Top Non-Technical Roles in Cybersecurity

With the cybersecurity skills gap now at a staggering four million, it is important to highlight the non-technical roles that the sector has to offer to attract new, diverse talent. As cyber threats continue to evolve, there is no shortage of opportunities for professionals in the cybersecurity sphere.

There are many important non-technical roles that are crucial for keeping information systems safe. 

Soft skills are hugely important to cybersecurity and if you have strong communication, analytical, or problem-solving skills, you could be a great fit for a career in this sector.

Accenture’s Head of Cyber Defense in the UK, Mark Raeburn, commented that people who are instinctive and genuinely interested in the subject matter can go far in the world of cybersecurity as threat analysts, for instance.

“Attitude is often more important than skill and you can certainly learn on the job,” Raeburn said.

Meanwhile, Rebecca Cox, Global Head of Cybersecurity at HSBC, said, “Curiosity – something I’d classify as both a skill and mindset – is something we always look for in employees. Being curious helps someone to learn, change and adapt, which is fundamental to any role.”

“Problem solving and attention to details are other skills we value in cybersecurity given we always need to be staying one step ahead of cybercriminals and identifying opportunities to protect our business,” she added.

Cybersecurity teams often work with a variety of stakeholders to build strong defences and prevent incidents from happening. This means that collaboration and teamwork are important skills to have, Cox noted. 

Different perspectives and diverse skills are important because cybersecurity is not just a technical problem.

Raeburn said: “Cybersecurity is a technical function, by and large, but everyone shouldn’t be technical else you’ll end up in a mess.”

“There is a human behind the [attacker’s] keyboard,” he said.

Highly technical staff, who are also core to a functional cybersecurity team, can sometimes miss the core soft skills needed to communicate issues and ultimately miss their audience.

Cox concurred, noting that non-technical individuals often support with translating complex technical concepts into layman's terms.

She highlighted that diversity of thought ultimately leads to more comprehensive strategies for protecting data and systems.

• Analytical Mindset
• Attention to Detail
• Communication
• Collaboration
• Critical Thinking
• Curiosity
• Desire to Learn
• Empathy
• Problem-Solving
• Teamwork

Here are some interesting non-technical jobs in cybersecurity to consider:

Cybersecurity Auditor

A cybersecurity audit professional, also known as a security auditor, acts as a digital watchdog for an organisation's IT infrastructure. Their main role is to assess the effectiveness of an organisation's cybersecurity defences and identify any weaknesses that could be exploited by attackers. Cybersecurity audit professionals are like security consultants who identify security gaps and provide a roadmap for improvement.

Governance Risk and Compliance

A governance, risk, and compliance (GRC) specialist plays a critical role in building and maintaining a secure digital environment. They act as a bridge between security, management, and regulations, ensuring an organisation's cybersecurity aligns with business goals and legal requirements. They act as a strategic advisor who ensures the organisation has a holistic approach to managing cyber risks. They work between technical security controls and organisational governance, promoting a culture of security awareness and preparedness.

Security Risk Analyst

A cybersecurity risk analyst core focus is on evaluating data and metrics as well as writing reports on the status of risk at any given time within the organisations. Analysts will often be tasked with identifying flaws in an organisation’s security systems, solutions and overall programmes and making recommendations on improvements. You will often need an understanding of cybersecurity frameworks like NIST and ISO standards. You may be required to translate technical security issues into business risk.

Third Party Risk Management Specialist 

A third-party risk management (TPRM) specialist acts as a guardian against potential threats introduced by partnerships and vendors. They are responsible for ensuring that the organisation's third-party relationships don't expose it to unnecessary risks. They will be responsible for vendor risk assesments, contract negotiations and ongoing risk monitoring. TPRM Specialists also need to communicate their findings and risk assessments to relevant stakeholders within the organisation.

Security Awareness & Training Specialist

Knowledge of human behaviours are crucial to this role and is important in an organisation's cybersecurity defence. An awareness specialist will educate and empower employees to be active participants in protecting sensitive information and systems. They act as the human firewall, fostering a culture of security awareness within the organisation. Their job role includes developing and delivering training programmes, culture building, encouraging behavioural changes and conducing simulation testing. They will use metrics and reporting to track the effectiveness of their training programmes and awareness initiatives.

Threat Analyst

A cybersecurity threat analyst acts as a cyber detective, working on the frontlines of defence against cyber-attacks. Their job is to identify, analyse, and understand potential threats lurking in the digital landscape. By constantly monitoring the threat landscape, analysing intelligence, and anticipating attacker tactics, a cybersecurity threat analyst plays a vital role in keeping organisations one step ahead of cybercriminals. They are the information security professionals who help organisations proactively prepare for and defend against cyber-attacks.

Cybersecurity Communications/Marketing Specialist 

A gifted communications or marketing professional is typically able to tackle most sectors and industries as the skills are highly transferable. They will be there as to link between the technical world of cybersecurity and the broader audience. They use their communication skills to raise awareness, educate stakeholders, and promote the organisation's cybersecurity tools.

“To kickstart a career in cybersecurity, start by identifying your strengths and leveraging your previous experience,” Cox said. “For example, if you have experience in developing learning plans, then the cyber education team would be a good entry point. Equally, if you’re strong in project management or controls, then a risk management or audit role could work for you.”

Raeburn, who himself came from a non-technical background and made the switch to cybersecurity from a physical security role, said that if you already have a career it may be hard to go back to a more junior role but with some career paths, like threat intelligence, you may need to start at the lower levels.

He also advised those looking to enter the industry begin some training courses and explore materials offered online.

Some of the leading educational associations, like ISACA, ISC2 and EC-Council offer a lot of training and educational resources.

Most of the roles mentioned in this article will eventually incorporate some level of technical understanding but there is no pre-requisite for a computer science degree or knowledge of the latest code. 

ADVERTISEMENT

Enjoyed this article? Make sure to share it!

Looking for something else?