The IT and cybersecurity job market is thriving . The Bureau of Labor Statistics predicts 377,500 new IT jobs annually . You need skill and hustle to obtain these jobs , of course , but the good news is that cybersecurity professionals can look forward to extremely competitive salaries .
That's why InfoSec has leveraged 20 years of industry experience , drawing from multiple sources , to give you , cyberwork listeners , an analysis of the most popular and top-paying industry certifications . You can use it to navigate your way to a good-paying cybersecurity career .
So to get your free copy of our Cybersecurity Salary Guide eBook , just click the link in the description below . It's right there near the top , just below me . You can't miss it . Click the link in the description and download our free Cybersecurity Salary guide ebook . Your cybersecurity journey starts here Now . Let's get the show started Today on Cyber Work Hacks .
My guest InfoSec Skills author , cicero Chimbanda , gives us a hack involving the role of cybersecurity manager . It's one thing to study security management techniques academically , but how do you develop your security manager skills on the job Now ?
Ciceroero has a lot of insights and we talk a bit about the importance of rapport and understanding between different generations of security professionals , among many other topics . That's all today on this Cyber Work Hack . Hello and welcome to a new episode of Cyber Work Hacks .
The purpose of this spinoff of our popular Cyber Work podcast is to take a single fundamental question and give you a quick , clear and actionable solution or a new insight into how to utilize InfoSec products and training to achieve your work and your career goals .
So for today's hack , I'm very pleased to welcome longtime friend and InfoSec instructor and collaborator , cicero Chimbanda .
Now I like having Cicero back for this series of hacks for security managers and the security managers of the future , because today we're going to be talking about some of the ways that you can hone your cybersecurity manager soft skills every day , and this is something we talk about on the main feed podcast all the time .
Everyone needs soft skills , and we say soft skills and don't just think about it when you're polishing your resume . You got to be practicing them all the time .
So we're obviously enthusiastic for studying and constant learning on the tech side and the importance of security certifications , but today we're going to talk about the continuous quest to evolve as a security manager , and not just continuous one . So , as always , cicero , thank you for joining me today on CyberWorkX .
Thank you , Chris , for having me .
All right . So , cicero , let's talk out the concept of cybersecurity soft skills . What are the soft skills that are most necessary to do the job of a cybersecurity manager well ?
Yeah , so thanks for the question . Thanks again for having me . I think , chris , me , I think , chris , we use a framework called STS and it's strategic trust and stability . And I always like to start with the strategic side , thinking big picture first , whenever you're thinking about your soft skills , really understanding your industry , right ?
So , whatever industry you're in or going to be going into , I think understanding that is of the utmost . Then also understanding the corporate culture or company that you're working with . I think that's always a good place to start , because then you're making it more relevant to the strategy of your company .
For example , understanding what your board and stakeholders think . You know . I think that's good , right , so you're knowing your audience , the budget , right , cost , p&l , profit and loss . Understanding some of those concepts you know , you would think , as a cybersecurity source , you know why would I need ?
No , that is of the utmost importance , because it adds relevance . Then the other two would be , obviously , understanding the rules of the road . That's the regulatory obligation . You need to understand why because there are fees associated to it , reputational damage you want to protect your brand . Protecting your brand is important .
And then , lastly , which is equally important , right , we don't want to downplay it . And that is your operational technical skillset right .
You do need to be relevant in your skillset , understanding what the latest tools are , what the latest you know , protection and threat as well , why you need to protect your data systems , your people , you need to protect your people and you need to be reliable . So those are the things I would say .
Yeah , yeah , I think that's worth noting that a good manager isn't , you know , siloed against the rest of , uh , the board or the people they're reporting to , that you have to know their notions of , uh , you know , finance and and sort of the sort of monetary risk and reward of of various things , because it it I think it it probably bolsters your arguments when
you're asking for new tools or more money or more resources or additional people or whatnot , is that you have to show that you're not just thinking from a security standpoint but you're thinking from , like , a whole business standpoint .
I was at a round table , chris , not too long ago , a couple of weeks ago and a gentleman made a very good point . He says you know your board or the audience , when you're talking to those who approve , or you know your budgets .
Everyone is different and everyone when they're going to those meetings , they're thinking about not your projects , they're thinking about their projects . They're thinking about what they need to deliver and the last thing they need is somebody who is either going to be a distractor or a prohibitor of them achieving their goals .
So when you're going in there , a lot of homework has to be done to understand who your audience , what is it that motivates them ? You know , kind of you know . You have to be a psychologist in a way . That's what he was talking about , which made a lot of sense .
Yeah , yeah , no , absolutely , and I think it does . It gets you away from the whole sort of reputation of being the department of no or the department of you know .
Like you said , if you come in and they have this thing that they think is all great and then you tell them I have 10 reasons why that's not going to work , they're going to be more likely to you know , listen to those if you know you're coming at them from a place of their own language .
I suppose Now the STS system is that specific to cybersecurity or is that more of a general management ?
framework . It's a hybrid . It was taken from a business model and we just made it relevant to the cybersecurity , because , really , cybersecurity , we want to be relevant , we want to be an enabler with minimizing risk . Right , it's really a risk framework and so mitigating risk , minimizing risk , understanding risk , educating risk . So that's where that comes from .
Gotcha . Now Cicero , as I mentioned at the top of the show , has created a learning path within our InfoSec skills platform to help hone your soft skills and become a great cybersecurity manager . Now can you tell us what types of topics will users learn from your course of study ? Yeah , thank , you .
I'd love to talk about this . You know this is a part two . I did one on managers and leadership , but then I wanted to hone in on the soft skills . So one of them is underneath the security side strategic security . We talk about governance . What are some topics that are really important in terms of governance ?
And we actually flip that governance upside down , which I love . Typically , you think of a triangle top down . This is really a bottom up servant leadership type model . The second thing your ethical principles . I think business ethics is a major component on the business platforms when you're taking your MBA . Ethical principles .
So we'll talk a lot about ethical principles in cybersecurity doing the right thing for the right reasons , thinking of long-term , not thinking just transactional , immediate right . We tend to be let's fix things now , no , let's do the things that will last long . So that's the ethical principle we're talking about .
And then , lastly , which I love , in the stability , we'll talk a lot about predictive analysis . So we have tools such as AI . How can we use that to help us predict ? So we're not being reactive or proactive .
Yeah , fantastic . Now I want to move that into sort of the day-to-day , because you know , beyond the formal learning environment , I know , with regards to skills platforms or especially with a boot camp or so forth , you sort of keep improving their soft skills on the job .
It's one thing , and very important thing , to be learning these management concepts in this sort of skills environment , but do you have any advice for practically sort of applying that from week to week ?
Yes , you know , this actually just came up recently . We had an incident in the workplace where , you know , an intern unfortunately had some health problems at work . I bring this up just because part of being a manager or just being an employee , is really being aware of what's around , conscious about what's going around around yourself , and that's socially conscious .
We are responders . You know , part of being a cybersecurity professional , you're responding to risk and you're you're minimizing risk . So in order to be a great responder , you need to be to know what's relevant around you . Be relevant what do I mean specifically ? You know we got a new generation of of employees .
So , understanding you know the different demographics and generations . So we're talking about . You know where the younger generation generation we were talking about . You know where the younger generation generation , the millennials some of them , you know , talking on the phone , talking face to face , gives them anxiety .
You know they don't emails , they're more into the social media video . So what I mean by this is really improving your soft skills on the job by understanding generational gaps and learning from the generation . There's also other conscious , like environmental conscious , political culture .
So reading and being relevant and understanding those , that will help contextualize a lot of the things that we do in our workforce and be more relevant so that we can add value .
Yeah , I think that's so important , and especially as you have managers who have been in the business for decades and they feel maybe a little put out that younger generations aren't as comfortable on the phone or face-to-face contact and think , oh , there must be a sort of failing here , while neglecting the fact that a lot of people of their generation and older
had a lot of , you know , were given a wide berth when new technology had to come along .
And I don't want to use email and I'm afraid of this spreadsheet I don't want to use , you know , my old computer , like there's lots and lots of ways that over the years that people have been given special dispensation in a way that still allowed them to be valuable members of the team .
So I think those are some really great pieces of advice and a really good example of why , you know , it's important not to sort of shut off entire groups of people because of what you see is , you know , slights or issues or whatever .
So , cicero , as we wrap up this episode today , you know I think we're I've been sort of circling around it , but you know , one of the things that we talk about , especially with skills learning and sort of kickstarting your career , is that feeling of taking stock of yourself and saying I haven't really done much with myself in a while .
I may have gotten let my skills get a little dusty . So can you talk about what's the most common mistake that security managers make when it comes to letting their soft skills atrophy a little bit , and do you have a tip for them to returning to robust soft skill self-development ?
Yeah , I think you know , just following up from the previous question , going back to the younger generation , I think that's a tapping that we need to continue to do , you know , especially as managers . You know trying new things , you know we can't be closed . I can't be closed .
You know , I have a teenage daughter who's in college now Actually , a teenage daughter who's in college now . Actually , she's a teenage now , she's a freshman in college and so I have to be able to understand their generation , learn self-improve , be willing to get feedback from different people , even how to dress right , how to approach yourself right .
I'm more traditional and conscious as I'm dressed now , but a lot of young folks they think you're either going to a funeral , a wedding uh , if you're dressed the way , I am or they're gonna fire you , yeah , fire you right you have an interview . You have an interview , you know , you know dressing down the whole concept of formal .
It's different amongst the generation but at the same time not losing our roots losing our foundation . We have to keep the things that keep the strong roots and foundation in principles . So I think those are two balanced beams that we need to do .
Awesome advice all around , so I think we'll leave it there today . Cicero Chimbanda , thank you so much for your insights today on Cyborg Hacks and , as always , thank you everyone at home who is watching this episode .
If you enjoyed this video and felt that it helped you , please share it with your colleagues , any forums you're on and on your social media accounts , and please like this video and subscribe to our podcast feed and YouTube page . You can type in CyberWorks , infosec on any of those places and we'll pop right up just like magic .
So there's plenty more to come for learners of all levels , including some more , cicero Chimbanda , in your life here . So if you have any topics that you want us to cover across any spectrum of cybersecurity , drop them in the comments and we will listen to them . So until next time , thank you for listening and happy learning to them . So until next time .
Thank you for listening and happy learning . Hey , if you're worried about choosing the right cybersecurity career , click here to see the 12 most in-demand cybersecurity roles . I asked experts working in the field how to get hired and how to do the work of these security roles so you can choose your study with confidence . I'll see you there .