Success as an Information Security professional in any industry relies on soft skills as much as it does on technical skills. In the Cannabis industry, soft skills are an even higher priority as we are often the first to establish Information Security programs in our respective companies. So here are where soft skills can serve you well in an Information Security role.
Stay Aware of Your Presence
Information Security professionals are trusted with guiding the business through risk, managing threats, and investigating incidents. As such, our actions can impact the careers of others in the business, which can lead to anxiety and nervousness when we interact with those outside our team.
When interacting with staff, it’s important that we present ourselves in a way to others that promotes collaboration as the users we work with are one of our most valuable resources when it comes to identifying potential incidents or threat actors.
We can do this by being warm and friendly in our communications, and ensuring that any technical detail shared is properly brought to a level they understand without judgment. Avoid words or language that makes it seem there is nothing that can be done, or that seems accusatory. Monitor your body language to ensure you are not conveying the opposite of what you are trying to imply. In doing these things, you’ll develop champions who will report things timely and can make or break your program.
While communication is important as is being mindful of how we are being perceived, there’s another major thing that impacts our relationships with those we are tasked to protect, how we perceive users.
In the Cannabis industry, we will run into a wide range of users with different technical aptitudes, including those who may have never worked with a computer up until they took a job in the industry. Give them grace and understanding.
No matter the incident, keep your cool with users, and avoid talking down to them, reacting angrily, judgementally, or with frustration. Losing trust with any user because of how you responded will make your job incrementally harder. Even if you suspect nefarious activity, report it to your trusted contacts within HR and Legal, but your reaction to the user should not change.
Remember, we are hired to help protect the organization and its digital assets and processes that lead to or from its digital realm and the users that leverage it. They are not experienced in what we are, and it’s our responsibility to give them the tools and knowledge to help secure themselves and the organization.
Challenge Your Assumptions
Regardless of your background, you will likely experience new types of incidents or novel attack methods working in Information Security in the Cannabis industry. Avoid resting on your prior experience as the sole factor in how you respond as the same tactics used in other industries may not be successful in Cannabis.
As a trusted advisor to the business, you will need to think as abstractly as possible to consider potential risks the business may face. The stakeholders you are working with may not have considered them, or have not been in a position to experience potential pitfalls. This doesn’t mean telling them “you know best”, but be sure to communicate any risks or concerns you have and promote a discussion around them where appropriate.
Manage Your Stress
Lastly, the most important soft skill you can benefit from working in the Cannabis industry as an Information Security professional is stress management. This industry is dynamic and moves fast and what you may have planned to do, may end up being diverted. This can be frustrating and make you feel like you haven’t accomplished much when that isn’t the case.
Working in a newer industry means you have to stay agile and be willing to make course corrections frequently to ensure you are meeting the needs of the business. Be sure to communicate with stakeholders when things change so there are no surprises. You’ll eventually get back to what you intended to do, just may be later than expected.
In conclusion, staying aware of your presence, respecting users, challenging your assumptions, and managing your stress are great things for any Information Security practitioner to be mindful of. Got other soft skill tips you think are useful for practitioners? Share them in the comments!
Featured photo from Pexels by Vojtech Okenka.