're in or going to be going into, I think understanding that is of the utmost. Then also understanding the corporate culture or company that you're working with. I think that's always a good place to start, because then you're making it more relevant to the strategy of your company. For example, understanding what your board and stakeholders think. You know. I think that's good, right, so you're knowing your audience, the budget, right, cost, p&l, profit and loss.

Understanding some of those concepts you know, you would think, as a cybersecurity source, you know why would I need? No, that is of the utmost importance, because it adds relevance. Then the other two would be, obviously, understanding the rules of the road. That's the regulatory obligation. You need to understand why because there are fees associated to it, reputational damage you want to protect your brand. Protecting your brand is important. And then, lastly, which is equally important, right, we don't want to downplay it. And that is your operational technical skillset right. You do need to be relevant in your skillset, understanding what the latest tools are, what the latest you know, protection and threat as well, why you need to protect your data systems, your people, you need to protect your people and you need to be reliable. So those are the things I would say.

Yeah, yeah, I think that's worth noting that a good manager isn't, you know, siloed against the rest of, uh, the board or the people they're reporting to, that you have to know their notions of, uh, you know, finance and and sort of the sort of monetary risk and reward of of various things, because it it I think it it probably bolsters your arguments when you're asking for new tools or more money or more resources or additional people or whatnot, is that you have to show that you're not just thinking from a security standpoint but you're thinking from, like, a whole business standpoint.

I was at a round table, chris, not too long ago, a couple of weeks ago and a gentleman made a very good point. He says you know your board or the audience, when you're talking to those who approve, or you know your budgets. Everyone is different and everyone when they're going to those meetings, they're thinking about not your projects, they're thinking about their projects. They're thinking about what they need to deliver and the last thing they need is somebody who is either going to be a distractor or a prohibitor of them achieving their goals. So when you're going in there, a lot of homework has to be done to understand who your audience, what is it that motivates them? You know, kind of you know. You have to be a psychologist in a way. That's what he was talking about, which made a lot of sense.

Yeah, yeah, no, absolutely, and I think it does. It gets you away from the whole sort of reputation of being the department of no or the department of you know. Like you said, if you come in and they have this thing that they think is all great and then you tell them I have 10 reasons why that's not going to work, they're going to be more likely to you know, listen to those if you know you're coming at them from a place of their own language. I suppose Now the STS system is that specific to cybersecurity or is that more of a general management?

framework. It's a hybrid. It was taken from a business model and we just made it relevant to the cybersecurity, because, really, cybersecurity, we want to be relevant, we want to be an enabler with minimizing risk. Right, it's really a risk framework and so mitigating risk, minimizing risk, understanding risk, educating risk. So that's where that comes from.

Gotcha. Now Cicero, as I mentioned at the top of the show, has created a learning path within our InfoSec skills platform to help hone your soft skills and become a great cybersecurity manager. Now can you tell us what types of topics will users learn from your course of study? Yeah, thank, you.

I'd love to talk about this. You know this is a part two. I did one on managers and leadership, but then I wanted to hone in on the soft skills. So one of them is underneath the security side strategic security. We talk about governance. What are some topics that are really important in terms of governance? And we actually flip that governance upside down, which I love. Typically, you think of a triangle top down. This is really a bottom up servant leadership type model.

The second thing your ethical principles. I think business ethics is a major component on the business platforms when you're taking your MBA. Ethical principles. So we'll talk a lot about ethical principles in cybersecurity doing the right thing for the right reasons, thinking of long-term, not thinking just transactional, immediate right. We tend to be let's fix things now, no, let's do the things that will last long. So that's the ethical principle we're talking about. And then, lastly, which I love, in the stability, we'll talk a lot about predictive analysis. So we have tools such as AI. How can we use that to help us predict? So we're not being reactive or proactive.

Yeah, fantastic. Now I want to move that into sort of the day-to-day, because you know, beyond the formal learning environment, I know, with regards to skills platforms or especially with a boot camp or so forth, you sort of keep improving their soft skills on the job. It's one thing, and very important thing, to be learning these management concepts in this sort of skills environment, but do you have any advice for practically sort of applying that from week to week?

Yes, you know, this actually just came up recently. We had an incident in the workplace where, you know, an intern unfortunately had some health problems at work. I bring this up just because part of being a manager or just being an employee, is really being aware of what's around, conscious about what's going around around yourself, and that's socially conscious. We are responders. You know, part of being a cybersecurity professional, you're responding to risk and you're you're minimizing risk. So in order to be a great responder, you need to be to know what's relevant around you.

Be relevant what do I mean specifically? You know we got a new generation of of employees. So, understanding you know the different demographics and generations. So we're talking about. You know where the younger generation generation we were talking about. You know where the younger generation generation, the millennials some of them, you know, talking on the phone, talking face to face, gives them anxiety. You know they don't emails, they're more into the social media video. So what I mean by this is really improving your soft skills on the job by understanding generational gaps and learning from the generation. There's also other conscious, like environmental conscious, political culture. So reading and being relevant and understanding those, that will help contextualize a lot of the things that we do in our workforce and be more relevant so that we can add value.

Yeah, I think that's so important, and especially as you have managers who have been in the business for decades and they feel maybe a little put out that younger generations aren't as comfortable on the phone or face-to-face contact and think, oh, there must be a sort of failing here, while neglecting the fact that a lot of people of their generation and older had a lot of, you know, were given a wide berth when new technology had to come along.

And I don't want to use email and I'm afraid of this spreadsheet I don't want to use, you know, my old computer, like there's lots and lots of ways that over the years that people have been given special dispensation in a way that still allowed them to be valuable members of the team.

So I think those are some really great pieces of advice and a really good example of why, you know, it's important not to sort of shut off entire groups of people because of what you see is, you know, slights or issues or whatever. So, cicero, as we wrap up this episode today, you know I think we're I've been sort of circling around it, but you know, one of the things that we talk about, especially with skills learning and sort of kickstarting your career, is that feeling of taking stock of yourself and saying I haven't really done much with myself in a while. I may have gotten let my skills get a little dusty. So can you talk about what's the most common mistake that security managers make when it comes to letting their soft skills atrophy a little bit, and do you have a tip for them to returning to robust soft skill self-development?

Yeah, I think you know, just following up from the previous question, going back to the younger generation, I think that's a tapping that we need to continue to do, you know, especially as managers. You know trying new things, you know we can't be closed. I can't be closed. You know, I have a teenage daughter who's in college now Actually, a teenage daughter who's in college now. Actually, she's a teenage now, she's a freshman in college and so I have to be able to understand their generation, learn self-improve, be willing to get feedback from different people, even how to dress right, how to approach yourself right. I'm more traditional and conscious as I'm dressed now, but a lot of young folks they think you're either going to a funeral, a wedding uh, if you're dressed the way, I am or they're gonna fire you, yeah, fire you right you have an interview.

You have an interview, you know, you know dressing down the whole concept of formal. It's different amongst the generation but at the same time not losing our roots losing our foundation. We have to keep the things that keep the strong roots and foundation in principles. So I think those are two balanced beams that we need to do.

Awesome advice all around, so I think we'll leave it there today. Cicero Chimbanda, thank you so much for your insights today on Cyborg Hacks and, as always, thank you everyone at home who is watching this episode. If you enjoyed this video and felt that it helped you, please share it with your colleagues, any forums you're on and on your social media accounts, and please like this video and subscribe to our podcast feed and YouTube page. You can type in CyberWorks, infosec on any of those places and we'll pop right up just like magic. So there's plenty more to come for learners of all levels, including some more, cicero Chimbanda, in your life here. So if you have any topics that you want us to cover across any spectrum of cybersecurity, drop them in the comments and we will listen to them.

So until next time, thank you for listening and happy learning to them. So until next time. Thank you for listening and happy learning. Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12 most in-demand cybersecurity roles. I asked experts working in the field how to get hired and how to do the work of these security roles so you can choose your study with confidence. I'll see you there.