Many people don’t realize a liberal arts degree opens the doors for a wide range of careers. That includes careers in cybersecurity. And with the skills gap and the number of available jobs, there is clearly a demand out there. Someone has to step up to fill those jobs. So, why not someone with a strong background in the so-called soft skills?

Cybersecurity Skills Beyond High Tech

Of course, working in the cybersecurity field does require technical skills. You may need to know how to code in different languages, how to build network architectures, understand analytics and so on. Also at the top of the list are skills like problem-solving, communication, attention to detail and natural curiosity.

As Leverage.Edu pointed out in a blog post, there is a strong need for people who have knowledge and experience beyond high tech. “Potential cybersecurity roles are so broad that even the non-tech-savvy fields are not protected from the dangers of cyber attack[s], such as psychology, project management, marketing and public relations,” the post stated.

Almost every job — and in this case, I do mean individual job duties versus an overall arching career — has unique aspects that new hires learn as they go. They build on what they learn and move on to the next position where they do the same. Any type of formal training provides a foundation, but the most complete way to learn the skills is at work. So what is stopping people with a liberal arts background from being hired into these positions?

Management and HR Need to Think Outside the Box

There has long been a standard cybersecurity skills list that human resources and management use for new hires. To be fair, human resources personnel are looking for tech skills and degrees. Managers should know that the job goes beyond those standard needs. However, they want someone who can come into the job ready to go.

Cybersecurity teams are overworked as it is, and no one has time to worry about training an unskilled candidate. So, many managers request five to 10 years of experience and an alphabet soup of certifications. That’s great for a specialized position or for someone who aspires to be a chief information security officer. It’s not so great for an entry-level position.

It’s up to the hiring team to determine what the new hire will be doing and what can be taught as they go. If the job requires interpersonal skills, effective and efficient communication, both verbally and in writing, and does low-level tech support, it could be the right position for someone without a traditional STEM background.

Cyber Awareness: Thinking Like a Threat Actor

A lot of the roles in this industry are reactive. They involve trying to figure out how a threat actor got into the system in order to mitigate an incident and prevent it from happening again. But today, nation-state threats become more prominent and threats against critical infrastructure are viewed as cyber war. There is a need for cybersecurity skills that can be proactive. Defenders need to figure out why and where a threat actor will make the next move.

Those with backgrounds in psychology and sociology, for example, understand the human psyche. They can find the patterns in threat actor behavior. Political science and history majors know about conflict and the reasons why threats from one region differ from another.

And if there is an incident that must be explained to the public? A writer or marketing specialist with cybersecurity training will be the ideal person to have on your remediation team. After all, they can present the technical information in layman’s terms.

The Cybersecurity Job Outlook for Liberal Arts Majors

Technical skills are still important. A cybersecurity worker at any level is going to need to know their way around a computer or a network. The skills gap in cybersecurity has left a lot of open doors, but the non-IT or cyber-skilled person is going to have to prove they are up for the challenge.

It helps to have some coursework or informal training to add to the resume. Maybe take coding classes on the side or work on IT certifications. These show you know the basics and desire to learn new tasks. Showing good security practices and being familiar with the industry behind the headlines is helpful. That way, you show you know where the problem areas are.

Where To Start

Two specific areas are good for people with a liberal arts background to build their cybersecurity skills. These are cybersecurity awareness training and working the help desk. Awareness training is an under-appreciated task. Someone needs to put together educational programs, even if it is to pull together a weekly Phish Test email. The help desk is already an entry-level position. It requires some research, some basic diagnostic skills and the ability to handle frustrated people.

Overall, the hiring team needs to have a clearly defined picture of the problem they are trying to solve. You should be able to define where your team is failing, where the weaknesses and strengths are in your defenses and the real skills needed to address the issues. If you want someone to reconfigure your cloud architecture, then you want someone with strong IT skills with a background in cloud computing. If you want someone to problem-solve with good attention to detail, you may find the ideal employee is the one with a B.A. in liberal arts.

More from CISO

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

How the Talent Shortage Impacts Cybersecurity Leadership

4 min read - The lack of a skilled cybersecurity workforce stalls the effectiveness of any organization’s security program. Yes, automated tools and technologies like artificial intelligence (AI) and machine learning (ML) offer a layer of support, and bringing in a managed security service provider (MSSP) provides expertise that isn’t available in-house. But it isn’t enough, especially for the medium-sized businesses that would most benefit from an internal security team. However, the talent shortage doesn’t just impact present-day security concerns. The lack of a…

4 min read