Professional development

5 soft skills you need to be a successful security pro

Rodika Tollefson
May 13, 2019 by
Rodika Tollefson

The pace of new cybersecurity professionals entering the field is not keeping up with the demand, and the talent gap has been growing wider in the last few years. Considering the dire need, you may think that a job in cybersecurity is guaranteed. But employers aren’t just looking for trained candidates with specialized technical skills — they want to see people skills, excellent communication and other “soft” skills.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Many cybersecurity education or training programs don’t teach soft skills, focusing instead on technical competence and proficiency. That means that if you want to succeed in this career, you may need to find ways to develop soft skills on your own and seek out opportunities that give you a more rounded experience.

The cybersecurity labor market

Currently estimated at nearly three million globally, the cybersecurity talent shortage is the highest in North America (at nearly 500,000 workers) according to the (ISC)2 annual Cybersecurity Workforce Study. In the United States, cybersecurity also has a much smaller supply of workers compared to other sectors. CyberSeek, an initiative funded by the private sector and the National Initiative for Cybersecurity Education (NICE), estimates the average supply-to-demand ratio in the industry at 2.3, compared to 5.8 for all jobs.

Cybersecurity workers are not only in high demand, they’re also paid well. A 2016 McAfee-sponsored report by the Center for Strategic and International Studies (CSIC) found that U.S. cybersecurity jobs paid $6,500 more than IT jobs in general, which comes to a 9.5 percent premium.

While the majority of organizations struggle to fill their cybersecurity openings, they increasingly want employees who have soft skills. In a 2017 survey by Tripwire, all 315 IT professionals said soft skills were important when they hired for their security teams, and 72 percent said the need for those skills has grown in the last two years.

Top soft skills you need

So what soft skills should you develop for a successful cybersecurity career? Here’s a list of some the most desirable:

  • Problem-solving
  • Communication
  • Analytical thinking
  • Collaboration/teamwork
  • Attention to detail

1. Problem-solving

An important skill in many jobs, problem-solving is crucial in cybersecurity, where you’re constantly facing scenarios that you have to troubleshoot. Troubleshooter was the third most-important skill that Tripwire respondents identified — and to troubleshoot, you need to know how to approach a problem systematically.

A group of about three dozen Virginia employers that were part of a NICE-sponsored study said that communication and problem-solving were both the most critical and the 3. most difficult soft skills to find among cybersecurity applicants. Panelists on a 2018 Wall Street Journal cybersecurity forum echoed those sentiments:

“There’s a lot of people graduating from fine cybersecurity programs but they’re missing that core skill set of problem-solving, (having) no fear,” Theresa Payton, president and chief executive of Fortalice Solutions and former chief information officer of the White House, was reported as saying at the panel event.

2. Communication

Communication skills are also important in just about any profession, and cybersecurity is no exception — 60 percent of Tripwire’s respondents identified it as the most important skill. Yet, according to the CSIS study, 70 percent of the IT decision-makers surveyed found communication a scarce skill among college graduates.

4. You may need to present technical security information to a variety of stakeholders, answer nontechnical questions, “translate” technical knowledge into business value, develop and write policies and build strong professional relationships. You may also need to take on the role of a security advocate, promoting security practices to diverse audiences. All these activities require verbal or written communication, and perhaps both.

3. Analytical thinking

Somewhat related to problem-solving, analytical thinking was selected as the top required soft skills in the Tripwire survey (identified by 65 percent of the respondents). Analytical thinking is the ability to solve complex problems by breaking them down into smaller components. It usually involves a process like identifying the problem, gathering information, developing and testing a solution and so forth.

While analytical thinking is an innate ability for some people, you can develop this skill by applying your curiosity in a variety of situations — being observant, learning how things work, asking questions and analyzing your decisions. Then, like anything else, you need to apply this in practice.

4. Collaboration/teamwork

Solving security problems doesn’t happen in a vacuum, nor do you have all the answers. You’re often working in a team, collaborating with peers or other stakeholders and seeking other people’s expertise to find solutions. You need to learn how to build consensus as well as cultivate relationships.

Part of the ability to collaborate and work as a team comes from being an excellent communicator and problem-solver, but you also need good people skills, an open-minded attitude and patience, among other things.

5. Attention to detail

Steve Jobs famously said, “Details matter; it’s worth waiting to get it right.” As one story goes, he once left an urgent voicemail on a Sunday morning for Vic Gundotra, Google senior vice president and Google+ architect. The urgency was that the second O in Google’s logo on the iPhone was the incorrect yellow gradient, and Jobs wanted it fixed the next day.

In cybersecurity, the wrong logo color won’t ruin your day, but plenty of other missed details might. You’ll need to be detail-oriented when you dig deep to find the root of a data breach, analyze logs after an attack or conduct digital forensics. Oftentimes, you have to do these things while working fast under pressure, making that another highly useful soft skill.

Conclusion: Using your soft skills to outsmart attackers

Whether you’re developing cybersecurity products or working on the detection or remediation side, you have to think like a hacker. That’s where many of the soft skills come into play, and you’re using them in tandem with your technical skills to help protect your organization. Seeking professional development opportunities to help you enhance your soft skills and your career will be much more successful.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.


Rodika Tollefson
Rodika Tollefson

Rodika Tollefson splits her time between journalism and content strategy and creation for brands. She’s covered just about every industry over a two-decade career but is mostly interested in technology, cybersecurity and B2B topics. Tollefson has won various awards for her journalism and multimedia work. Her non-bylined content appears regularly on several top global brands’ blogs and other digital platforms. She can be reached at