Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

11/21/2019
10:10 AM

6 Top Nontechnical Degrees for Cybersecurity

A computer science degree isn't the only path into a cybersecurity career.
1 of 7

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
TiaGilbert
50%
50%
TiaGilbert,
User Rank: Apprentice
4/8/2020 | 5:48:57 PM
Re: Add Anthropology to the list
Agree it too!
TomBrookes
50%
50%
TomBrookes,
User Rank: Strategist
3/20/2020 | 5:54:50 AM
Re: Law Degree
I agree that the law component in cyberspace plays a major role. But as stated in the article the humanitarian direction is also necessary when studying the cyber direction. Students who study in the IT direction are more focused on the study of core subjects. What can I say about the direction of writing essays, reports and dissertations. They often use the website https://samplius.com/free-essay-examples/crime/ to solve their learning problems.On this website they can easily find free examples of their essays, which may be interesting with the topic of crime. This topic is closely intertwined with cybersecurity. After all, students who want to work in cybersecurity should expect this.
kvonhard
50%
50%
kvonhard,
User Rank: Apprentice
12/19/2019 | 9:48:13 AM
Law Degree
With all the new regulatory requirements impacting the cyber space, I think that law degrees and/or compliance backgrounds provide new value. For example, the NY Privacy act that didn't get passed and the India privacy law update both include the term "data fiduciary" which would lead to a strict liability standard for organizations in the event of a data breach.

The shifting focus requires people who better understand the new legal landscape as well as the technical landscape.
JeffreyG750
50%
50%
JeffreyG750,
User Rank: Apprentice
12/4/2019 | 9:32:49 AM
Speaking linguistically
I am a PhD drop out in Linguistics (from a very long time ago). And for the past nine and a half years I've been at 1Password, where I am now the Chief Defender Against the Dark Arts. I'm not going to actually recommend my career path to anyone, as it really was a sequence of being at the right place at the right time. But I can talk about what my unusual background helps bring to the job.

First of all, any academic is trained to look for (and attempt to rule out) alternative explanations for some phenomenon. If you notice a pattern, the first thing to do is to see whether it is real or not. Someone else mentioned Statistics which ramps of this way of thinking to 11. But in general, academics are trained to question (and test) their assumptions.
To be honest, I don't know to what extent this is a result of our training or whether it is a characteristic of those seeking academic careers. I'm sure there is research on that, but I'm too lazy to look for it.

The study Linguistics brings together a number of different ways of thinking and specific knowledge that can really be helpful when dealing with information security. First of all, we, like Computer Scientists, spend a lot of time developing formal methods for representing and manipulating information. Some of the specific notions overlap. The Chomsky Hierarchy (important theorems in Formal Language Theory and Automata theories) are things that I learned about studying Linguistics. I learned lambda calculus as an undergraduate as part studying the relationship between natural language syntax and semantics.

But more important than those sorts of overlapping skills, we learn to think rigourously and carefully about a very human activity. Linguistics is, to some extent, a cognitive science. This latter point has been enormous help in thinking about usable security. What sorts of mental models will people construct about the systems that they interact with, and where those mental models don't match the underlying reality, are those mismatches likely to them astray in ways that go against their own security and privacy interests?

Linguistics is also very closely tied to Anthropology. Learning to understand how systems differ and how the same construct can play different roles in different systems helps avoid errors. It also helps me understand that risks of taking something that works in one system and dropping it into another.

Linguistics is also about interaction among agents. Sure, I talk to myself, but we are really trying to reverse engineer communication protocols. Different parties have different motive and different information states when talking to each other. This does not mean that the mechanims for one domain can be directly applied to the other, but we get a layer of abstraction that allows us to think clearly about each.

Again, my career path is a series of accidents, and it isn't going to be something replicable. But I do advocate trying to bring in people with the linguist's way of thinking into information security.
CharlotteWiggins
50%
50%
CharlotteWiggins,
User Rank: Apprentice
11/27/2019 | 8:02:29 AM
Re: Add Anthropology to the list
Big thumbs up to you Curtis!
afpjr
100%
0%
afpjr,
User Rank: Apprentice
11/22/2019 | 8:00:20 AM
Add Anthropology to the list
Although closely related to Sociology (my minor) as and Anthropology major, I learned to assess and understand other cultures, how to identify and address personal biases when interacting with individuals of a different cultural background, and how to study and document other cultures as objectively as possible.

IMHO, this has direct application when vetting threat intel and researching adversaries. It has helped me bridge the gap between various cultures or silos within an enterprise. It has taught me to understand the different motivations behind attackers, and (sometimes) how to set the bar high enough to encourage them to look elsewhere for their "resources".

Gaming and e-sports teams, social media tribes, corporate entites and nations/states all can be viewed through the lens of an anthropologist to glean greater understanding of the realities we face in cybersecurity today. Over 20 years in the rearview, and my undergrad experience is still relevant, even in this quickly changing environment we work in.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17637
PUBLISHED: 2020-07-15
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.
CVE-2020-7292
PUBLISHED: 2020-07-15
Inappropriate Encoding for output context in McAfee Web Gateway (MWG) prior to 9.2.1 allows remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
CVE-2020-14511
PUBLISHED: 2020-07-15
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
CVE-2020-4100
PUBLISHED: 2020-07-15
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtim...
CVE-2020-5765
PUBLISHED: 2020-07-15
Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional i...