Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

11/21/2019
10:10 AM

6 Top Nontechnical Degrees for Cybersecurity

A computer science degree isn't the only path into a cybersecurity career.
1 of 7

Comment  | 
Print  | 
Comments
Oldest First  |  Newest First  |  Threaded View
afpjr
100%
0%
afpjr,
User Rank: Apprentice
11/22/2019 | 8:00:20 AM
Add Anthropology to the list
Although closely related to Sociology (my minor) as and Anthropology major, I learned to assess and understand other cultures, how to identify and address personal biases when interacting with individuals of a different cultural background, and how to study and document other cultures as objectively as possible.

IMHO, this has direct application when vetting threat intel and researching adversaries. It has helped me bridge the gap between various cultures or silos within an enterprise. It has taught me to understand the different motivations behind attackers, and (sometimes) how to set the bar high enough to encourage them to look elsewhere for their "resources".

Gaming and e-sports teams, social media tribes, corporate entites and nations/states all can be viewed through the lens of an anthropologist to glean greater understanding of the realities we face in cybersecurity today. Over 20 years in the rearview, and my undergrad experience is still relevant, even in this quickly changing environment we work in.
CharlotteWiggins
50%
50%
CharlotteWiggins,
User Rank: Apprentice
11/27/2019 | 8:02:29 AM
Re: Add Anthropology to the list
Big thumbs up to you Curtis!
JeffreyG750
50%
50%
JeffreyG750,
User Rank: Apprentice
12/4/2019 | 9:32:49 AM
Speaking linguistically
I am a PhD drop out in Linguistics (from a very long time ago). And for the past nine and a half years I've been at 1Password, where I am now the Chief Defender Against the Dark Arts. I'm not going to actually recommend my career path to anyone, as it really was a sequence of being at the right place at the right time. But I can talk about what my unusual background helps bring to the job.

First of all, any academic is trained to look for (and attempt to rule out) alternative explanations for some phenomenon. If you notice a pattern, the first thing to do is to see whether it is real or not. Someone else mentioned Statistics which ramps of this way of thinking to 11. But in general, academics are trained to question (and test) their assumptions.
To be honest, I don't know to what extent this is a result of our training or whether it is a characteristic of those seeking academic careers. I'm sure there is research on that, but I'm too lazy to look for it.

The study Linguistics brings together a number of different ways of thinking and specific knowledge that can really be helpful when dealing with information security. First of all, we, like Computer Scientists, spend a lot of time developing formal methods for representing and manipulating information. Some of the specific notions overlap. The Chomsky Hierarchy (important theorems in Formal Language Theory and Automata theories) are things that I learned about studying Linguistics. I learned lambda calculus as an undergraduate as part studying the relationship between natural language syntax and semantics.

But more important than those sorts of overlapping skills, we learn to think rigourously and carefully about a very human activity. Linguistics is, to some extent, a cognitive science. This latter point has been enormous help in thinking about usable security. What sorts of mental models will people construct about the systems that they interact with, and where those mental models don't match the underlying reality, are those mismatches likely to them astray in ways that go against their own security and privacy interests?

Linguistics is also very closely tied to Anthropology. Learning to understand how systems differ and how the same construct can play different roles in different systems helps avoid errors. It also helps me understand that risks of taking something that works in one system and dropping it into another.

Linguistics is also about interaction among agents. Sure, I talk to myself, but we are really trying to reverse engineer communication protocols. Different parties have different motive and different information states when talking to each other. This does not mean that the mechanims for one domain can be directly applied to the other, but we get a layer of abstraction that allows us to think clearly about each.

Again, my career path is a series of accidents, and it isn't going to be something replicable. But I do advocate trying to bring in people with the linguist's way of thinking into information security.
kvonhard
50%
50%
kvonhard,
User Rank: Apprentice
12/19/2019 | 9:48:13 AM
Law Degree
With all the new regulatory requirements impacting the cyber space, I think that law degrees and/or compliance backgrounds provide new value. For example, the NY Privacy act that didn't get passed and the India privacy law update both include the term "data fiduciary" which would lead to a strict liability standard for organizations in the event of a data breach.

The shifting focus requires people who better understand the new legal landscape as well as the technical landscape.
TiaGilbert
50%
50%
TiaGilbert,
User Rank: Apprentice
4/8/2020 | 5:48:57 PM
Re: Add Anthropology to the list
Agree it too!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...