Some may argue that non-technical jobs in cybersecurity are the foundation of the industry. If technical cybersecurity jobs (e.g. cybersecurity engineers, penetration testers) are the bricks of cybersecurity, then non-technical cybersecurity jobs are the mortar that ensures the infrastructure of cybersecurity is strong enough to stand against cyber threats.
These roles focus on the processes of cybersecurity such as planning, maintenance and training. Imagine the field of cybersecurity without these things; there would be a lack of structure and processes will be based on hearsay knowledge.
For those looking to break into the field, non-technical cybersecurity positions provide a foundation for understanding cybersecurity principles and practices without requiring extensive technical expertise. Those who enter into these non-technical roles may even enjoy this side of cybersecurity enough to where they see themselves continuing on this path.
Various non-technical roles
The following is a non-exhaustive list of non-technical roles that can help those break into cybersecurity:
- Compliance analyst: Ensures that a company’s policies and procedures comply with requirements made by federal, state or local agencies (e.g. HIPAA). To do this, they conduct regular audits to verify compliance.
- Security awareness coordinator: Develops and implements training programs that educate employees about best practices in security (which can include physical and cyber). Companies may need a security awareness coordinator in order to foster a culture of security awareness.
- IT auditor: Evaluates an organization’s IT infrastructure and operations to ensure they are following policies and procedures. The goal is to help the company stay efficient and compliant with internal and external standards.
- Information security specialist: This is a broad position that can encompass many types of information that will need to be protected (e.g. operations security, classified protection, etc.). This role helps focus on protecting an organization’s information systems by identifying vulnerabilities, ensuring compliance and recommending proper security measures. This position may be more popular in government sectors.
- Risk management specialist: Performs comprehensive assessments of risk in order to identify, and mitigate the risks. These risks can include cyber threats, internal threats, natural disasters and many more.
Highlighting Boise State’s Ashlea Byram
Ashlea Byram is a career changer pursuing her Master of Science Cyber Operations and Resilience at Boise State University. As a career changer, one may be at a learning curve having to learn a new set of skills.
However, Byram has not shied away from taking on the challenge, which ultimately landed her a role as an IT risk management consultant at Meditology Services, a consulting firm that performs risk assessments and audits primarily for health care organizations.
Byram showcased her skills by attending a bootcamp and achieving her CompTIA Security+ certification, but networking ultimately helped her break into the field. When asked how she found her role in IT risk management, she stated, “Actually [I saw] a random job posting in the Slack channel, ‘Rewriting the Code.’ Networking and professional groups are so important for referrals and job postings!”
To some, changing careers may seem like they would have to start all over again. However, there are transferable skills that can be applicable in the field of security, especially in non-technical roles.
“While I did not have any experience in security or in IT auditing prior to getting this job, there were multiple skills from my old job,” Byram stated. “Even my bachelor’s degree in economics translated to this job easily. I think the most important skills for my job are being naturally curious and willing to dig deep and research to find answers on your own.”
It is what makes her truly love her work and solidifies that she enjoys working as a security practitioner. “My favorite part of working as an IT risk management consultant is getting to interact with clients and help them assess their security programs. Being a security consultant/auditor is the perfect job for someone who wants to work in security but also interacts with people on a regular basis.“
Byram’s advice for those trying to break into cybersecurity is to invest in education and not feel that non-technical skills are a disadvantage. “Our cyber operations and resilience master’s degree program is an excellent place to start! The courses in our program related to risk and compliance parallel my day-to-day work,” she said.
“I think to be a security consultant you also have to have personal drive and ambition, and you need people skills in addition to technical security knowledge. I think a job like mine is an excellent choice for someone who can translate technical security topics to non-technical stakeholders. I find it so rewarding to know we are helping our clients keep patient data safe and their organizations secure.”
Investing in education to get a start in cybersecurity
The cyber operations and resilience program at Boise State University understands the urgent need for more professionals in cybersecurity. They also understand that it may be difficult for those trying to break into cybersecurity. That is why the program does not rule out those trying to enter the career field and provides opportunities by teaching about the non-technical aspects, alongside the technical aspects, of cybersecurity. It is like the best of both worlds.
The cyber operations and resilience program includes courses related to non-technical roles, like Cybersecurity Governance and Compliance, as well as technical cybersecurity roles, such as Digital Forensic and eDiscovery Procedures.
The program also provides free training courses by industry leaders in technology such as Cisco and Palo Alto Networks to help those who would like more exposure to the technical aspects of cybersecurity, while they are trying to break into the field.
Learn more about cyber operations and resilience
Learn more about how Boise State’s online Master of Science Cyber Operations and Resilience helps students, like Byram, break into cybersecurity by visiting our website or contacting a student success coach.
Master of Science in Cyber Operations and Resilience
Contact a Student Success Coach
Written by Ranier Lieberman.