Look at the National Cybersecurity Workforce Framework, and the vast majority - but not all - of the IT security jobs listed require technology expertise. Still, organizations seeking to build a top-flight IT security team also need to include individuals with know-how in a wide range of non-technology disciplines, cybersecurity leaders stress.
"Ultimately, to get at real solutions, I think it's going to be a combination of many disciplines, including technology, policy and law," says Col. Gregory Conti, director of the Army Cyber Institute, a cybersecurity think tank at West Point.
The role of non-technology skills in the cybersecurity field received unexpected attention last summer when White House Cybersecurity Coordinator Michael Daniel, in an interview with Information Security Media Group, said he saw his lack of IT background as a plus while serving as a special assistant to the president.
"You don't have to be a coder to do well in this position," Daniel said. "In fact, I think being too down in the weeds at the technical level can actually be a little bit of a distraction."
The interview went viral; some highly regarded cybersecurity technologists questioned his qualifications while others defended him. Daniel was speaking about his job, but he made a legitimate point about the need for organizations - in and out of government - to create cybersecurity teams that include non-technologists.
"In a very fundamental level, cybersecurity isn't just about technology, it's also about the economics of cybersecurity, why companies choose to invest the way they invest," Daniel said. "It's about the psychology of cybersecurity, the fact that ... expediency trumps security every time, meaning that people will prioritize convenience over being secure many times. So, you need to have an understanding of those kinds of factors."
Besides Daniel and Condi, in this podcast, you'll also hear from:
- Robin "Montana" Williams, chief of the National Cybersecurity Education and Awareness Branch at the Department of Homeland Security, who says: "To understand the adversary, you have to do more than understand the code, the tool. You need to understand why they're doing it. The team has to look at it from a multidisciplinary area."
- Garet Moravec, former cybersecurity director for the F-35 fighter jet program at Lockheed Martin, who explains how 22 psychology professors from the University of Maryland helped the defense contractor understand the thinking of hackers to build a better cyber-defense.