Many people don’t realize a liberal arts degree opens the doors for a wide range of careers. That includes careers in cybersecurity. And with the skills gap and the number of available jobs, there is clearly a demand out there. Someone has to step up to fill those jobs. So, why not someone with a strong background in the so-called soft skills?

Cybersecurity Skills Beyond High Tech

Of course, working in the cybersecurity field does require technical skills. You may need to know how to code in different languages, how to build network architectures, understand analytics and so on. Also at the top of the list are skills like problem-solving, communication, attention to detail and natural curiosity.

As Leverage.Edu pointed out in a blog post, there is a strong need for people who have knowledge and experience beyond high tech. “Potential cybersecurity roles are so broad that even the non-tech-savvy fields are not protected from the dangers of cyber attack[s], such as psychology, project management, marketing and public relations,” the post stated.

Almost every job — and in this case, I do mean individual job duties versus an overall arching career — has unique aspects that new hires learn as they go. They build on what they learn and move on to the next position where they do the same. Any type of formal training provides a foundation, but the most complete way to learn the skills is at work. So what is stopping people with a liberal arts background from being hired into these positions?

Management and HR Need to Think Outside the Box

There has long been a standard cybersecurity skills list that human resources and management use for new hires. To be fair, human resources personnel are looking for tech skills and degrees. Managers should know that the job goes beyond those standard needs. However, they want someone who can come into the job ready to go.

Cybersecurity teams are overworked as it is, and no one has time to worry about training an unskilled candidate. So, many managers request five to 10 years of experience and an alphabet soup of certifications. That’s great for a specialized position or for someone who aspires to be a chief information security officer. It’s not so great for an entry-level position.

It’s up to the hiring team to determine what the new hire will be doing and what can be taught as they go. If the job requires interpersonal skills, effective and efficient communication, both verbally and in writing, and does low-level tech support, it could be the right position for someone without a traditional STEM background.

Cyber Awareness: Thinking Like a Threat Actor

A lot of the roles in this industry are reactive. They involve trying to figure out how a threat actor got into the system in order to mitigate an incident and prevent it from happening again. But today, nation-state threats become more prominent and threats against critical infrastructure are viewed as cyber war. There is a need for cybersecurity skills that can be proactive. Defenders need to figure out why and where a threat actor will make the next move.

Those with backgrounds in psychology and sociology, for example, understand the human psyche. They can find the patterns in threat actor behavior. Political science and history majors know about conflict and the reasons why threats from one region differ from another.

And if there is an incident that must be explained to the public? A writer or marketing specialist with cybersecurity training will be the ideal person to have on your remediation team. After all, they can present the technical information in layman’s terms.

The Cybersecurity Job Outlook for Liberal Arts Majors

Technical skills are still important. A cybersecurity worker at any level is going to need to know their way around a computer or a network. The skills gap in cybersecurity has left a lot of open doors, but the non-IT or cyber-skilled person is going to have to prove they are up for the challenge.

It helps to have some coursework or informal training to add to the resume. Maybe take coding classes on the side or work on IT certifications. These show you know the basics and desire to learn new tasks. Showing good security practices and being familiar with the industry behind the headlines is helpful. That way, you show you know where the problem areas are.

Where To Start

Two specific areas are good for people with a liberal arts background to build their cybersecurity skills. These are cybersecurity awareness training and working the help desk. Awareness training is an under-appreciated task. Someone needs to put together educational programs, even if it is to pull together a weekly Phish Test email. The help desk is already an entry-level position. It requires some research, some basic diagnostic skills and the ability to handle frustrated people.

Overall, the hiring team needs to have a clearly defined picture of the problem they are trying to solve. You should be able to define where your team is failing, where the weaknesses and strengths are in your defenses and the real skills needed to address the issues. If you want someone to reconfigure your cloud architecture, then you want someone with strong IT skills with a background in cloud computing. If you want someone to problem-solve with good attention to detail, you may find the ideal employee is the one with a B.A. in liberal arts.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today