Many people don’t realize a liberal arts degree opens the doors for a wide range of careers. That includes careers in cybersecurity. And with the skills gap and the number of available jobs, there is clearly a demand out there. Someone has to step up to fill those jobs. So, why not someone with a strong background in the so-called soft skills?

Cybersecurity Skills Beyond High Tech

Of course, working in the cybersecurity field does require technical skills. You may need to know how to code in different languages, how to build network architectures, understand analytics and so on. Also at the top of the list are skills like problem-solving, communication, attention to detail and natural curiosity.

As Leverage.Edu pointed out in a blog post, there is a strong need for people who have knowledge and experience beyond high tech. “Potential cybersecurity roles are so broad that even the non-tech-savvy fields are not protected from the dangers of cyber attack[s], such as psychology, project management, marketing and public relations,” the post stated.

Almost every job — and in this case, I do mean individual job duties versus an overall arching career — has unique aspects that new hires learn as they go. They build on what they learn and move on to the next position where they do the same. Any type of formal training provides a foundation, but the most complete way to learn the skills is at work. So what is stopping people with a liberal arts background from being hired into these positions?

Management and HR Need to Think Outside the Box

There has long been a standard cybersecurity skills list that human resources and management use for new hires. To be fair, human resources personnel are looking for tech skills and degrees. Managers should know that the job goes beyond those standard needs. However, they want someone who can come into the job ready to go.

Cybersecurity teams are overworked as it is, and no one has time to worry about training an unskilled candidate. So, many managers request five to 10 years of experience and an alphabet soup of certifications. That’s great for a specialized position or for someone who aspires to be a chief information security officer. It’s not so great for an entry-level position.

It’s up to the hiring team to determine what the new hire will be doing and what can be taught as they go. If the job requires interpersonal skills, effective and efficient communication, both verbally and in writing, and does low-level tech support, it could be the right position for someone without a traditional STEM background.

Cyber Awareness: Thinking Like a Threat Actor

A lot of the roles in this industry are reactive. They involve trying to figure out how a threat actor got into the system in order to mitigate an incident and prevent it from happening again. But today, nation-state threats become more prominent and threats against critical infrastructure are viewed as cyber war. There is a need for cybersecurity skills that can be proactive. Defenders need to figure out why and where a threat actor will make the next move.

Those with backgrounds in psychology and sociology, for example, understand the human psyche. They can find the patterns in threat actor behavior. Political science and history majors know about conflict and the reasons why threats from one region differ from another.

And if there is an incident that must be explained to the public? A writer or marketing specialist with cybersecurity training will be the ideal person to have on your remediation team. After all, they can present the technical information in layman’s terms.

The Cybersecurity Job Outlook for Liberal Arts Majors

Technical skills are still important. A cybersecurity worker at any level is going to need to know their way around a computer or a network. The skills gap in cybersecurity has left a lot of open doors, but the non-IT or cyber-skilled person is going to have to prove they are up for the challenge.

It helps to have some coursework or informal training to add to the resume. Maybe take coding classes on the side or work on IT certifications. These show you know the basics and desire to learn new tasks. Showing good security practices and being familiar with the industry behind the headlines is helpful. That way, you show you know where the problem areas are.

Where To Start

Two specific areas are good for people with a liberal arts background to build their cybersecurity skills. These are cybersecurity awareness training and working the help desk. Awareness training is an under-appreciated task. Someone needs to put together educational programs, even if it is to pull together a weekly Phish Test email. The help desk is already an entry-level position. It requires some research, some basic diagnostic skills and the ability to handle frustrated people.

Overall, the hiring team needs to have a clearly defined picture of the problem they are trying to solve. You should be able to define where your team is failing, where the weaknesses and strengths are in your defenses and the real skills needed to address the issues. If you want someone to reconfigure your cloud architecture, then you want someone with strong IT skills with a background in cloud computing. If you want someone to problem-solve with good attention to detail, you may find the ideal employee is the one with a B.A. in liberal arts.

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today