Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

11/21/2019
10:10 AM
100%
0%

6 Top Nontechnical Degrees for Cybersecurity

A computer science degree isn't the only path into a cybersecurity career.
Previous
1 of 7
Next

The gap between trained cybersecurity professionals and need is on the order of 4 million people worldwide, and yet not nearly enough students are in computer science and cybersecurity university programs around the world to bridge that gap. One solution, some say, is to look beyond the traditional computer science/cybersecurity academic pipeline for entry-level professionals. 

In fact, "About 58% of cybersecurity professionals come from fields outside technology," says Wesley Simpson, COO of ISC(2). "Cast a big net. We need people from all different backgrounds and degrees."

The big question is: Which degree programs are worthy of consideration?

For practical reasons, Simpson points to the liberal arts. The frequent stories of cybersecurity teams not getting management support for the tools and personnel they need comes down to not effectively telling the cybersecurity story, he says. That's where liberal arts grads can help.

"The liberal arts people are better at telling the story, crafting the story, and talking to all the people they need to talk with to build the story," Simpson says. "We need people from all over the spectrum to tell the story."

Beyond the budget story, individuals from different academic and personal backgrounds can bring critical new perspectives to cybersecurity, which is "key to forming a concrete and inclusive analysis," says Harrison Van Riper, strategy and research analyst at Digital Shadows. "Whether you're conducting an investigation of a threat actor or performing incident response, it's important to understand all of the different views and perspectives that may be impacted." 

Dan Basile, executive director of the security operations center at Texas A&M University, agrees. "We all need a greater diversity of thought and background, in addition to traditional diversity concerns, in order to attack the complex problems we face," he explains. "All nontechnical majors have something that is of value to the cybersecurity field." 

So with general agreement that a wider net is part of the solution, which nontechnical degrees should cybersecurity managers look to for their future staffing needs? We asked a number of cybersecurity professionals for their thoughts, and we received a variety of responses. The six degrees on this list were at the top of the collective heap.

We're also curious: Is your academic background something other than computer science? Let us know where you came from — and what you think about the idea that cybersecurity teams should look beyond computer science and security programs for their future hires.

(Image: StockSnap via Pixabay)

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
afpjr
100%
0%
afpjr,
User Rank: Apprentice
11/22/2019 | 8:00:20 AM
Add Anthropology to the list
Although closely related to Sociology (my minor) as and Anthropology major, I learned to assess and understand other cultures, how to identify and address personal biases when interacting with individuals of a different cultural background, and how to study and document other cultures as objectively as possible.

IMHO, this has direct application when vetting threat intel and researching adversaries. It has helped me bridge the gap between various cultures or silos within an enterprise. It has taught me to understand the different motivations behind attackers, and (sometimes) how to set the bar high enough to encourage them to look elsewhere for their "resources".

Gaming and e-sports teams, social media tribes, corporate entites and nations/states all can be viewed through the lens of an anthropologist to glean greater understanding of the realities we face in cybersecurity today. Over 20 years in the rearview, and my undergrad experience is still relevant, even in this quickly changing environment we work in.
CharlotteWiggins
50%
50%
CharlotteWiggins,
User Rank: Apprentice
11/27/2019 | 8:02:29 AM
Re: Add Anthropology to the list
Big thumbs up to you Curtis!
JeffreyG750
50%
50%
JeffreyG750,
User Rank: Apprentice
12/4/2019 | 9:32:49 AM
Speaking linguistically
I am a PhD drop out in Linguistics (from a very long time ago). And for the past nine and a half years I've been at 1Password, where I am now the Chief Defender Against the Dark Arts. I'm not going to actually recommend my career path to anyone, as it really was a sequence of being at the right place at the right time. But I can talk about what my unusual background helps bring to the job.

First of all, any academic is trained to look for (and attempt to rule out) alternative explanations for some phenomenon. If you notice a pattern, the first thing to do is to see whether it is real or not. Someone else mentioned Statistics which ramps of this way of thinking to 11. But in general, academics are trained to question (and test) their assumptions.
To be honest, I don't know to what extent this is a result of our training or whether it is a characteristic of those seeking academic careers. I'm sure there is research on that, but I'm too lazy to look for it.

The study Linguistics brings together a number of different ways of thinking and specific knowledge that can really be helpful when dealing with information security. First of all, we, like Computer Scientists, spend a lot of time developing formal methods for representing and manipulating information. Some of the specific notions overlap. The Chomsky Hierarchy (important theorems in Formal Language Theory and Automata theories) are things that I learned about studying Linguistics. I learned lambda calculus as an undergraduate as part studying the relationship between natural language syntax and semantics.

But more important than those sorts of overlapping skills, we learn to think rigourously and carefully about a very human activity. Linguistics is, to some extent, a cognitive science. This latter point has been enormous help in thinking about usable security. What sorts of mental models will people construct about the systems that they interact with, and where those mental models don't match the underlying reality, are those mismatches likely to them astray in ways that go against their own security and privacy interests?

Linguistics is also very closely tied to Anthropology. Learning to understand how systems differ and how the same construct can play different roles in different systems helps avoid errors. It also helps me understand that risks of taking something that works in one system and dropping it into another.

Linguistics is also about interaction among agents. Sure, I talk to myself, but we are really trying to reverse engineer communication protocols. Different parties have different motive and different information states when talking to each other. This does not mean that the mechanims for one domain can be directly applied to the other, but we get a layer of abstraction that allows us to think clearly about each.

Again, my career path is a series of accidents, and it isn't going to be something replicable. But I do advocate trying to bring in people with the linguist's way of thinking into information security.
kvonhard
50%
50%
kvonhard,
User Rank: Apprentice
12/19/2019 | 9:48:13 AM
Law Degree
With all the new regulatory requirements impacting the cyber space, I think that law degrees and/or compliance backgrounds provide new value. For example, the NY Privacy act that didn't get passed and the India privacy law update both include the term "data fiduciary" which would lead to a strict liability standard for organizations in the event of a data breach.

The shifting focus requires people who better understand the new legal landscape as well as the technical landscape.
TomBrookes
50%
50%
TomBrookes,
User Rank: Strategist
3/20/2020 | 5:54:50 AM
Re: Law Degree
I agree that the law component in cyberspace plays a major role. But as stated in the article the humanitarian direction is also necessary when studying the cyber direction. Students who study in the IT direction are more focused on the study of core subjects. What can I say about the direction of writing essays, reports and dissertations. They often use the website https://samplius.com/free-essay-examples/crime/ to solve their learning problems.On this website they can easily find free examples of their essays, which may be interesting with the topic of crime. This topic is closely intertwined with cybersecurity. After all, students who want to work in cybersecurity should expect this.
TiaGilbert
50%
50%
TiaGilbert,
User Rank: Apprentice
4/8/2020 | 5:48:57 PM
Re: Add Anthropology to the list
Agree it too!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.