After the Brazilian financial system suffered the largest hacker attack in its recent history, with estimates indicating that criminals diverted over R$800 million from accounts linked to Brazilian financial institutions, experts warn that strengthening digital security teams with professionals who possess certain personality traits, such as humility, altruism, and serenity, is essential to prevent new attacks, according to a study conducted by Hogan Assessments.
“The recent incident clearly showed that technology alone is not enough to ensure digital security. Companies need to understand that professionals with suitable behavioral profiles are the first and most important line of defense against attacks of this magnitude,” says Roberto Santos, partner-director of Ateliê RH, the distributor of Hogan Assessments in the country.
Based on Hogan’s personality assessment database, which provides tests in at least 57 countries worldwide, it was possible to identify eight behavioral traits directly related to the effectiveness of digital security professionals. These characteristics allow organizations not only to recruit more accurately but also to strategically develop their teams to face increasingly complex cyber threats. The researchers selected eight personality traits that can make a difference in the cybersecurity field:
Humility: Successful security professionals tend to avoid the spotlight and individual stardom. They do not act out of ego or fame but for the collective result. After all, in the cybersecurity world, the ‘famous’ ones are usually the criminals themselves, not the system guardians.
Altruism: Those who work in security must genuinely want to help people and protect the organization. Although they deal with systems and codes all day, they are ultimately defending users and clients. This professional values cooperation and avoids isolation—combating threats requires mutual trust and teamwork among colleagues, all aligned with the same protection goals. Altruism also implies sharing knowledge and best practices, strengthening everyone’s awareness against attacks.
Serenity: Amid crises and attacks that stress anyone, a good information security professional remains calm under pressure. Keeping a cool head is vital for making rational decisions during an incident. Impulsive or uncontrolled reactions can be disastrous, diverting attention from what truly matters during an attack. Serenity ensures that, even in the face of an ongoing attack, the team responds in a coordinated and effective manner, without panic.
Scientific Mindset: Solving security problems requires an analytical, data-driven approach. Cybercriminals are increasingly sophisticated in their tactics, so defense professionals must be highly technical, logical, and base decisions on concrete evidence. This scientific mindset translates into testing hypotheses, analyzing logs and intrusion indicators, and applying rigorous methodology to identify vulnerabilities and contain breaches. Valuing facts and data-driven decision-making helps filter false alarms and prioritize real risks.
Intellectual curiosity: The cybersecurity field is extremely dynamic—new threats emerge constantly. Therefore, those who are curious, creative, and willing to learn continuously stand out. Inquisitive professionals explore problems by imagining different angles, show motivation to master emerging technologies, and remain open to new ideas.
This curiosity drives the research of innovative defense techniques and the rapid acquisition of knowledge about newly discovered malware or exploits, keeping the team one step ahead of criminals.
Skepticism: In the digital world, distrust is necessary. Skeptical professionals are always alert, thinking like hackers and questioning whether systems are truly secure. This trait prevents complacency—every email, file, or anomaly is viewed with healthy suspicion until proven otherwise. In a scenario of constant threats, naivety is dangerously risky. Skepticism helps detect subtle signs of intrusion that others might ignore.
Agile Response: Attacks happen at high speed—a simple phishing click can compromise data in minutes. Therefore, security professionals must be agile and open to feedback. Being responsive means reacting promptly to alerts and accepting criticism or new information without adopting a defensive stance.
Diligence: In a high-pressure, high-risk environment, being detail-oriented and persistent is essential. Small failures or oversights can create huge gaps—and diligent professionals meticulously check configurations, follow security projects through to completion, and do not relax after implementing the first barrier.
Leadership and technical experts
Both executives and technical professionals in the Information Security field benefit from these personality traits—though they may manifest differently depending on the role. “CISOs and IT managers need to be humble enough to listen to experts and not underestimate risks, and serene to make strategic decisions under pressure without haste. Traits like skepticism and diligence help them anticipate threats and implement rigorous controls, maintaining a constant ‘what if?’ mindset to protect the business,” he adds.
According to Santos, technical security professionals—SOC analysts, secure software engineers, incident response specialists—apply scientific curiosity and positive nonconformity daily to dissect malware, test systems, and discover vulnerabilities before attackers. “They must learn and adapt to new attack techniques, which requires an inquisitive profile and an open mind. Responsiveness is also vital in these roles: when detecting a strange alert at 3 AM, they must react immediately and in coordination with the team, without hesitation,” the executive points out.
At both levels—strategic and operational—the trait of altruism makes a difference. “Information security is not a one-person job; it depends on intense collaboration and mutual trust. Altruistic leaders build united teams engaged in the mission of protecting the company, while altruistic team members share knowledge, offer help, and are not afraid to ask for support when needed,” Santos adds.
For the expert, personality is also a defense tool. “Profiles with the right personality traits form a resilient line of defense, capable of anticipating threats and reacting effectively—protecting the company even when hackers are one step ahead,” Santos concludes.
