6 Top Nontechnical Degrees for Cybersecurity
A computer science degree isn't the only path into a cybersecurity career.
November 21, 2019
The gap between trained cybersecurity professionals and need is on the order of 4 million people worldwide, and yet not nearly enough students are in computer science and cybersecurity university programs around the world to bridge that gap. One solution, some say, is to look beyond the traditional computer science/cybersecurity academic pipeline for entry-level professionals.
In fact, "About 58% of cybersecurity professionals come from fields outside technology," says Wesley Simpson, COO of ISC(2). "Cast a big net. We need people from all different backgrounds and degrees."
The big question is: Which degree programs are worthy of consideration?
For practical reasons, Simpson points to the liberal arts. The frequent stories of cybersecurity teams not getting management support for the tools and personnel they need comes down to not effectively telling the cybersecurity story, he says. That's where liberal arts grads can help.
"The liberal arts people are better at telling the story, crafting the story, and talking to all the people they need to talk with to build the story," Simpson says. "We need people from all over the spectrum to tell the story."
Beyond the budget story, individuals from different academic and personal backgrounds can bring critical new perspectives to cybersecurity, which is "key to forming a concrete and inclusive analysis," says Harrison Van Riper, strategy and research analyst at Digital Shadows. "Whether you're conducting an investigation of a threat actor or performing incident response, it's important to understand all of the different views and perspectives that may be impacted."
Dan Basile, executive director of the security operations center at Texas A&M University, agrees. "We all need a greater diversity of thought and background, in addition to traditional diversity concerns, in order to attack the complex problems we face," he explains. "All nontechnical majors have something that is of value to the cybersecurity field."
So with general agreement that a wider net is part of the solution, which nontechnical degrees should cybersecurity managers look to for their future staffing needs? We asked a number of cybersecurity professionals for their thoughts, and we received a variety of responses. The six degrees on this list were at the top of the collective heap.
We're also curious: Is your academic background something other than computer science? Let us know where you came from — and what you think about the idea that cybersecurity teams should look beyond computer science and security programs for their future hires.
(Image: StockSnap via Pixabay)
Catherine A. Allen, CEO of Shared Assessments, lists math as a useful degree when translated to a cybersecurity role. "The issues we face require a holistic approach to problem solving, the ability to communicate with others, and the ability to create ways to educate people on the dangers," Allen explains.
Jason Kent, hacker in residence at Cequence Security, praises math majors for their ability to think critically. "Critical thinking and being able to look at things from varied perspectives gives one an advantage, especially if facing a challenge they've never faced before," he says. "People with these skills tend to be willing to accept that the way [something] works is the way they'll use it, even if it's unconventional."
For Texas A&M's Basile, the most important trait of a math major has to do with personality. "Personally, I look for passion and the drive to solve a puzzle," he says. "The technology can be taught. These two cannot."
Carmen Marsh, CEO and managing partner of Inteligenca, says she has had "some of the most amazing people come out of the business analyst or project management side. They have to plan and have to be strategic in their thinking."
Marsh is also founder of 100 "Women in 100 Days Cybersecurity Career Accelerator," a tuition-free program funded by Craig Newmark for bringing more women into the cybersecurity field. "If you take any job that requires analytical skills and creativity and emotional intelligence, those are the things that would really make a difference in the existing cybersecurity force, and they're not coming from the traditional cybersecurity background," she says.
Harrison Van Riper, strategy and research analyst at Digital Shadows, advises looking for where a purely business path to cybersecurity intersect. For example, a degree in accounting lends itself to the field of IT auditing, he says. "Business risk analysis, as it applies to cybersecurity, is another area that is extremely useful and crucially needed in the industry," he adds.
Cequence Security's Kent has a business degree. "I saw that as one advances through their career, communication and understanding the business impact become more and more important," he says.
According to Kiersten E. Todt, resident scholar at the University of Pittsburgh Institute for Cyber Law, Policy, and Security, psychology is a promising academic major for cybersecurity professionals because of the insight it can bring into human behavior and the soft skills in communication, listening, and other human factors that are critical to success in the psychology field.
In addition, analytics and data manipulation required in psychology can be useful in cybersecurity. "Statistics, analytics, and other things from the social sciences are important skills in being effective as a cybersecurity professional," Todt says.
Understanding how human beings work is critical in modern cybersecurity, Cequence Security's Kent agreed. "Most hackers have a mindset of frameworks of attack. If they're to succeed, they need to be aware of how they can change to get to where they want to be," he explains. "This is prevalent in social-engineering attacks where one has to change to ensure their target will trust them. It's also a real skill when trying to think how a defender might be keeping them out."
Just as psychology can help a cybersecurity professional understand how an individual might approach a system, sociology can be useful for understanding how individuals behave as part of a group or how large groups behave when presented with a particular situation. "My background and education in international business, marketing, and organizational behavior has helped me understand people and their motivations," Shared Assessments' Allen says.
Understanding how cybersecurity works within the organization - and how to communicate the importance of cybersecurity to everyone within the organization - are critical skills, ISC(2)'s Simpson adds. "These teams are small and need to have tentacles out into the other business units to help with the training, the awareness. They need to have help with cybersecurity," he explains. "Cybersecurity needs to be part of the daily lexicon of the business unit."
Companies must learn to appeal to sociology majors just as sociology majors must learn to make themselves attractive to cybersecurity hiring managers, Simpson says. "The stereotype of cybersecurity is very negative - long hours, burnout, not appreciated, not listened to. Google cybersecurity, and in the first three images you'll get the hacker in the dark hoodie," he says. "When I talk about casting a wider net, I think organizations should ... start searching for employees looking for a new challenge, who have the internal motivation. It's easier to take someone who has the soft skills and teach them the tech than the other way around."
Philosophy might seem an unusual launching pad for a cybersecurity career, but University of Pittsburgh Institute's Todt, who was executive director of the Commission on Enhancing National Cybersecurity under President Obama, says a foundation in ethical thinking and behavior is critical for cybersecurity professionals - and anyone else involved in business IT. "Ethics and philosophy - I think anyone with a major in coding should have a minor in ethics," she explains.
Joseph Carson, chief security scientist at Thycotic, explains the importance of having a foundation in human behaviors. "Cybersecurity is not a technical challenge. It is a human one," he says. "We need to be making more usable cybersecurity solutions because future cyberattacks will target and abuse humans trust first."
Training to look at problems and issues from a variety of viewpoints can be critical in solving cybersecurity problems, Digital Shadows' Van Riper says. "Within cybersecurity and threat intelligence, getting multiple perspectives on various issues is key to forming a concrete and inclusive analysis," he explains. "Whether you're conducting an investigation of a threat actor or performing incident response, it's important to understand all of the different views and perspectives that may be impacted."
While it might seem odd to think of music majors making the shift to cybersecurity, the link between musicians and software skills has long been known. Extending the link to security may mean bridging a smaller gap than many think.
Tom Garrubba, CISO at Shared Assessment, doesn't see a gap at all. "I believe music is a great one!" he exclaims. "Musicians - whether sheet-music readers or 'ear' players, possess incredible traits that can be translated to cybersecurity. Sheet readers have the ability to follow a plan and stick to the music, meaning they're good at following direction and practice at playing the piece perfectly. Ear players, on the other hand, tend to have the exceptional ability to improvise and dive right in. This is quite evident at blues or jazz open-stage nights. They feed off each other and work in concert to push each other."
Garrubba's feelings about the advantages of a music background are not based on theory, he says. "[My] music background helped me to think quickly and improvise when needed. It also helped me to gauge what the audience wants and expects and meet those expectations," he says.
While it might seem odd to think of music majors making the shift to cybersecurity, the link between musicians and software skills has long been known. Extending the link to security may mean bridging a smaller gap than many think.
Tom Garrubba, CISO at Shared Assessment, doesn't see a gap at all. "I believe music is a great one!" he exclaims. "Musicians - whether sheet-music readers or 'ear' players, possess incredible traits that can be translated to cybersecurity. Sheet readers have the ability to follow a plan and stick to the music, meaning they're good at following direction and practice at playing the piece perfectly. Ear players, on the other hand, tend to have the exceptional ability to improvise and dive right in. This is quite evident at blues or jazz open-stage nights. They feed off each other and work in concert to push each other."
Garrubba's feelings about the advantages of a music background are not based on theory, he says. "[My] music background helped me to think quickly and improvise when needed. It also helped me to gauge what the audience wants and expects and meet those expectations," he says.
The gap between trained cybersecurity professionals and need is on the order of 4 million people worldwide, and yet not nearly enough students are in computer science and cybersecurity university programs around the world to bridge that gap. One solution, some say, is to look beyond the traditional computer science/cybersecurity academic pipeline for entry-level professionals.
In fact, "About 58% of cybersecurity professionals come from fields outside technology," says Wesley Simpson, COO of ISC(2). "Cast a big net. We need people from all different backgrounds and degrees."
The big question is: Which degree programs are worthy of consideration?
For practical reasons, Simpson points to the liberal arts. The frequent stories of cybersecurity teams not getting management support for the tools and personnel they need comes down to not effectively telling the cybersecurity story, he says. That's where liberal arts grads can help.
"The liberal arts people are better at telling the story, crafting the story, and talking to all the people they need to talk with to build the story," Simpson says. "We need people from all over the spectrum to tell the story."
Beyond the budget story, individuals from different academic and personal backgrounds can bring critical new perspectives to cybersecurity, which is "key to forming a concrete and inclusive analysis," says Harrison Van Riper, strategy and research analyst at Digital Shadows. "Whether you're conducting an investigation of a threat actor or performing incident response, it's important to understand all of the different views and perspectives that may be impacted."
Dan Basile, executive director of the security operations center at Texas A&M University, agrees. "We all need a greater diversity of thought and background, in addition to traditional diversity concerns, in order to attack the complex problems we face," he explains. "All nontechnical majors have something that is of value to the cybersecurity field."
So with general agreement that a wider net is part of the solution, which nontechnical degrees should cybersecurity managers look to for their future staffing needs? We asked a number of cybersecurity professionals for their thoughts, and we received a variety of responses. The six degrees on this list were at the top of the collective heap.
We're also curious: Is your academic background something other than computer science? Let us know where you came from — and what you think about the idea that cybersecurity teams should look beyond computer science and security programs for their future hires.
(Image: StockSnap via Pixabay)
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024