How to Get Into Cybersecurity, Even Without a Technical Background
October 29, 2019
Part 2 in a series.
Part one of this series discussed Six Reasons to Consider a Career in Cybersecurity. In that article, we noted that in many cases it’s easier to enter the field than you may expect, and that while a technical background is useful, it’s not necessarily required because many of the skills can be learned.
This is great news for those thinking about careers (and career changes).
What kinds of jobs are available in cybersecurity?
- Chief Information Security Officer
- Forensic Computer Analyst
- Incident Responder
- Information Security Analyst
- IT Security Consultant
- IT Security Engineer
- Penetration Tester
- Security Administrator
- Security Analyst
- Security Architect
- Security Consultant
- Security Engineer
- Security Software Developer
- Security Systems Administrator
These jobs slot into several general career paths and candidates will quickly learn that various paths suit the personalities and professional goals of different sorts of individuals. Ample online resources inform and guide decision making.
For example, New Horizons details the training steps for each path. Someone pursuing a career in Penetration Testing (aka ethical hackers) might earn a BS in computer science, IT, cybersecurity or a related field. Security Administrator, SysAdmin and Network Engineer are common entry-level positions.
Along the way the aspiring pen tester would earn CompTIA Security+, Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP), EC-Council Certified Security Analyst (ECSA) and Certified Information Systems Security Professional (CISSP) certifications.
LearnHowToBecome.org’s helpful resource provides a cybersecurity careers list and job descriptions and also examines everything from the details of education and training levels (certificates, two-year degrees, undergraduate and graduate programs of study) to clearance requirements to a handy tool helping students identify the best type of program for them.
What if You Lack a Technical/Computer Background?
The industry affords rich opportunities for the non-technical professional. Like other businesses, security companies hire a huge number of people into marketing, HR, administrative, legal, creative, project management and sales roles.
However, interested candidates aren’t limited to support functions. According to research and consulting firm Frost & Sullivan, fully 30% of current cybersecurity professionals come from non-technical fields. Candidates with the right fundamental qualities can be taught the necessary computer skills.
People with experience in project management, analytics and data science, technical writing, law, policy, third-party oversight, or physical security functions like law enforcement or military roles, may all be able to qualify for cybersecurity jobs by fine-tuning some critically needed skills, said Pete Metzger, a recruiter of c-suite cybersecurity professionals with consulting firm DHR International.
Companies are looking for people who can help them “reshape” how they think about security, he said. Having the ability to “solve problems, having exceptionally well-tuned leadership skills and the ability to influence people in various lines of business,” are critical to what corporations are seeking in cybersecurity executives and staff, he said.
Vyas Sekar, Associate Professor at Carnegie Mellon’s Cylab, agrees.
“In fact, it’s those with an analytical mindset that can do very well in the cybersecurity field. The sort of basic computer science that is necessary can be taught later. It’s maybe more useful to think of cybersecurity as solving a bunch of interesting puzzles.”
Solid Work Habits
This doesn’t mean a simple willingness to work hard, but instead an ability to work methodically and rigorously, plus an appetite to learn the nuts and bolts of the field. A logical, analytical mind is required as well as a commitment to staying current on vulnerabilities and best practices in a rapidly evolving industry.
Since cybersecurity professionals often have to explain what’s going on to management and customers – many of whom may have a limited understanding of cyber threats and risk mitigation practices – excellent presentation and communications skills are a must. Can you articulate complex concepts? How are your listening skills?
A great deal of project management is required of a cybersecurity pro, so organizational skills and the ability to make the trains run on time (both internally and for customer projects) is essential.
Strategic Business Acumen
More and more the cybersecurity field is evolving from a technical discipline into a strategic business one. Successful professionals understand the importance of security in the larger context of the company’s goals and are adept at positioning what they do with their C-level colleagues.
Good cybersecurity pros thrive on tackling problems. An ingrained tenacity when it comes to hacking through a new, novel challenge will serve you well at every stage of your journey.
Innovation and Insight
Effective cybersecurity professionals at all levels pay close attention to emerging developments in the industry, including technologies, practices, new threats and privacy/security regulations (like GDPR and the California Consumer Privacy Act of 2018, which becomes law on Jan. 1, 2020). Those who can see the big picture and think productively about the implications of industry shifts and innovations will be even more valuable to potential employers.
What should you do next?
If you’re young and have decided the traditional path makes sense for you, the resources noted above can get you started.
If you’re more established and are contemplating a career shift, or if the conventional educational path isn’t right for whatever reason, there’s an array of approaches to consider.
Bookmark and read cybersecurity news and analysis sources. This will keep you abreast of what’s happening and what’s expected to happen in the field. Some sites to investigate include:
- Brian Krebs
- Bruce Schneier
- Comodo News
- Dark Reading
- E Hacking News
- Errata Security
- Graham Cluley
- Help Net Security
- Kaspersky Labs
- Naked Security
- Paul’s Security Weekly
- Security Bloggers Network
- The Hacker News
- The Security Ledger
- Wombat Security
You can do a great deal of self-teaching. TechRadar’s list of best cybersecurity courses includes:
Cybrary.it is another place to find quality free cybersecurity education.
Experts recommend attending meet-ups and joining user groups and professional organizations. The people you’ll encounter are invaluable sources of advice on improving your skills and when it’s time to start applying there’s no substitute for industry contacts.
Also, as noted in part 1 of the series, there are now coding clubs and cybersecurity camps for women and girls, and minority candidates can benefit from a variety of programs and scholarship opportunities offered by the International Consortium of Minority Cybersecurity Professionals (ICMCP).
More help is on the way: the “New Collar” approach
IBM has recognized the challenges facing the cybersecurity industry and is proposing an innovative new framework for cultivating talent it calls the “New Collar”. approach
There is continued high demand for cybersecurity professionals and an ongoing shortage of talent. Organizations are pursuing numerous ways to close the talent gap in both the short and long term— including new university programs, technical and vocational programs, apprenticeships, certifications, early education and government programs. Many cybersecurity jobs can be filled through a “new collar” approach that involves tapping professionals who may not have a traditional college degree but do have the needed technical skills and aptitudes. [emphasis added]
The model recognizes that conventional modes of development, rooted in the traditional four-year college system, have failed to meet the need for qualified cybersecurity talent. To address the shortfall, they emphasize “training skills – not degrees earned,” and focus on “new employee profiles, roles and partnerships – including leveraging approximately 300 U.S. community colleges with cybersecurity offerings.”
Specific steps include:
Creating new education programs
- Exploring new education models like Pathways in Technology Early College High School (P-TECH) in the United States and the National College of Cybersecurity in the United Kingdom.
- Supporting programs at community colleges, vocational institutions, polytechnic schools and career centers (for example, the Community College Cyber Summit).
- Driving early education programs for middle and high schools (Hacker Highschool, for example).
Going beyond the traditional classroom
- Establishing apprenticeships, residency programs and internships (for example, ApprenticeshipUSA).
- Emphasizing certification programs and embedding them into education programs. Examples include CompTIA Security+ certification, Certified Information Systems Security Professional (CISSP) certification and Certified Ethical Hacker (CEH) certification.
- Leveraging code schools and boot camps.
- Sponsoring clubs and competitions like CyberPatriot and CyberTitan.
Making connections and sharing information
- Fostering better collaboration and developing tools for students, educators and industry (for example, CyberSeek and TechHire).
- Actively recruiting underrepresented groups through conferences and organizations like the International Consortium of Minority Cybersecurity Professionals (ICMCP), Hire our Heroes, Women’s Society of Cyberjutsu and Women in CyberSecurity (WiCyS).
The IBM model is very forward-thinking and promises tremendous benefits for organizations and aspiring cybersecurity professionals as it gains wider adoption in the coming years. It’s also a rich resource that every prospective cybersecurity worker can use to generate career search ideas.
Get to it
The cybersecurity field is booming and seems poised to continue growing for the foreseeable future – which is remarkable given that there’s already a negative unemployment rate in the industry.
The pay is great, growth opportunities are boundless and it’s probably easier to get into than many people think.
Give it a look. You may have just discovered your future.