Many people don’t realize a liberal arts degree opens the doors for a wide range of careers. That includes careers in cybersecurity. And with the skills gap and the number of available jobs, there is clearly a demand out there. Someone has to step up to fill those jobs. So, why not someone with a strong background in the so-called soft skills?

Cybersecurity Skills Beyond High Tech

Of course, working in the cybersecurity field does require technical skills. You may need to know how to code in different languages, how to build network architectures, understand analytics and so on. Also at the top of the list are skills like problem-solving, communication, attention to detail and natural curiosity.

As Leverage.Edu pointed out in a blog post, there is a strong need for people who have knowledge and experience beyond high tech. “Potential cybersecurity roles are so broad that even the non-tech-savvy fields are not protected from the dangers of cyber attack[s], such as psychology, project management, marketing and public relations,” the post stated.

Almost every job — and in this case, I do mean individual job duties versus an overall arching career — has unique aspects that new hires learn as they go. They build on what they learn and move on to the next position where they do the same. Any type of formal training provides a foundation, but the most complete way to learn the skills is at work. So what is stopping people with a liberal arts background from being hired into these positions?

Management and HR Need to Think Outside the Box

There has long been a standard cybersecurity skills list that human resources and management use for new hires. To be fair, human resources personnel are looking for tech skills and degrees. Managers should know that the job goes beyond those standard needs. However, they want someone who can come into the job ready to go.

Cybersecurity teams are overworked as it is, and no one has time to worry about training an unskilled candidate. So, many managers request five to 10 years of experience and an alphabet soup of certifications. That’s great for a specialized position or for someone who aspires to be a chief information security officer. It’s not so great for an entry-level position.

It’s up to the hiring team to determine what the new hire will be doing and what can be taught as they go. If the job requires interpersonal skills, effective and efficient communication, both verbally and in writing, and does low-level tech support, it could be the right position for someone without a traditional STEM background.

Cyber Awareness: Thinking Like a Threat Actor

A lot of the roles in this industry are reactive. They involve trying to figure out how a threat actor got into the system in order to mitigate an incident and prevent it from happening again. But today, nation-state threats become more prominent and threats against critical infrastructure are viewed as cyber war. There is a need for cybersecurity skills that can be proactive. Defenders need to figure out why and where a threat actor will make the next move.

Those with backgrounds in psychology and sociology, for example, understand the human psyche. They can find the patterns in threat actor behavior. Political science and history majors know about conflict and the reasons why threats from one region differ from another.

And if there is an incident that must be explained to the public? A writer or marketing specialist with cybersecurity training will be the ideal person to have on your remediation team. After all, they can present the technical information in layman’s terms.

The Cybersecurity Job Outlook for Liberal Arts Majors

Technical skills are still important. A cybersecurity worker at any level is going to need to know their way around a computer or a network. The skills gap in cybersecurity has left a lot of open doors, but the non-IT or cyber-skilled person is going to have to prove they are up for the challenge.

It helps to have some coursework or informal training to add to the resume. Maybe take coding classes on the side or work on IT certifications. These show you know the basics and desire to learn new tasks. Showing good security practices and being familiar with the industry behind the headlines is helpful. That way, you show you know where the problem areas are.

Where To Start

Two specific areas are good for people with a liberal arts background to build their cybersecurity skills. These are cybersecurity awareness training and working the help desk. Awareness training is an under-appreciated task. Someone needs to put together educational programs, even if it is to pull together a weekly Phish Test email. The help desk is already an entry-level position. It requires some research, some basic diagnostic skills and the ability to handle frustrated people.

Overall, the hiring team needs to have a clearly defined picture of the problem they are trying to solve. You should be able to define where your team is failing, where the weaknesses and strengths are in your defenses and the real skills needed to address the issues. If you want someone to reconfigure your cloud architecture, then you want someone with strong IT skills with a background in cloud computing. If you want someone to problem-solve with good attention to detail, you may find the ideal employee is the one with a B.A. in liberal arts.

More from CISO

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…