Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

11/21/2019
10:10 AM

6 Top Nontechnical Degrees for Cybersecurity

A computer science degree isn't the only path into a cybersecurity career.
2 of 7

Math
Catherine A. Allen, CEO of Shared Assessments, lists math as a useful degree when translated to a cybersecurity role. 'The issues we face require a holistic approach to problem solving, the ability to communicate with others, and the ability to create ways to educate people on the dangers,' Allen explains.

Jason Kent, hacker in residence at Cequence Security, praises math majors for their ability to think critically. 'Critical thinking and being able to look at things from varied perspectives gives one an advantage, especially if facing a challenge they've never faced before,' he says. 'People with these skills tend to be willing to accept that the way [something] works is the way they'll use it, even if it's unconventional.'

For Texas A&M's Basile, the most important trait of a math major has to do with personality. 'Personally, I look for passion and the drive to solve a puzzle,' he says. 'The technology can be taught. These two cannot.'

(Image: geralt VIA Pixabay)

Math

Catherine A. Allen, CEO of Shared Assessments, lists math as a useful degree when translated to a cybersecurity role. "The issues we face require a holistic approach to problem solving, the ability to communicate with others, and the ability to create ways to educate people on the dangers," Allen explains.

Jason Kent, hacker in residence at Cequence Security, praises math majors for their ability to think critically. "Critical thinking and being able to look at things from varied perspectives gives one an advantage, especially if facing a challenge they've never faced before," he says. "People with these skills tend to be willing to accept that the way [something] works is the way they'll use it, even if it's unconventional."

For Texas A&M's Basile, the most important trait of a math major has to do with personality. "Personally, I look for passion and the drive to solve a puzzle," he says. "The technology can be taught. These two cannot."

(Image: geralt VIA Pixabay)

2 of 7
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
kvonhard
50%
50%
kvonhard,
User Rank: Apprentice
12/19/2019 | 9:48:13 AM
Law Degree
With all the new regulatory requirements impacting the cyber space, I think that law degrees and/or compliance backgrounds provide new value. For example, the NY Privacy act that didn't get passed and the India privacy law update both include the term "data fiduciary" which would lead to a strict liability standard for organizations in the event of a data breach.

The shifting focus requires people who better understand the new legal landscape as well as the technical landscape.
JeffreyG750
50%
50%
JeffreyG750,
User Rank: Apprentice
12/4/2019 | 9:41:16 AM
Re: Add Anthropology to the list
As someone who studies Linguistics (a closely related field), I whole heartedly agree. I would add that anthropologists know how to look at the parts of some system both in direct terms of what it is and also in how it works within the system in which it is embedded. Additionally, anthropologists will be able to see that there are more ways to solve a problem then we might initially imagine. Finally, anthropologists will be able to look at the system in which they are embedded with an outsider's view.

All of those help elimite blind spots. And attackers are trying to exploit our systematic blind spots. So yes, I agree that anthropologists can bring an enormous value into a security team.
JeffreyG750
50%
50%
JeffreyG750,
User Rank: Apprentice
12/4/2019 | 9:32:49 AM
Speaking linguistically
I am a PhD drop out in Linguistics (from a very long time ago). And for the past nine and a half years I've been at 1Password, where I am now the Chief Defender Against the Dark Arts. I'm not going to actually recommend my career path to anyone, as it really was a sequence of being at the right place at the right time. But I can talk about what my unusual background helps bring to the job.

First of all, any academic is trained to look for (and attempt to rule out) alternative explanations for some phenomenon. If you notice a pattern, the first thing to do is to see whether it is real or not. Someone else mentioned Statistics which ramps of this way of thinking to 11. But in general, academics are trained to question (and test) their assumptions.
To be honest, I don't know to what extent this is a result of our training or whether it is a characteristic of those seeking academic careers. I'm sure there is research on that, but I'm too lazy to look for it.

The study Linguistics brings together a number of different ways of thinking and specific knowledge that can really be helpful when dealing with information security. First of all, we, like Computer Scientists, spend a lot of time developing formal methods for representing and manipulating information. Some of the specific notions overlap. The Chomsky Hierarchy (important theorems in Formal Language Theory and Automata theories) are things that I learned about studying Linguistics. I learned lambda calculus as an undergraduate as part studying the relationship between natural language syntax and semantics.

But more important than those sorts of overlapping skills, we learn to think rigourously and carefully about a very human activity. Linguistics is, to some extent, a cognitive science. This latter point has been enormous help in thinking about usable security. What sorts of mental models will people construct about the systems that they interact with, and where those mental models don't match the underlying reality, are those mismatches likely to them astray in ways that go against their own security and privacy interests?

Linguistics is also very closely tied to Anthropology. Learning to understand how systems differ and how the same construct can play different roles in different systems helps avoid errors. It also helps me understand that risks of taking something that works in one system and dropping it into another.

Linguistics is also about interaction among agents. Sure, I talk to myself, but we are really trying to reverse engineer communication protocols. Different parties have different motive and different information states when talking to each other. This does not mean that the mechanims for one domain can be directly applied to the other, but we get a layer of abstraction that allows us to think clearly about each.

Again, my career path is a series of accidents, and it isn't going to be something replicable. But I do advocate trying to bring in people with the linguist's way of thinking into information security.
CharlotteWiggins
50%
50%
CharlotteWiggins,
User Rank: Apprentice
11/27/2019 | 8:02:29 AM
Re: Add Anthropology to the list
Big thumbs up to you Curtis!
toonces
50%
50%
toonces,
User Rank: Apprentice
11/22/2019 | 7:36:05 PM
Hmm. Statistics, or theory?
Did the '6 Top Nontechnical Degrees' make the list based on people working in cybersecurity now? My hunch is it's more an opinion piece encouraging companies to consider outsiders.

It's a good read regardless, but I've seen precious few job postings without a particular degree requirement, and one or more popular & expensive certs.
Curt Franklin
100%
0%
Curt Franklin,
User Rank: Author
11/22/2019 | 1:20:37 PM
Re: Add Anthropology to the list
I agree that anthopology could be a great "gateway degree" for cybersecurity. I think that the key, when discussing any of the "soft sciences" or even the traditional liberal arts, is a rigorous academic program. If the student learns to do research, think critically, and communicate well, then they'll be likely to have the tools required to succeed in cybersecurity.

Thanks for taking the time to comment -- I was hoping this would generate some good discussion on majors and degrees!
afpjr
100%
0%
afpjr,
User Rank: Apprentice
11/22/2019 | 8:00:20 AM
Add Anthropology to the list
Although closely related to Sociology (my minor) as and Anthropology major, I learned to assess and understand other cultures, how to identify and address personal biases when interacting with individuals of a different cultural background, and how to study and document other cultures as objectively as possible.

IMHO, this has direct application when vetting threat intel and researching adversaries. It has helped me bridge the gap between various cultures or silos within an enterprise. It has taught me to understand the different motivations behind attackers, and (sometimes) how to set the bar high enough to encourage them to look elsewhere for their "resources".

Gaming and e-sports teams, social media tribes, corporate entites and nations/states all can be viewed through the lens of an anthropologist to glean greater understanding of the realities we face in cybersecurity today. Over 20 years in the rearview, and my undergrad experience is still relevant, even in this quickly changing environment we work in.
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...