The Value of Emotional and Cultural Intelligence for Security Professionals
Asher Best • May 30, 2025
Ninety-eight percent of non-IT respondents revealed that they have faced at least one IT security miscommunication, and because of this miscommunication, sixty-two percent of managers admit it led to at least one security incident.3 Research shows that the diversity in commitment to regulation and governance of cyberspace between different nations stems from the fundamental cross-cultural differences in human values between countries.4 Emotional and cultural intelligence enables modern day security practitioners to break through technical, emotional, and cultural barriers. Emotional intelligence is the ability to understand emotions within us and others to manage behaviors and relationships more effectively. Cultural intelligence is the ability to understand and adapt to cultural norms different from our own. One of the first steps to improving emotional and cultural intelligence is to understand the various technical and administrative constraints a security practitioner may face as well as the differing views on technology between generations and cultures.
Some of the key technical constraints that a security practitioner may see in today’s technological climate include evolving threat landscapes, complexity of IT environments, and zero-trust architectures. AI-powered cyberthreats are enabling cybercriminals to become more sophisticated in less time spent and adapt to security defenses in real-time. With the emergence of cloud computing and software-as-a-service (SaaS) solutions, IT environments are now a hybrid of on-premises and cloud resulting in more complex environments for security practitioners to manage and monitor. The perimeter approach has fast become outdated, leading security professionals to move towards zero-trust architectures. While being incredibly resource-intensive and complex, zero-trust is achieved through continuous authentication, micro-segmentation, and session monitoring.8 Running parallel to technical constraints, administrative constraints can include budget limitations, change resistance, communication barriers, and talent shortages. Non-security professionals may view security implementations as a bottleneck and resist change while security teams operate on an already tight budget. Technical jargon can seem like a foreign language to non-technical stakeholders. Couple this with existing natural language communication barriers and you have a recipe for misunderstanding and confusion. Recent economic conditions have led to a severe shortage of skilled security professionals. In addition, skill requirements are shifting faster than security practitioners can keep up with, causing the cybersecurity talent gap to widen.7 Most of these constraints can be overcome by putting social awareness and relationship management into practice. Social awareness enables professionals to navigate group dynamics effectively1 and relationship management helps with building trust with others over time. This makes security initiatives seem less esoteric and more transparent to the non-technical stakeholder. In addition to these technical and administrative constraints, security practitioners must also face the challenge of managing the various perspectives that different generations hold regarding technology.
Baby Boomers and Gen X may be more skeptical towards adopting modern technology especially when it comes to data privacy concerns. However, both generations tend to use social media as a source of news and as a means of staying connected with their friends and colleagues. Millennials and Gen Z have never known life without technology and the internet. Both generations use technology to boost productivity and engage in instant connection with others. However, this “need it now” mindset may come at the expense of proper security hygiene which may conflict with the desire for instant gratification. In his book Well Aware, George Finney (2020) argues that building a strong community can lead to better information sharing, collective defense mechanisms, and a more resilient security posture.2 This practice of community-building alongside intergenerational mentorship will enable different generations to blend their different technological perspectives to make a more security conscious and technology literate community. Differences in perspectives and attitudes towards technology not only apply to generations but also to cultures.
Cultural norms and values are the foundation of how data privacy is perceived and regulated across the globe.5 For example, the General Data Protection Regulation (GDPR) in Europe allows citizens to consent to, manage, and remove their data that is collected by external entities. This is in direct contrast to the United States which currently holds zero Federal-level data protection regulations but have regulations that are managed more on a state level. Cultures that value individualism may be stricter, whereas cultures that practice collectivism may be more lenient when it comes to trust, privacy, and adoption of technology. High power distance cultures may be more tolerant of authorities collecting data and high uncertainty avoidant cultures may desire clear rules and guidance when it comes to data collection and usage. In the book The Culture Map, Erin Meyer (2014) stresses the importance of being flexible as well as managing up and down cultural scales as it relates to egalitarian and hierarchical societies.6 This emphasizes the importance of understanding and adapting to how diverse cultures may respond to certain security implementations.
Emotional and cultural intelligence are strategic assets that can be applied not only to our professional lives but also to our personal lives. Whether we realize it or not, emotional and cultural dynamics shape our perceptions and attitudes towards each other and towards the technology we utilize every day. The ultimate cost of ignoring emotional and cultural dynamics within our communities when it comes to security could mean loss of trust with our colleagues, reputational damage, and even monetary loss. The archaic view that the security professional is the “gatekeeper” between technology and people should be replaced with a more contemporary view that the security professional is the “bridge-builder” between technology and people. Cultivating a more security-conscious community begins with understanding our own and others’ emotions and adapting to the diverse cultural norms inhabiting our world. In an epoch where technology evolves faster than policy and perception, soft skills such as empathy, adaptability, and communication are more essential now than ever before.
Beyond those already discussed, security practitioners continually face many evolving technical and administrative constraints throughout their daily life. Perspectives and attitudes towards technology vary from generation to generation with overlap in certain areas. Culture plays a significant role in how trust, data privacy, and adoption of technology are treated from nation to nation. Emotional and cultural intelligence are necessary skillsets that, when integrated effectively into existing security practices, can be the deciding factor between a severely damaging security breach and a successful eradication of a threat. Proper security implementation extends well beyond the technical and administrative constraints faced by security practitioners. Current or aspiring security professionals should strive to build bridges between those of differing generations and cultures within and outside of their immediate communities or organizations. By applying emotional and cultural intelligence, security professionals can bridge the gap between people and technology across different generations and cultures. These skillsets are vital to security implementations that are not only technologically effective but also are socially resilient and inclusive.
Footnotes
1 Bradberry, T., & Greaves, J. (2009). Emotional intelligence 2.0. TalentSmart. https://www.amazon.com/Emotional-Intelligence-2-0-Travis-Bradberry/dp/0974320625
2 Finney, G. (2020). Well aware: Master the nine cybersecurity habits to protect your future. Greenleaf Book Group Press. https://www.amazon.com/Well-Aware-Master-Cybersecurity-Protect/dp/1626347352
3 Kaspersky. (2023, January 18). How to speak fluent infosec: The key cybersecurity terms of 2023. Kaspersky Daily. https://www.kaspersky.com/blog/speak-fluent-infosec-2023/
4 Kharlamov, A. and Pogrebna, G. (2021), Using human values-based approach to understand cross-cultural commitment toward regulation and governance of cybersecurity†. Regulation & Governance, 15: 709-724. https://doi.org/10.1111/rego.12281
5 Lutz, C. (2019). How culture shapes data privacy expectations. ESG Sustainability Directory. https://esg.sustainability-directory.com/question/how-does-culture-impact-data-privacy/
6 Meyer, E. (2014). The culture map: Breaking through the invisible boundaries of global business. PublicAffairs. https://www.amazon.com/Culture-Map-Breaking-Invisible-Boundaries/dp/1610392507
7 PR Newswire. (2024, April 30). CyberSeek highlights persistent cybersecurity skills shortage despite hiring stabilization. https://www.prnewswire.com/news-releases/cyberseek-highlights-persistent-cybersecurity-skills-shortage-despite-hiring-stabilization-302275849.html
8 SentinelOne. (n.d.). Cybersecurity trends: The cyber threats of tomorrow. https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-trends/