The critical competencies that drive security career success -Part II
Welcome back to this series, as we discussed earlier, becoming a high-performing security professional requires more than just technical expertise - strong soft skills are essential for success in the field. We highlighted the critical role that effective communication, strategic thinking, and business acumen play in cybersecurity success, even when dealing with complex security vulnerabilities and organizational challenges. Let's continue with the other 2 Competencies that have a disproportionate impact on your career: Organizational Awareness and Influence.
ORGANIZATIONAL AWARENESS
Organizational awareness is the ability to understand and navigate the internal dynamics, culture, structure, and decision-making processes within an organization. It involves recognizing formal and informal power structures, key stakeholders, and the influence of company values, norms, and relationships on how work gets done.
This is the soft skill I personally consider key, Developing organizational awareness as a Security Engineer in a software organization involves understanding the broader business context, recognizing the interplay between different departments, and aligning security practices with the organization's overall goals and objectives. Here are some strategies and recommendations you can develop to foster this awareness:
| Strategies and recommendations | Link to resources and examples |
|---|---|
| Learn the Business: Start by gaining a deep understanding of your organization's business model, products, services, and customer base. This knowledge will help you appreciate how security measures impact the organization as a whole. | Company Vision, Mission, Plans, Painted Picture. Understand the most important metrics of the company. |
| Understand the ways of working: Start by learning how the company set objectives, and what is the planning cadence, cycles, opportunities to review initiatives, dependencies. This will let you understand when you can influence initiatives early on, and have visibility of what is coming next. | Planning tool used in the company (Jira/Clickup/etc), Company roadmap. |
| Attend Company-wide Meetings: Make it a point to attend town halls, strategy sessions, and other company-wide meetings. These gatherings can offer valuable insights into the organization's strategic direction, priorities, and challenges.. | All-hands, Fireside chats, etc. Any company event or session that is used for company wide changes, updates, etc. |
| Monitor Internal Communications: Pay attention to internal communications, such as newsletters, intranet posts, and announcements. These sources can provide updates on organizational changes, achievements, and strategic initiatives. | Keep an eye on the relevant Slack/team channels and emails used in your company for wide comms. |
| Understand Departmental Roles and Needs: Familiarize yourself with the roles, objectives, and challenges of different departments within your organization. Knowing how each department contributes to the organization's success and their specific security needs can enhance your ability to provide relevant, efficient service. | There are different tools to represent Org. Charts with people and responsabilities. Find the one used in your company and use it as reference to understand where each people you work with sits. |
| Build a Network Across Streams/functions/teams/orgs: Cultivate relationships with colleagues in various parts of the organization. Networking helps you gain insights into the broader business operations and builds bridges that can be invaluable for collaborative problem-solving. | Join champions channel and programs. Attend office events, celebrations, etc. |
| Stay Informed About Industry and Market Trends: Keep up with developments in your industry, including regulatory changes, emerging threats, and best practices in security. This external awareness complements your internal knowledge and helps you anticipate needs that may arise from changes in the business environment. | Different industries, have different websites or reports that are relevant to monitor. This is about the industry your business is on, like Technology, health, Finance. |
| Seek Feedback and Advice: Regularly seek feedback from stakeholders across the organization on how security measures affect their work, or what support they need. Be open to suggestions on how to improve service delivery and align it more closely with business needs. Continous feedback is better than waiting to performance cycle, when everyone is busy and far from the situation you need feedback on. | This can be done with Surveys, or 1:1. Find if your company has Mentoring and coaching programs, and sign up for it. |
| Engage in Continuous Learning: Pursue opportunities for professional development that broaden your understanding of business operations, strategy, and financial management. Courses, workshops, and certifications can provide valuable skills and knowledge that enhance your organizational awareness. | Leverage company provided resources, many companies offer access to Udemy, Linkedin Learning, etc. If company has a training budget explore what platform is the right one for your needs. |
| Contribute to Organizational Knowledge: Share your security insights and knowledge with the rest of the organization through presentations, workshops, or articles for the company newsletter. Educating others about security can also deepen your understanding of how it fits into the broader business context. | If the company has an internal blog you can contribute creating an article to showcase progress or share awareness on an specific topic. You can also share in All hands. |
| Volunteer for Organizational Initiatives: Get involved in committees or initiatives that address broader organizational goals, such as sustainability, diversity and inclusion, or community outreach. These activities can provide a different perspective on the organization's values and priorities. | Hackathons, Office events, parties are good candidates for this. Volunteer for working groups. |
Thinking time
- Who are your key allies in other departments?
- How well do you understand your organization's strategic priorities for this year?
- Can you name the key initiatives of other departments that might need security support?
- How often do you participate in cross-functional meetings or initiatives?
- Who are your key allies in other departments?
By developing a strong sense of organizational awareness, you'll be better equipped to align your security efforts with the broader business objectives, ensuring that your work not only protects the organization but also supports its overall success.
INFLUENCE
What is Influence?
We can describe Influence as a skill is the ability to guide, persuade, or inspire others to take action, adopt ideas, or support decisions without relying on formal authority or coercion. It's important this final clarification, as some people think about something negative when they hear "Influence", and relate it to "manipulation" these could be part of cultural differences.
It involves building trust, understanding others’ motivations, and effectively communicating ideas to shape outcomes and drive change.
To develop influence as a Security Engineer in a software organization, especially in the context of guiding or persuading others to change their opinions or plans, it's essential to combine technical expertise with interpersonal skills and strategic thinking. Some ways to achieve this is:
| Strategies and recommendations | Link to resources and examples |
|---|---|
| Build Credibility through Expertise: Deepen your knowledge in security-related areas to become the go-to person for security matters within your organization. Regularly updating your skills and staying abreast of the latest security trends and threats can enhance your credibility. | For latest threat landscape updates I recommend the following reports: - Verizon Data Breach Report - Google M-Trends Report |
| Understand Your Audience: Tailor your communication to the interests and concerns of your audience. For example, when discussing security matters with non-technical stakeholders, focus on the business impact of security risks and the value of proposed security measures in terms they can appreciate. | How to Build Better Business Relationships - HBR Article |
| Develop Empathy: Try to understand the perspectives and constraints of others. This understanding can help you present your arguments in a way that resonates with their values and priorities. | Empathy and Emotional Intelligence at Work - Course |
| Use Effective Communication Techniques: Simplify complex information into digestible and relatable insights. Avoid jargon when communicating with non-technical team members. Visual aids and real-world examples can also help make your case more compelling. | Talk Like TED by Carmine Gallo - Provides practical techniques for presenting complex information in engaging ways. Book |
| Build Relationships: Invest time in building strong relationships across the organization. Influence often comes from trust and rapport, which are developed over time through positive interactions. | How to Build Business Relationships - Harvard Business Review article |
| Showcase Success Stories: Demonstrate the positive impact of your security recommendations through case studies or examples of past successes. This can help others see the practical benefits of adopting your proposals. | Show and Tell: How Everybody Can Make Extraordinary Presentations by Dan Roam - Teaches how to create compelling narratives around technical successes (Book) |
| Leverage the Power of Persuasion: Apply principles of persuasion, such as highlighting the scarcity of resources (e.g., time in the face of a security threat) or the consensus (e.g., industry best practices or recommendations by respected authorities in security). | Influence: The Psychology of Persuasion" by Robert Cialdini - Book |
| Be Proactive: Anticipate potential security issues and propose solutions before problems arise. This proactive approach can help you steer discussions and plans in a direction you advocate. | 5 Ways Successful people are proactive at work - Forbes |
| Negotiate and Compromise: Sometimes, influencing others involves negotiation and finding a middle ground that addresses security concerns while accommodating other priorities. | "Getting to Yes" by Fisher and Ury Book “Never split the difference” Chris voss Book |
| Regularly share knowledge about security risks and best practices with your team and stakeholders. Educational initiatives can gradually shift the organization's culture to be more security-conscious, thereby making your influence efforts more effective over time. |
Thinking time
- When was the last time you successfully influenced a significant security change?
- How strong are your relationships with key stakeholders across the organization?
- How do you handle resistance to security initiatives?
- Can you describe a recent situation where you successfully gained buy-in for a security change?
By combining these strategies, a Security professional can effectively influence others in their organization, driving changes that enhance security posture without alienating key stakeholders. This approach balances technical acumen with the soft skills necessary to navigate organizational dynamics and effect change. There are many resources in here, but you can create a learning plan to develop this competency in the next year./quarter.
Conclusion
These core competencies - Business Results Orientation, Decision Making, Influence, and Organizational Awareness - form the foundation of high-performing security professionals. While technical skills remain important, developing these soft skills creates disproportionate impact on career growth and effectiveness. I would also like to highlight another key competence you need is "Learning Agility", there is too much to learn here and in any Cybersecurity career, so learning how to Learn is fundamental to develop the rest. 🤓
In short to develop these competencies:
- Start with self-assessment using the "Thinking Time" questions provided
- Choose 1-2 competencies to focus on initially
- Create a development plan using the strategies and resources outlined
- Seek regular feedback and adjust your approach
Remember that growth in these areas is iterative - focus on continuous improvement rather than perfection. The investment in developing these skills will pay dividends throughout your security career. 🚀