Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

<
Back to Main

Security Love Languages: 7 Tips to Win Friends and Influence People in Security

Cobalt
Mar 19, 2020

As humans, we express our love for others through words and actions, and we receive love by interpreting the words and actions of others.

But we don’t all interpret expressions of love in the same way. Some of us relate most deeply to kind words, while others prefer something different.

In the seminal book The Five Love Languages: How to Express Heartfelt Commitment to Your Mate, Gary Chapman refers to the different ways of expressing and interpreting love as “love languages.” They are:

  1. Gift giving

  2. Quality time

  3. Words of affirmation

  4. Acts of service

  5. Physical touch

According to Chapman, each of us can build stronger relationships if we take the time to learn and understand each person’s preferred love language. This is true of all relationships, from romantic to professional — and security is no exception.

Learning to apply the five love languages to your work in security will help you build and maintain better relationships across your business. As a result, you’ll drastically improve your ability to promote security internally and work collaboratively with stakeholders across the company, regardless of level or department.

At our recent Shift AppSec Summit, we held a panel with four industry veterans to discuss how the five love languages can be applied to security.

In discussing the 5 love languages in this context, our experts identified seven tips for building and maintaining strong relationships to effectively communicate security.

1. Open communication

Open communication is critical in a healthy workplace.

When security teams sit down with other departments, both sides need to know they can speak frankly about their challenges and be taken seriously.

2. Safety in structure and framework

It’s easy to get lost in the drama of the moment. Having a plan for everything — literally everything — helps to diffuse the tension, and gives people space to slow down and talk through the situation logically.

3. Support, empathy, and mutual respect

It’s easy for security to feel like “us against them”. Security teams need to take time to understand how security policy affects the rest of the business. Equally, other departments need to understand the security consequences of their actions.

Respecting the expertise that each department brings helps to facilitate conversations — even difficult ones.

4. Psychological safety

Your business must be a safe place to show vulnerability and admit mistakes. If it isn’t, problems will be swept under the carpet, and everyone will pay in the long run.

When an issue arises, aim for a blameless post-mortem. It doesn’t matter who’s responsible — it matters how you’re going to recover and learn from it.

5. Celebration of security successes

It’s easy to ignore good practice and focus only on mistakes, but that breeds frustration and apathy. If you see good security behaviors, make sure you recognize them.

Equally, people need to know that one mistake won’t end their careers. Nobody ever created a winning business with a culture of fear.

6. A Clear “Why”

If you simply make demands, you run the risk that they will be ignored.

Taking the time to explain why something must be done may slow things down in the short term, but it ensures the business can move as fast as possible while staying safe. It also demonstrates that security isn’t just a roadblock — it’s part of what helps the business succeed.

7. Speak in the other person’s terms

Most people don’t respond to metrics. They care about business* outcomes and blockers — particularly those that affect *their priorities.

Legal departments understand regulations and compliance

Engineers understand trade-offs, technical solutions, and product quality.

Executive boards understand holistic risk and business consequences.

If you tailor your language to the audience’s priorities, you’ll be received more favorably.

Why Do We Care About Other People?

In security, people are sometimes viewed as the biggest risk, but we believe that people are the greatest asset a business has.

For security teams to be successful, they need to win people over and convince them to exhibit good behaviors that will keep the business safe.

If you focus on applying the five love languages to your work in security — and incorporating the tips highlighted by our panel — you’ll be well on your way to achieving that.

To watch a full recording of our ‘Security Love Languages’ panel including Caroline Wong, Fredrick Lee, Coleen Coolidge, Ty Sbano, and Joy Forsythe, click here or watch below.

Interested in learning about nurturing a security mindset? Explore Jeff Forristal’s blog on embedding security.