Adaptability is a person's ability to be flexible and adjust to the changing circumstances in their environment.  Information Technology and cybersecurity are constantly evolving which makes your ability to adapt to those changes extremely important.  There are an endless litany of changing priorities, projects, customers and technologies that require you to be adaptable.  You also need to be able to adapt your communications style to your listener.  Are you talking tech with your team or do you need to take it up a level and streamline the conversation for the non-techie crowd?  All this plays in to your adaptability.

Some things to think about when working on your adaptability are:

  • Embrace different ways of thinking
  • Leave your ego at the door
  • Committ to personal development
  • Push yourself out of your comfort zone


Presenting an adaptable cybersecurity team can open the door to many conversations that may otherwise be met with resistance.  It can show people both within and outside your team that the goal is to enable their work in a secure way, not keep them from their goals.  You can show how adaptable you are in situations such as:

  • Explaining complex technical topics in an easy to understand way
  • Take time to understand how the business process that you're trying to secure works
  • Talk the technical talk and walk the technical walk with your team
  • Change or eliminate policies and procedures that are limiting business outcomes

Growth Resources

Corporate Explorer: How Corporations Beat Startups at the Innovation Game (English Edition)
Shared via Kindle. Description: Corporate Explorers Transform Disruption Into Opportunity With This Proven Framework Innovation used to be seen as a game best left to entrepreneurs, but now a new breed of corporate managers is flipping this logic on its hea...
3 ways to measure your adaptability -- and how to improve it
When venture investor Natalie Fratto is determining which start-up founder to support, she doesn’t just look for intelligence or charisma; she looks for adaptability. In this insightful talk, Fratto shares three ways to measure your “adaptability quotient” -- and shows why your ability to respond to…
The Delicate Art of Bureaucracy: Digital Transformation with the Monkey, the Razor, and the Sumo Wrestler (English Edition)
Shared via Kindle. Description: Mark Schwartz, author of leadership classics A Seat at the Table and The Art of Business Value, reveals a new (empowering) model for the often soul-shattering, frustrating, Kafkaesque nightmare we call bureaucracy. Through hu...

In Practice

Threats, technologies, politics, culture, and business are all rapidly changing around us. Adaptability is crucial not only to stay ahead of cybersecurity threats but also to respond to the organizational culture we work in to keep pushing cybersecurity towards an enablement posture. Adaptability then means many things:

  • Learning and applying new technologies, attack methods, industry regulations
  • Understanding new strategic directions and mapping that to cybersecurity
  • Evolving the cybersecurity culture to keep it aligned with the broader organizational culture and needs of the team members that are a part of it

Adaptability, like many of our other core skills is present in all roles.


The CISO sets the strategic direction for the cybersecurity team. That strategy should be informed in part by what’s happening in technology, what’s forecasted to happen in the near future, what the organization’s needs and goals are, and what resources the team has available to it. These constituent elements are always changing and a CISO cannot get stuck in a headspace of rigidity that doesn’t give space for plans to change.

Resources are another source of constant change that CISOs need to adapt to. Budgets grow and shrink, team members leave, new headcount is approved or layoffs happen, vendor partners may make significant changes to their offerings or their pricing. Your input informs your outputs.

Tactical priorities can also be quite fluid. For example as a security lead in a startup or small organization you may find yourself being pulled into lots of business development activities that pull time away from your project work. Responding to third party security questionnaires, jumping on sales calls, or supporting the onslaught of product development and the possible security implications for any given change being made.

As a Pentester

Penetration testing, like any technical role in cybersecurity is always adapting with new tools, testing techniques, industry regulations to consider, and technologies to test. Penetration testers need to balance repeatable process and adaptive creativity to maximize value while still creating a relatively predictable result for the customer receiving the test.

Customer’s needs are something that will also change from engagement to engagement. Needs may even change in the middle of a test. Write things up this way. Test that thing over there. This feature just got an update. Can we test that again really quickly? These are all requests that may get fielded mid-test and while process matters, remaining somewhat fluid to meet these requests (within reason of course) can yield a much better experience for the customer.