Hack the Human Side: Leading Cybersecurity with Emotional Intelligence

Being a cybersecurity leader is like starring in a high-stakes action movie—you're not just blocking hackers with your tech expertise but also rallying your team like a squad of digital Avengers. Sure, you’ve got the skills to code, configure, and control, but leading effectively in this role requires more than technical wizardry. I think that to truly inspire your team and do everything to protect the network, you need emotional intelligence (sometimes referred to as EI)—the secret sauce that transforms a manager into a mentor.

Emotional intelligence is the ability to recognize, understand, and manage your emotions while also empathizing with others and navigating social interactions effectively. It’s like having a built-in radar for feelings—your own and everyone else’s—paired with the tools to respond thoughtfully. In leadership, emotional intelligence means balancing empathy with decision-making, ensuring that both people and priorities are respected.

Leading with emotional intelligence in cybersecurity (or really any leadership role) is about bridging the gap between the tech and the humans who make it work. It’s knowing what to say—and how to say it—so your team feels heard, valued, and motivated. Let’s dive into the how with actionable examples of emotionally intelligent phrases, paired with pop-culture analogies for fun.

Sometimes, a team member will raise an issue that seems trivial in the grand scheme of cybersecurity—like worrying about phishing simulations feeling “too tricky.” Resist the urge to brush it off. Instead, use phrases that validate their feelings while steering the conversation toward solutions. Here are some examples of what I think that may look like:

• “I understand why this feels frustrating. Let’s look at how we can make the process more educational rather than punitive.”
• “That’s a valid point. It’s not about catching people off-guard; it’s about building awareness. Let’s brainstorm how to better communicate the ‘why.’”

It’s the cybersecurity equivalent of Captain America saying, “I can do this all day.” You’re showing you’re in it with them, not against them.

Now continuing our phishing example, now lets say when someone clicks a phishing link during training, it’s tempting to go full-on Mr. Robot and lecture about the stakes. But emotional intelligence reminds us that mistakes are teachable moments. Here’s how to reframe the conversation:

• “Mistakes happen—it’s why we have these trainings. What’s important is learning how to spot this next time.”
• “Think of this as a win: now we know what tactics are effective, and you’re better equipped to catch them in the future.”

This approach channels Ted Lasso vibes—turning what could be a moment of shame into a moment of growth.

Let switch to rolling out a new security policy? Brace yourself for groans, eye rolls, and someone mumbling, “But we’ve always done it this way.” Instead of doubling down with, “It’s necessary,” try connecting with their perspective first:

• “I get that this feels like another hurdle, especially when you’re juggling so much already. Here’s why this change matters and how it’ll help us in the long run.”
• “I know change can be tough. Let’s work together to make this as seamless as possible for everyone.”

Think of it like Obi-Wan Kenobi telling Luke, “These aren’t the droids you’re looking for.” You’re guiding, not forcing, the narrative.

When a security breach happens, panic is contagious. It’s your job to be the calm in the storm, reassuring your team while leading them to action. Try these:

• “We’ve trained for this, and we’re ready. Let’s focus on the steps we need to take.”
• “It’s a challenging situation, but we’ve got a solid team and a solid plan. We’ll get through this together.”

This is your Avengers Assemble moment: rallying the team with confidence and direction instead of adding to the stress.

Cybersecurity can feel like a thankless job. If a breach doesn’t happen, it’s because you’ve done everything right. Make sure to celebrate those invisible victories:

• “Great job flagging that suspicious activity before it became an issue. That’s exactly why we have these protocols.”
• “I know no one saw the crisis we prevented today, but I want you to know how much I appreciate your vigilance.”

Channel your inner Leslie Knope here—be unreasonably enthusiastic about their efforts. It builds morale and reinforces the importance of their work.

If a non-technical colleague reports something that isn’t a security threat, resist the urge to roll your eyes and move on. Instead, thank them for their vigilance:

• “Thanks for bringing this to our attention. While it’s not a threat, it’s always better to err on the side of caution.”
• “I appreciate you flagging this. It shows you’re thinking critically about security, which is exactly what we need.”

My whole security career, I've told people, I would rather them report 1,000 suspicious emails than to click one they aren't sure on.

It’s the cybersecurity equivalent of Gandalf saying, “All we have to decide is what to do with the time that is given to us.” You’re encouraging effort while gently redirecting focus.

Leading with emotional intelligence isn’t just a nice-to-have skill—it’s essential. In cybersecurity, where stakes are high and stress runs rampant, how you communicate can make or break your team’s effectiveness.

By validating concerns, reframing mistakes, and celebrating wins, you create an environment where people feel empowered to learn and grow. And when the inevitable crises hit, you’ll be the steady hand guiding your team forward—not just with technical expertise but with humanity.

After all, cybersecurity isn’t just about protecting systems; it’s about protecting the people who use them. So lead with empathy, sprinkle in some pop-culture analogies, and remember: the best firewall in the world can’t compensate for a leader who’s emotionally unplugged.