top of page

ISO27001 and the skills gap you might be missing

Updated: Jul 19, 2022

There are essential skills for a Consultant - And this is just one of them

Oh no! Another blog about the cybersecurity skills gap!!

But wait! Don't run off just yet… this isn't the skills gap assessment you might expect. I'm not going to tell you that we need more ISO27001 implementors or ISO27001 auditors. I'm not saying we need more technical leaders, pen testers or analysts, and I'm not going to tell you that we need more people to be trained in the governance, risk and compliance side of security.

I'm not even going to tell you that we need more business skills within Cybersecurity training.


The skills gap I'm talking about is the most obvious and the most important skill that everyone (myself included) needs to work on every day, remember and develop.

You were given 2 ears, 2 eyes and 1 mouth for a reason

Now, anyone who knows me knows I can talk the hind leg off a donkey (or any beast of burden!). Get me on a good day, and I can talk about a topic none-stop, seemingly without drawing breath for hours!

But… When it comes to talking to clients about what they need, the skill I have developed with laser-like focus is Listening!

Over the years, I have read countless books and listened to podcasts about developing listening skills, and the various techniques you can employ to do this.

For example, taking notes is not only a great way to ensure you capture what is being said, but it forces you to slow down so you can take on board the information being provided. It is like you're recounting the words you've just heard over again. Familiarity aids recall and therefore gives you time to think about what you have just been told.

The eyes have it

Listening is also a visual activity, as there are non-verbal clues you need to be looking out for. For example, does the client look angry, tired or bored when discussing the topic they've called you about? Are they being 'tight-lipped' when talking about the breach? Is this because other people are on the call and they can't speak candidly?

Look for subtle cues such as an expression around the eyes or raising an eyebrow when discussing a particular topic or person. Maybe the shoulders hunch or relax can indicate boredom, enthusiasm, or disapproval.

it may be that the tone of voice changes when discussing a key topic which may betray their true feelings about the area of discussion.

CAL - The REAL Missing Skills Gap

With all the CISSPs, CEH, CISA, CISMs, CIPP-E, CRISC, FCISS, and other accreditations around I wish there was a CAL qualification; Certified Active Listener.

If you think that I'm wrong here, let me ask you a question; Has anyone in your professional or personal life ever said, "You just never listen to me!" You might have said this to someone in your personal or professional life too.

Here's another question… How does it make you feel when you know someone has taken the time to listen to you? They put down their phone, switched off the TV and really listened. Did it make you feel important? Validated even?

Now imagine how your client (current or prospective) feels when you're on a video conference call, and you're clearly answering emails, or you talk over them? Of course, I know you would never be so rude, right? But I've seen it repeatedly happen (yes, I'm talking to you salespeople!). People are chatting on the video conference, and a notification comes in… "oooh… best just check that". And immediately, you're distracted and no longer listening.

Listening Tips

Listening is not a passive activity. It is something you should proactively work on.

Here are some ideas you can practice daily to improve this vital skill.

  • Maintain eye contact with the speaker – If you're taking notes, tell them that's what you're going to do (if it's not obvious)

  • Take notes – As stated

  • Ask for clarification on key points – "So if I understand you, what you're saying is…"

  • Don't interrupt – Don't just wait for a chance to jump in!

  • Pay attention to nonverbal cues – Listening means also focusing on body language. Are the words congruent with their stance or hand gestures?

  • Pause before your reply - Allow 2 or 3 seconds to pass before responding. Truly absorb their words.

Hearing is easy – Listening is harder.

It may sound like a soft skill, but I promise you that good listening skills are hard to come by. I'm saying this from personal and professional experience when I say that we all want someone to listen to us – but rarely do people do it.

We know when someone has heard us and truly listened. If you can demonstrate this in your personal and professional lives, I promise you that your client (and personal) relationships will benefit massively.


Don't underestimate this important skill. Take time to practice it and focus on developing your listening skills - Start with the next conversation you have.

Everyone wants to feel that they are important (including you), and nothing makes someone feel more important than feeling as though someone has really listened to their problems. Because from there, you can start to establish how to address their issues or help them in whatever way is necessary.

Take time to develop this skill. You can thank me later.

Listening is not a soft skill. But if it is, then it's the hardest one to master.

Give me a call

Interested in becoming a Consultant Like Us and developing your Consultancy business? Or perhaps you're looking to implement ISO27001 and build trust with your clients, then give me a call today, and we'll discuss how easy it can be to implement when approached practically and in a structured way.

If you're interested in other articles I've written please take a look here. Or perhaps asking me to be a guest on your blog), get in touch.

PS: The new standard for ISO27001 is set for release in October 2022 – Still plenty of time to plan for the transition (which normally takes around 18 months)

17 views0 comments


bottom of page