Resources Blog Threat intelligence

The myth of "soft skills": Why intelligence teams need strong communicators

Cybersecurity teams with a variety of backgrounds and skill sets produce better intelligence products.

Anna Seitz

There is a very narrow way of thinking that considers “soft skills,” or skills that focus primarily on communication and the arts, to be less valuable than “hard skills,” or skills that focus primarily on math and science. Even the labels “soft skills” and “hard skills” are not ideal, as they often lead to typecasting people into shoehorned roles based on a false binary of who is “technical,” that infamous weasel word.

Competitive cybersecurity teams must consist of a motley crew with a variety of skill sets, what we refer to as “core skills,” to develop into a cohesive unit of effective professionals. Enter the humble communicators: these are your English majors, art degree holders, and journalists. Though they may not be the first people you think of when you consider cybersecurity, folks with these backgrounds are key members of any cybersecurity team because they offer a different perspective to tackle any security problem that presents itself.

The Red Canary Intelligence Team

Members of Red Canary’s Intelligence Team possess a variety of skill sets that create a well-rounded environment to produce high-caliber analysis. Limiting the team to just traditionally “technical” skill sets narrows thinking and doesn’t allow for different approaches to thinking through problems. Diverse perspectives are particularly important in crafting intelligence assessments, as they help analysts avoid cognitive biases like groupthink. Many Intelligence Team members have diverse backgrounds that allowed them to develop a clear understanding of how they wanted to shape their careers, motivating them to pursue higher degrees and become well versed in their respective cybersecurity functions.

Stef Rand, Intelligence Analyst, background in psychology

Stef Rand is an Intelligence Analyst with a background in psychology and white water rafting. Stef became interested in cyber threat intelligence (CTI) because of the systematic way she applied herself to conducting research. Although she had no previous experience or training in CTI, she pursued a separate degree in IT that launched her into a successful career in incident response before she landed at Red Canary.

“Psychology gives you this idea that behavior can be categorized by different models. In a therapeutic setting you have the DSM. Threat Intelligence models
are similar. You look for evidence, categorize it, then give it a common framework.”    —Stef Rand

 

 

Stef understands that CTI is just a different kind of research. She pushes herself to look out for personal biases to remain neutral and follows the research best practices she learned while studying psychology to ensure she follows logic without jumping to conclusions. Just like in psychology, she is mindful of the words she chooses when writing intelligence reports to distill the essential pieces of information that can be built on to create something that is actionable.

Lauren Podber, Principal Intelligence Analyst, background in history

Lauren Podber is a Principal Intelligence Analyst with a background in history and dance. Podber danced professionally for many years before pursuing a degree in Iranian language and history in college and graduate school, where she developed an interest in cybersecurity. She started as an open source analyst focused on strategic intelligence, then turned more operationally based in her career. At Red Canary, Podber is more tactically based in her research, where she uses her critical thinking skills learned through her degree to ask the right questions and find the right answers.

“Computers aren’t attacking people. People are attacking people that use computers. Understanding how computers work is useful, but understanding capabilities and possible outcomes are more human-centered problems.”  —Lauren Podber

 

 

Lauren is driven by curiosity and consciously tries to think about thinking in a self-awareness loop that teases out personal biases. She also advocates for junior analysts to ask pointed questions, forcing more senior analysts to explain their thinking and logic in a more clear way to add greater visibility into analysis. This helps create better intelligence products to help others in the infosec community learn what we at Red Canary learned while conducting research.

Check out Lauren and Stef’s joint research on Raspberry Robin.

Why are “communication” skills important?

Simply stated, intelligence is the communication and dissemination of analyzed information to inform a decision. There can be many flavors of intelligence, whether it is conducted by a government organization like the CIA or FBI, or by a private cybersecurity vendor. Communication skills run deep as core skills within any intelligence organization because of the need to convey complex information simply and effectively. Communication skills are often overlooked by “technical” teams that are hiring, but they should be considered core skills for any cybersecurity role because of the benefits gained from writing, briefing, and creativity.

Writing

If something happened and it wasn’t documented, did it even happen? Having not only the ability, but also the talent, to write comprehensive and effective intelligence reports is one of the most valuable skills an intelligence professional can possess, because many of the most important products an intelligence team produces are written. Think about how many words it takes to conduct and explain an investigation, from copious and tedious notetaking to a polished intelligence product.

Report writing can elicit a groan from some threat hunters who just want to get back to the hunt, but to the former English, Linguistics, and other “non-technical” majors, it is a wonderful opportunity to demonstrate a niche skill set in a formerly “technical” area of expertise. Effectively reporting the details of an incident with scope and a targeted message of “why this matters” or “why this does not matter” makes it easier on the decision maker receiving the intelligence to take action. Writing complex information in a simple way is challenging, and “soft skill” personnel are well-equipped for the role.

Effectively reporting the details of an incident with scope and a targeted message of “why this matters” or “why this does not matter” makes it easier on the decision maker receiving the intelligence to take action.

Briefing

How many times have you been in a meeting with a brilliant security analyst who talks about an exciting threat but is having a difficult time getting the words out? This is a bit of a “tortured artist” or “mad scientist” situation, where the information and facts are there, but the story is not. It is difficult for analysts, even brilliant ones, to succeed in their careers if they are not good briefers.

Having the ability to convey ideas to an audience at a conference or a C-level meeting is crucial to moving forward with a promotion or acquiring more decision-making responsibilities. This comes with a lot of practice, and an even greater amount of self discovery. Talking in front of people is hard, especially about something obscure that may cause a bit of panic from upper management. The goal of a successful brief is to use intelligence as an operational tool for decision making, and not to use it as a panic-inducing mic drop. Being able to effectively communicate a message across all audiences—from tactical to executive—and tailor a brief to each audience is invaluable for an intelligence team wishing to make an impact.

It is difficult for analysts, even brilliant ones, to succeed in their careers if they are not good briefers.

Creativity

A healthy dose of creativity goes a long way to helping a team think objectively about any issue. It can be hard to be creative, and stoking the creative process takes a lot of preparation and groundwork. Creativity in intelligence products can manifest itself through storytelling, graphics to include in reports, presentations at conferences, and more. Bringing creativity to assessments and brainstorming can break analysts out of being stuck in a loop of decision trees. Creativity should be explored not only when conducting assessments, but also in how an assessment is presented. Intelligence is more like an art, not a science, because it is a constantly moving target that is never really finished and can be interpreted in many ways. Approaching an investigation with a child-like ability to question why, and an affinity for graphical storytelling, elevates intelligence products from mere documented occurrences to hot and shareable content that educates and informs. The creatives out there may face backlash from peers and those in positions higher than them because “this isn’t the way we do it here,” or “that takes too much work.” Don’t listen! Keep being creative and weird in your intelligence role and it will pay off.

Intelligence is more like an art, not a science, because it is a constantly moving target that is never really finished and can be interpreted in many ways.

Take action

If you are ever in a position to hire for a cybersecurity role, take into account communications-minded people. They bring a wealth of knowledge that may be unconventional in traditional cybersecurity roles. Writing, briefing, and creativity from communications professionals can accelerate a team to a more professional level. When looking for candidates to diversify a cybersecurity team, keep the following in mind:

  • Look for individuals from many backgrounds to form a team that avoids groupthink and stale ideas.
  • Offer training to existing team members who wish to enhance their writing and briefing skills to help them grow professionally.
  • Listen and have tolerance for creative ideas to hone in on untapped potential.

Cookie cutters are good for cookies

Just like there is not a one-size-fits-all approach to cybersecurity, developing an effective team requires diversity and variety of skill sets. Including diverse skill sets in cybersecurity teams helps them mature at a fast pace due to more ideas, better communication, and new perspectives.

To everyone who has been told you have “soft skills” out there, keep grinding—and keep writing, briefing, and being creative. You add objectivity and imagination in a space that helps leaders make the tough decisions. Leave the cookie cutter teams for the cookies and be guacamole instead, because you are so extra.

 

Intelligence Insights: June 2022

 

Intelligence Insights: May 2022

 

The Goot cause: Detecting Gootloader and its follow-on activity

 

Raspberry Robin gets the worm early

Subscribe to our blog