Why I despise the term "soft skills"

Within the security and tech industries, there is still a big focus on "hard skills" - this could be technical knowledge, a skill in the use of a particular tool/language/system, or any solid prior work experience in particular subject areas.

There will always be a need for hard skills, aligned to whatever the role requirements are for particular jobs. However, the paradigm that "hard skills" are the most sought after skills has shifted considerably over the last few years. There is now (rightly so) more of an emphasis on "soft skills".

Examples of soft skills:

• Communication Skills
• Presentation Skills
• Empathy
• Active Listening
• Willingness to Learn
• Flexibility/Adaptability
• Commitment to Personal/Professional Development
• Teamwork
• Trustworthiness/Integrity (whilst not "skills" per se, still important)

...there are way more out there, but from the above you get the gist. These "soft skills" are VITAL within the cybersecurity industry, in fact, arguably within any industry.

I absolutely hate the term soft skills. Why? The term implies that these skills are just...well...fluff. They're often viewed as easy to obtain. Some may even argue that everybody has them.

Wrong.

These skills, if not already acquired, are extremely hard to teach. Ultimately, I've found it is much easier to teach someone hard skills than it is to teach them to learn the importance of soft skills (and through experience, learn how to effectively utilise these skills). However, it's worth noting that both hard skills and soft skills require time and effort to learn. I am not saying that hard skills are easy to learn.

Allow me to demonstrate why soft skills are so important, specifically within the security industry:

• Communication/presentation skills - no longer just a "nice to have", they are essential. If you can't communicate complex/technical info in ways in which your audience(s) will understand, your security strategy or plan WILL fail.
• Empathy - again, essential. If you can't actively listen and try to understand when other people communicate with you, you will fail to build solid, meaningful relationships with colleagues as well as third parties.
• Willingness to learn - whilst not a "skill" per se, it's another attribute that is essential. Nobody is an "expert" in security. Anybody who claims to be is na?ve. The threat landscape is changing every day and it's an industry that demands constant learning, even when you reach those senior positions. If you don't want to learn, you'll get left behind.
• Trust/Integrity - do I have to say it again? ESSENTIAL. In order to ensure security solutions are delivered effectively, the organisation that you work with needs to trust in you. They need to trust that you know what you're talking about and that you have their best interests at heart. They need to trust that you will do everything you can to make the best possible decision in securing their organisation. And you need to maintain your integrity so that people will continue to trust in you.

If security doesn't work for people, it will fail. Period.

As the years have gone by, managers and executives are realising they can't just look for people with solid technical skills anymore. Don't get me wrong - they are valuable and are required in many roles, but other skills should be prized highly too. These so called "soft skills" are absolutely vital in a world that is built on communication. Businesses have goals that need to be reached and there is nothing less valuable or "soft" about having skills that bring people together and make us more productive and efficient. Rather than being "soft", these skills are valuable and transferable; they are essential.

Some great suggestions on renaming "soft skills":

• "Essential Skills"
• "Core Skills"
• The team at CAPSLOCK use "Impact Skills"