Cyber Security People – A Diverse Bunch of Behaviours! by Indy Dhami

Over the past 15 years of working in the cybersecurity industry I have been privileged to have worked with highly intelligent, experienced and articulate colleagues. My experiences in large scale transformation programmes, workshops, interviews, managing both project and operational teams encompass consulting and internal business roles. These experiences led to interactions with hundreds of individuals where I have become aware of some consistent and humorous behaviour types displayed. These include eight positive and negative types including:

Negative behavioural types:

1. The Grey Sky Thinker recognises that something needs to be done but does not want to do anything about it. Technology or process problems are identified but never owned. They enjoy bringing up internal politics, while delivering on core business goals are often disregarded. They prefer ‘quick wins’ and tick box type activities.
2. The Maverick has a natural preference to be different. At an enterprise-level, consistency has tremendous value for any organisation. However, these individuals will introduce new concepts or ideas that are flawed and are difficult to adopt. They demonstrate a rebellious nature that can be counter-productive.
3. The Horn Blower has a particularly large ego and is often known as a “diva”. They are the first to claim credit, ownership or responsibility for successes (even if not their own). They often speak when not necessary and for long periods of time. They are counterparts with The Maverick and The Manipulator.
4. The Oblivious is uncertain or unaware of the role that they are expected to play, or how to collaborate effectively with peers. This results in asking the wrong questions or engaging at the wrong level. These individuals are often left scratching their heads wondering “what went wrong?” and blaming others for their mistakes.
5. The Manipulator intentionally tries to win arguments or purposefully create conflict and revels in the aftermath. They spend a lot of time engaged in unnecessary debate. They are skilled at diversionary tactics, for example proposing alternative solutions which benefit their own agenda.
6. The Hermit is highly intelligent and often a perfectionist who believes they are a subject matter expert in all domains. Often, they have some good experience in more than one cybersecurity domain, and as a result assume that they can speak with authority on everything. However, they are difficult to pin down as they are constantly busy at their cluttered desks.
7. The Wolf Whisperer relies upon fear, uncertainty and doubt (FUD). This is a behaviour that lacks assertiveness but make up for it with dramatic descriptions of doom and gloom. Cybersecurity professionals must be credible and bring value to the organisation, but these individuals damage the credibility of the cybersecurity function and create a reputation for being untrustworthy.
8. The Coffee Machine Conversationalist resorts to hearsay and gossip. They thrive on whispering at the coffee machine or close their office door when to discuss controversial topics. These individuals tend to breed insecurity and misunderstanding sending out contradictory messages.

Positive behavioural types:

1. The Diplomat engages in detailed conversations with a wide variety of business and IT stakeholders. They have the ability to demonstrate credible experience, technical competence and knowledge combined with qualities of a professional business leader.
2. The Decisive uses reasoned decisions and statements based purely on strong technical principles. The ability to use well-formed plans and representations to validate and articulate cybersecurity concepts is demonstrated by these individuals.
3. The Realist takes a strategic view and demonstrates an ability to understand complex concepts and relate to business needs and strategy. They have the natural ability to refine and simplify ideas that relate to the business in real-world terms.
4. The Collaborator has the ability to collaborate effectively and with ease. They build and appreciate the value of co-dependent relationships and teams across the business. They support and coach others to fulfil their roles to deliver enterprise-wide impact in a concerted and mutually beneficial manner.
5. The Articulator presents complex ideas in a simple manner to business groups at various levels of an organisation. They are self- confident, clear with their messages, and assured in the accuracy of any decisions they take.
6. The Raconteur uses metaphors and analogies to explain complex concepts and openly shares knowledge and experiences to junior colleagues. They keep the message in focus, always progressing from problem to root cause and ultimately to business focussed solutions.
7. The Galvaniser builds respect, inspire the teams that they lead and develop/coach others. This helps build momentum and focus across the enterprise. People follow these individuals not because they must, but because they want to.
8. The Comedian finds humour in what they do. They are responsible for driving the cybersecurity function through numerous business challenges, demanding stakeholders and change that can seem slow and frustrating. They can laugh and enjoy the world around them where others may panic in the chaos.

It is important to understand the behavioural types and traits of team members, and the positive and negative impact they can bring. The above behavioural descriptions are a humorous take on the interactions I have experienced. I am confident that my industry peers will recognise some (or all) too.



Indy Dhami possesses over 14 years’ experience, having worked in both operational and consulting positions at FTSE100 and Fortune 500 organisations including IBM, AXA, Deutsche Bank, PwC, Accenture, Mercedes-Benz, Jaguar Land Rover and many other world-leading organisations. 

His experience includes leadership positions in information/ cybersecurity transformation, risk assurance, crisis management (pre and post incident), assurance, audit, governance, risk and compliance programmes.