5 Non-Technical Skills Tomorrow’s Information Security Experts Need

Information security is a technical discipline that’s highly in-demand among organizations nationwide. As CIO.com highlights, there is a severe cyber-security talent gap in the United States due to a lack of training among information-technology, or “IT,” professionals and the emerging nature of the field. With a 38-percent increase in information-security incidents over the past year, companies nationwide are scrambling to bolster their in-house security talent.

Regardless of whether your company is considering training existing IT talent to assume security roles or hunting for external talent, it’s wise to consider non-technical skills that benefit security professionals. Adaptability, a proactive attitude and other attributes can be every bit as beneficial to a talented tech worker as experience with firewalls and file-integrity monitoring. Join us as we review five non-technical skills that both experienced and newly hired, information-security experts should demonstrate.


1. Adaptability

The ability to perform well under pressure may be critical to success in a security-leadership role, according to Capella University. The only constant in the quickly changing security field is change, which is why information-security professionals must prepare for constant adaptation. Between changes in threat patterns and best-of-class technologies, it’s critical that employees take an agile stance in response to new challenges.

2. Research

The technical skills that were relevant five years ago in information security are far less important today. Security professionals shouldn’t just be able to tolerate ongoing professional research; they should enjoy the process of learning and improvement.

For individuals who are making a transition to security from a non-related IT discipline, a strong history of professional development and education can indicate strength in research abilities that are crucial for success in their new role.

3. Proactivity

Symantec Corporation’s research indicates that over the past month, they’ve uncovered and logged 19 new variants of threats. Information-security risks are not one-size-fits-all. They’re continually evolving and changing. As a result, security professionals must be aware of the latest trends and prepare to respond.
There is risk in security professionals who constantly safeguard against last year’s threats. This tendency can lead to critical vulnerabilities in systems. In contrast, your team should participate in formal threat-information exchanges to ensure they’re ready for worst-case scenarios before they happen.

4. People Skills

Information-security leadership may need to work with other departments in the organization on a regular basis, including finance, human resources and more. As CSO Online highlights, there is a genuine need for people with the ” … soft skills to … increase user awareness and education.”

Humans at all levels of the organization can act as critical gatekeepers during cyber-security attacks. Due to simple actions from clicking on links and phishing emails to downloading malware, your employees are often innocently responsible for successful security breaches. Information-security professionals must defend your network by championing educational efforts through the enterprise and inspiring real change in your employees’ behavior patterns.

5. Business Acumen

Business acumen may come from formal education or years of experience. In a leadership role, information-security professionals must make budgetary and resource decisions that have the potential for a real impact on the enterprise. InformationWeek.com recommends carefully interviewing candidates with situational questions in order to gain an understanding of their “business sense” before hiring. While risk assessment, budgetary adjustments and agility are business skills, they can also benefit security roles.


The best information-security professionals will bring a mix of both technical and non-technical skill sets to the table. With a combination of technical knowledge and soft skills, they’re ready to develop procedures, policies and training programs to mitigate risk in the enterprise. For all these reasons, organizations should take a comprehensive approach to evaluating potential information-security experts when hiring.