Social Skills and the Security Professional

Just how important is it for the Security Professional to have social skills?
It seems like a broken record. In addition to having degrees, certifications and experience. We are now supposed to glide seamlessly into the board room and converse equally well about business units and legal briefs. Its not enough to be technically competent, you’ve got to have a good golf game.
At Shmoocon in the closing plenary an audience member asked for a talk next year on preparing a 30 second security elevator talk. If you’re not familiar with the concept, it is that you have a brief elevator ride with an exec. You have their ear. How do you sell security before the door closes. My VP always asks “are we secure” when I see him. I’ve been told by my Infosec brethren that the answer is yes. Personally I think the answer is “HELL NO as long as users have local admin rights”. Or perhaps a joke, “you aren’t in handcuffs yet, so we must be doing something right.”.
Bill Brenner of CSO online obtained a good quote from the Hoff, Chris Hoff of Unisys and the Rational Security blog.

“The notion that everyone involved in security needs to be able to put themselves out there, get up and give a presentation to the board of directors is ridiculous. We still need skilled operators in the trenches, continuing to do what they do in the basement. Do I want to discourage someone who is fantastic at pen testing by telling them their career will be limited if they can’t put together a PowerPoint presentation for the board?


  1. The ‘elevator pitch’ request is a worthy exercise, if only for the journey. Whether it will yield effective rhetorical nuggets that will ultimately induce valuable changes may be unlikely. Nonetheless, seemingly hopeless causes are never more hopeless than when all are unwilling to try to beat the odds.

  2. I would agree with Bill, but having worked the reg desk at the con for 4 years now…
    I think that while infosec professionals might not need to be able to woo an exec, wouldn’t it be nice if they didn’t act like a douche when you forget to print your barcode for the con?
    SOME people skills are always necessary. You don’t need to be Mr. Smooth, but an attempt at Mr. Polite never hurts.

Comments are closed.