Employers outside the industry are looking for new employees

How are galaxies formed? What happens when they collide? These are the kinds of questions Dr. Leila Powell faced in her previous life as an astrophysicist.

But in 2015, she put those galactic-sized questions aside and moved into cybersecurity.

“The pursuit of understanding the universe is really important, but I got to a point where I felt like I wanted to do something that had a bigger impact on people’s everyday lives,” she says.

Like many job seekers, Powell was looking for better pay and conditions.

“There are various challenges in an academic career path that can discourage people from pursuing it, including job security and pay compared to industry,” she says.

Dr. Powell is the Chief Security Data Scientist at Panaseer, a company that helps organizations understand where there may be vulnerabilities in their cybersecurity controls.

She is one of many people who have brought their skills from other jobs to the cybersecurity field.

Cybersecurity includes a range of roles that all aim to protect organizations and their technologies from cyber attacks. Some people help prevent incidents by analyzing or improving the security of applications, networks, and devices. Others help organizations continue operating or recover when they are attacked.

According to ISC2an organization of cybersecurity professionals, found that 39% of new hires in this sector came from non-IT jobs.

“I saw an ad for [cyber-security] “The job says they need someone with data expertise,” says Dr. Powell. “I was drawn to the problem space.”

“Because I was coming from a different industry, I was seeing things in the data that I probably wouldn’t have seen if I was looking for something specific.”

Now when she hires new team members, Ms. Powell doesn’t care where people acquired their skills. “I would encourage people who don’t think they have the right skills to actually take a look. If I hadn’t seen this advert, I would never have thought that cybersecurity could be an industry I could get into.

ISC2 estimates that an additional four million cybersecurity professionals are needed worldwide.

“My view is that this is not necessarily a skills gap, because the skills are there,” says Amanda Finch, chief executive of the Chartered Institute for Information Security (CIISec). “It’s really getting people with skills to work in the Internet and then getting them to develop further.”

“I think a lot of [the shortage] “It’s because people don’t understand what the Internet entails,” she adds. “A lot of security is about people, processes and technology. When we do our survey of the skills we lack each year, technical skills come in lower than communication, analytical and problem-solving skills.

For newcomers the pay can be good.

Cybershark recruitment site surveyed Over 2,000 UK cybersecurity professionals talk about their salaries. Those with between one and three years’ experience earned between £40,500 and £58,000 in digital forensics; And between £39,500 and £55,000 in threat intelligence.

CIISec recommends that organizations trying to fill cybersecurity roles look at the transferable skills that career changers can bring.

Ms. Finch advises organizations to break jobs down into duties, so it’s easier to identify the skills associated with them. “If you’re looking to analyze records and trends, you need someone with good analytical skills,” she says. “If it’s incident management, you need someone who is able to work under pressure in a crisis and has good communication skills.”

Callum Baird acquired skills like these at Police Scotland, where he worked for almost 10 years. His roles there included policing response, violence reduction, digital forensics, and cybercrime investigation.

He is now a Digital Forensics and Incident Response (DFIR) consultant at Systal Technology Solutions. The company helps its clients investigate and recover from cyber incidents, including ransomware attacks.

“The police taught me how to quickly assess risks and prioritize based on those risks, which is a very useful skill when it comes to dealing with cyber incident response,” he says. “It’s not exactly life or death [in cyber-security]“But it represents a huge cost to businesses and a huge disruption to people.”

The communication skills he developed in police are useful in his current role, which involves supporting clients on what may be the worst day of their careers. “The importance of soft skills in cybersecurity is sometimes underestimated,” he says. “That ability to talk to the client, to calm them down, explain the process clearly and reassure them that there is someone on their side fighting in their corner.”

Byrd says he has loved learning new skills all his life, something that was vital in the police and remains valuable in the private sector. “There are so many devices, so many operating systems, so many different applications, that you won’t find anyone who knows everything in depth,” he says. “One of the key skills in cybersecurity is the ability to find a topic and dig deep into it.”

According to ISC2, 41% of companies are trying to hire non-technical cybersecurity people from other roles within the company. Rebecca Taylor is an example of someone who has made this transformation. She is the Director of Threat Intelligence Knowledge at Secureworks. The company provides threat detection and response technology and publishes threat advisories.

“My role is focused on capturing anything related to the threat, making sure it is accurate and useful, and getting it into our systems,” she says.

She joined Secureworks as a personal assistant. “It was about making tea and coffee, taking minutes, and sitting down for conversations,” she says. “I saw very quickly that this field was changing and it fit 100 percent with what I wanted, which was to continue learning.”

After working in resource coordination and change management, she became an incident command knowledge manager, where she was part of the ransomware response team. “They were trying to find someone to take notes, pick up pointers, and be there to help promote that engagement through,” she says. “I loved it.”

She works alongside people who have studied history, geography and archaeology, and says her humanitarian background helps her in her work today, processing information. “If I think about my degree in English and Creative Writing, [it was about] Reading large amounts of text and being able to pull out interesting parts. Her written studies help inform the blogs and other materials she produces to explain cybersecurity threats.

“There’s a big perception that cybersecurity is going to be a technical, coding, AI conversation, but there’s a lot more to cybersecurity than just being technical,” she says. “I wouldn’t describe myself as a technical individual. I’m just someone who has found a passion in extracting useful information.”