Demand for cybersecurity personnel is ever increasing, and cyber teams could benefit from a broad range of skills beyond the typical technical employees, according to experts who spoke at New America’s Embracing Innovation and Diversity in Cybersecurity event on Aug. 11.
“Cyber, really, there’s a lot of technical work to be done, but there’s a lot of work on the policy, and even on the legal, side,” said Debora Plunkett, principal at Plunkett Associates and former director of Information Assurance at the National Security Agency. “Take a risk, be willing to pick somebody who doesn’t look like you. Be willing to give somebody an opportunity who has perhaps demonstrated academic accomplishment but has not had the opportunity to apply that in the workplace.”
According to Randi Kieffer, vice president of Cybersecurity Audit at Capital One and former deputy director of the National Cybersecurity Communications and Integration Center, communication is a critical and often overlooked skill for cybersecurity teams.
“The technical credentials are necessary, the policy part of it is critically important, the ability to communicate in every way imaginable–up, down, across–will separate you from those that can’t,” said Kieffer. “Without the mission, there is no cyber.”
She encouraged students in traditionally noncyber fields to consider how their skills might transfer to an IT team.
“If you’re in a field that seems unrelated, I’d challenge you to figure out where that link is and what value you can bring,” said Kieffer. “When I speak about diversity, I’m looking for skills, both technically and those soft skills that I want to balance out my team.”
“You have to challenge yourself sometimes to get out of your comfort zones to take the chance to do something different,” agreed Mihoko Matsubara, chief security officer for Japan at Palo Alto Networks.
Kieffer, who has worked on both government and industry teams, said that the Federal government offers employees the unique ability to move into positions outside their original field.
“What I appreciated about the government is a tremendous emphasis on leadership development,” said Kieffer. “The government, I think, is one unique place where you can sort of change career fields, and not have to start all the way back over. I didn’t have to take a pay cut, I didn’t have to go back to school.”
Samara Moore, director of Cyber Strategy and Engagement at Exelon and former director for Cybersecurity Critical Infrastructure on the White House National Security Staff, said that she encounters many adults midcareer who are interested in changing over to cyber.
“My advice really is to go for it, learn as you go, be a continual learner, but don’t hold yourself back from something because you don’t know,” said Moore. “There’s an existing workforce out there, and I have repeatedly run into individuals who are maybe mid[way] into their career who want to shift into cybersecurity and find it really challenging. And so I think having an open mind to not just developing the pipeline, which is very important, but also further opportunities to leverage prior experience that may not be directly in cybersecurity but really relate.”
“I’d argue that cyber is a continually new field,” said Kieffer, “and whatever skills you had 10 years ago do not apply today.”