Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills

While most people recognize that heading up a cybersecurity team requires a mix of both technical and so-called "soft skills," it's a reality that many security leaders struggle with the latter. Daniel Shore, Ph.D., a social-behavioral scientist and the co-founder of MultiTeam Solutions, is trying to change that through research-based training with a focus on the social science of leadership. He will lead a workshop titled "Hacking Cybersecurity Leadership" next month at Black Hat 2024.

"A lot of people end up in leadership positions based on their technical abilities, and we really want to help them expand their repertoire, their skill set, so that they can show up with confidence in a way that they lead individuals, teams, and multi-team systems or ecosystems," Shore says.

The two-day session aims to help cybersecurity leaders improve those critical soft skills needed to lead teams and navigate the unique challenges of the industry. Shore, who also presented at Black Hat Europe in 2021, says the new adaptation of the workshop is based on five years of research funded by US and European governments and accredited by the UK National Cyber Security Centre (NCSC). He will offer leaders research-backed strategies to motivate teams and help team members feel valued.

"Leaders are leading individuals, they're leading teams, and they're leading these multiple teams," he says. "And they're also leading themselves. That, in and of itself, is a really almost unimaginably complex task."

It's even more challenging in cybersecurity, which falls under what is known as a "VUCA" environment: volatile, uncertain, complex, and ambiguous, he says. When a leader is placed into that environment, it adds an immense layer of uncertainty to leadership.

"Another area of focus that we will take is, what do leaders have control over that is known? With the right skill set, people and the interactions between them are more known than, for example, the scope of cyberattack," Shore explains. "So shifting some of a leader's focus to teamwork can be a stabilizer and confidence-builder in their work, which has so much uncertainty."

The session will also cover methods to build trust within teams and how to foster a collaborative environment. In addition, Shore will discuss how to cultivate a shared language and mindset across multi-team systems — "an aspect often neglected in traditional cybersecurity skills-based training," he says.

A Safe Place to Make Decisions

Participants in the training will engage in context-independent exercises designed to practice decision-making, innovation, problem-solving, and adaptation in a psychologically safe environment, Shore says. The exercises are not cybersecurity-specific, but the underlying processes are all priority issues or opportunities that drive effective cybersecurity operation, he says.

"One of the activities is going to be starting up a new company," Shore notes. "And then you're going to merge with some other companies in your cohort. When you're doing that, it's not about the company. It's about how you're showing up, how you're coming to consensus decision-making, how you're being innovative, how you're problem solving, how you're adapting."

Shore says participants can take part in these processes without the pressure and burden of their typical titles and roles as leaders. It's a chance to explore — in a way that is low-stakes, he says. With no consequence to the decisions they're making, leaders can take some risks.

Overcoming Leadership Challenges With Human Solutions

Cybersecurity leaders often face low morale, high turnover rates, and imposter syndrome, among other challenges. The workshop will offer practical solutions to these kinds of issues, Shore says, but with an emphasis on human-centered leadership in a field dominated by technical solutions.

"The use of technology is a human task," he says. "We're looking to provide human-centric solutions to practical problems, complementing the technical solutions leaders typically rely on."

Another essential part of the workshop will be fostering a sense of empathy and belonging among participants. Leaders will have the opportunity to build camaraderie with their peers, share experiences, and support each other in a safe and constructive environment.

Shore says he hopes that attendees will leave the session with a clearer understanding of the human-centered challenges in cybersecurity and practical strategies to address them. The date and time for Shore's training will be published soon.