Do we get enough “soft skills” training in (CyberSecurity) our curricula?

Why are empathy, negotiation and communication skills considered as soft skills while they are one of the first skills sought after by hiring managers in security [1] ? When we use the term “soft skills”, is it not a way to look down at these skills, as if they were irrelevant?

But, let me start with 3 short stories…

Years ago, when I was still doing my internship as a clinical psychologist, I met a brilliant young boy in one of my first counseling session. This young lad refused to comply with his doctor orders mainly because the doctor wasn’t nice. Digging a bit into that story, it appeared that the doctor just gave his diagnostic and the prescription without any further explanation and was even a bit rude. By chance, at least in this case, this smart boy wasn’t always a good communicator himself and he recognized that, as for himself, not being empathetic, doesn’t mean the diagnosis and the treatment prescribed were wrong. So, he finally accepted to go for the best option for him and he decided to take his pills.

A few years later, I was planning to build an extension to my house. I hired an architect to whom I explained what I was expecting (an additional space for my office). The guy came back with a nice plan of an extension and a complete remodeling of my ground floor as he felt my living room was not at the right place. When I said it was not my priority, he insisted, and I finally decided to stop the contract because I didn’t feel I was heard.

The 3rd story is closer to home for security professionals as it happened to a young brilliant security professional working for a large company. After a couple of years working there, building an impressive set of skills, he asked to be more involved in the decision process, to be empowered, to get new challenges and some recognition. His management came back with a certification plan (he already had a few of the classic ones) and a career path. What he was expecting was an opportunity to make a difference, his advises to be considered and an involvement into the new strategic projects. As you may have guessed, he was disappointed, and resigned soon after.

Being a doctor in medicine requires a lot of technical knowledge and skills in order to perform an accurate diagnosis. But it also requires empathy and communication skills (that are often looked down as being “soft skills”) to ensure your patients will comply with the treatment and get better (That’s the end goal, isn’t it?).

Being a architect requires also a lot of creativity and technical skills. But what’s the point of drawing the plan of a house that doesn’t suit the owner?
Even more, why do companies promote technical expert to manager if they are not skilled to manage people?
But, even before that, why are “soft skills” training considered so futile by students and academic curriculum designers while they are so important for the success of most professions?

Don’t get me wrong, medicine school and architecture school offer communication and other “soft skills” classes but I never hear anybody failing due to these courses. While I witnessed many projects failing due to miscommunication issues and a lot of companies struggling to attract and retain their workforce due to average or even bad people management. And that is a big risk for companies nowadays. So, when this will change? Will companies have to put all their new hires through specific trainings to improve their “human” skills? It seems very expensive and very long (yes, it takes time to develop people skills, at least for most people), isn’t it? What do you think?

[1] See (ISC)² cybersecurity workforce study 2018 at https://www.isc2.org/Research/Workforce-Study