Why Is Optimism a Critical Security Skill?


Security professionals must possess diverse skills to be successful at their jobs. However, a skill or capability that is often ignored is optimism. It may seem an odd ask of individuals whose job it is to anticipate and prepare for the worst security breach situations. However,  Kathryn T. Kun, director of information security at Forter, discusses why it’s a necessity and how it can help security professionals perform better.

Security is a demanding business that can easily foster practitioner stress, anxiety and pessimism. Security skills include technical and analytical acumen, the ability to communicate effectively, understand business needs and abide by governance, among others. Yet, there is one skill that’s typically missing from top-10 must-have skills lists, and that is cultivating optimism. 

The Practice of Cybersecurity Can Easily Create Pessimism 

Security teams are on the front lines of protecting their rapidly digitizing businesses and fending off a growing number of attacks. Success is measured in terms of holding the line and improving practices rather than achieving the desired end-state. While teams can adopt best-in-class platforms, review new intelligence on emerging attack patterns and offer 24/7 monitoring, risks still remain. The odds are simply against them. Cyberattack strategies are evolving as fast – if not faster – than enterprise safeguards. 

When security professionals are successful, they’re typically not noticed or rewarded. Yet, they are blamed when they – or their systems – fail. Teams analyze incidents and breaches and point fingers. Professionals may not have proactively remediated security gaps, detected anomalies in a torrent of signal data or moved swiftly enough to limit attack damage. It’s no surprise, then, that 45%Opens a new window of practitioners have considered leaving the industry due to the pressures of the job. 

Viewing Security as a Mission to Cultivate Optimism

There’s a different way to think about the practice of security: as a vision- and mission-based endeavor. When security practitioners log in each day to start work, they are protecting people they care about: their colleagues, partners and customers. They’re also safeguarding their organizations’ ability to do business in a complex world by delivering vital products and services that others need and ensuring society functions as intended. As a result, security teams are creating a better world for everyone. 

For employees in organizations, these connections may either be explicit or implied. Security professionals who protect national infrastructure for a government agency, a nonprofit’s ability to deliver aid or an e-commerce firm’s ability to deliver goods will likely see the value in safeguarding their organizations’ business and operations. Yet, countless others provide processes or services that enable the effective functioning of businesses and community life. These professionals, too, should take pride in fulfilling their organization’s vision and mission. 

When workers feel a strong sense of mission, they’re more likely to trust organizational leadership, work collaboratively to solve problems and bounce back from disappointment. These optimistic security professionals find a sense of purpose in protecting valuable people and processes, streamlining operations so others can work without distraction and becoming the best they can be. When failures happen, they can learn from them and move forward rather than engaging in self-blame and endless retrospection. 

See More: 6 Shifts in Your Talent Acquisition and Security Policy Can Reduce the Cybersecurity Talent Gap

How to Improve Cybersecurity Team Engagement 

The good news is that cybersecurity worker engagement is growing. An ISC2 study found that more than three-quarters (77%) of respondentsOpens a new window said they were satisfied or very satisfied with their jobs in 2021, up 11% from 2019. While the study didn’t explicitly ask why engagement had increased, it’s likely that new remote working practices, growing cybersecurity budgets and increased C-level prioritization of cybersecurity functions contributed to these higher numbers. 

Still, there’s room to grow, as organizations want to recruit, retain and develop world-class teams and prevent workers from burning out on the job. Here are three simple strategies to put in place to create healthy, high-functioning teams:

  1. Cultivate a culture of optimism: Security leaders can help workers increase their optimism by focusing on the mission. Research demonstrates that employees need to feel a sense of meaning in their work across the 90,000 or more hoursOpens a new window they log in and out of organizational networks in their lifetimes. More than half (56 percentOpens a new window ) of staff said they want to contribute more to society due to their pandemic experiences. Leaders can help create optimism by sharing the organization’s vision and mission, reporting progress or setbacks through this lens, and helping staff develop emotional resilience to navigate tough challenges.
  2. Involve teams in strategic decision-making: Security teams want to be involved in setting strategy, not just cleaning up problems. A report from the Enterprise Strategy Group and Information Systems Security Association International found that these pros are happiest when they are asked to participate directly in  IT planningOpens a new window but become frustrated when they are relegated to a technology administration role with downstream cybersecurity responsibilities. Many organizations have moved to a DevSecOps model as a result, which improves collaboration between IT and security, improves the quality of code and ensures security is considered at each step of development.
  3. Build an unconventional and well-rounded team: New talent is everywhere. The world is awash in professionals who want to change careers, grow their talent stack, and make more money. Rather than chasing the same in-demand group of highly skilled and certified professionals, human resource teams should think about how they can tap into new labor pools. Teachers, lawyers, engineers, and more have the smarts to learn new cybersecurity skills and platforms if given a clear value proposition and roadmap. In addition, they can bring fresh insights and skills to the table, enriching cybersecurity teams’ capabilities and lived experience.

Combat Cyber Despair with Fresh Hope

Cybersecurity teams have a unique and important role in organizations today, but it can seem like an impossible quest. They must help protect people, networks, and operations from an unending fusillade of attacks that are growing ever more sophisticated. 

As teams improve skills and practices, they should also seek to cultivate a reservoir of optimism by focusing on meaning and purpose. They’re not in daily combat with adversaries but helping their organizations move closer to achieving their vision of a better world. 

Whatever skills your security teams bring to the table, make sure they bring optimism as well. Your organization and the world will be better for it. 

How are you combating cyber despair? Share your strategies with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .


Image Source: Shutterstock