Unlocking Opportunities: The Growing Demand for Non-Technical Cybersecurity Professionals

You think you know what a cybersecurity expert looks like. Hollywood and popular culture have painted a picture of a hoodie-wearing hacker (unauthorized party), or a tech-savvy savant. However, that stereotype fails to recognize the vast diversity of roles within the cybersecurity career landscape. Cybersecurity isn’t a single division at a company or a technical role. Cybersecurity roles exist across departments and are in high demand, and nontechnical cybersecurity jobs are more prevalent than you might think.

What you need to know

• The U.S. Bureau of Labor Statistics expects ‌demand for cybersecurity professionals to increase by 35% by 2031. 
• Cybersecurity has never been more relevant due to the onset of artificial intelligence (AI), the geopolitical landscape, and the ongoing digital innovation and transformations in our personal and professional lives.
• Cybersecurity needs have permeated all roles in business, alongside the technology it seeks to secure. The rise of AI has only made the need for cybersecurity more pressing. 
• Job prospects strong and it’s also a lucrative career, with an average salary of $106,810 per year. 
• The cybersecurity workforce gap has grown. There are roughly 4 million cybersecurity professionals needed globally, according to a 2023 ISC2 Cybersecurity Workforce Study. Meanwhile, the threat landscape is the most challenging it’s been in the past 5 years (according to those surveyed).

What you can do now

• Explore your options for cybersecurity roles now and see what makes sense for your career. 
• Ask: Do I have the transferable skills to transition into a nontechnical cybersecurity job? 
• Learn how to start skilling up by completing A Career in Cybersecurity.

Understand the role of cybersecurity professionals

Cybersecurity is a significant issue of our time, especially with the onset of AI and the proliferation of smart technologies. Learn more about the relationship between cybersecurity and AI to understand its many implications in our lives. The primary goal of cybersecurity is to manage risk to an organization by protecting networks, systems, and data from security threats and vulnerabilities, as well as to identify, analyze, and respond to security breaches that could compromise an organization’s mission and goals. The ways to protect can vary from using technical tools and learning secure development practices to creating guidelines for employees on ways to use social media. Cybersecurity professionals can work across industries, including retail, healthcare, government, finance, automotive, and more.

These professionals work to safeguard individuals, organizations, and vital aspects of society like government and utilities by effectively managing risk. Cybersecurity is a field that balances two distinct but equally critical components: technical and nontechnical roles. Technical roles are more well-known for fighting cyber threats, identifying vulnerabilities, implementing security measures, and continuously monitoring and updating defenses. However, nontechnical roles, which focus more on risk management, cybersecurity awareness, security auditing, strategic planning, and policy development play a very important part in the cybersecurity field.

Examples of technical cybersecurity jobs

To understand the nontechnical roles, it’s helpful to understand what we mean when we talk about technical cybersecurity jobs. These refer to jobs that require hands-on skills directly related to hardware and software. These roles require proficiency in mathematical computations, coding, programming, understanding networking protocols, cloud computing, operating systems, and cybersecurity tools (for example, intrusion detection and prevention systems, security information and event management systems).

Examples of nontechnical cybersecurity jobs

Nontechnical members of cybersecurity teams work on business-related initiatives like company policies, incident response procedures, and security training for employees. These are the skill sets required and used by cybersecurity leadership (for example, chief information officer, chief information security officer, cyber program managers, chief security architects, chief privacy officer). Nontechnical roles might also reside in human resources, legal and regulatory affairs, and finance, contributing to strategy, policy, and organizational risk management.

Nontechnical skills don’t directly involve handling or manipulating hardware and software, but they’re essential to managing a business’s cybersecurity posture. In fact, in many cases, technical skills are used to implement the plans those in nontechnical roles have established first. These skills are equally important, but any technical implementation would be chaotic and largely ineffective without the rules, policies, and protocols laid out by those in nontechnical roles. Similarly, the decisions and written policies that cyber leadership establishes would be ineffective without the technical skills to implement them. 

Security culture and the human element of risk

One of the most significant risks to information security is often considered to be human beings. Some put the percentage of human error, simply an unintended action or decision, at 95% of cybersecurity incidents. This is why making sure your fellow employees are aware of risk and best practices is so important. But in reality, it’s not really employees that are to blame. 

A company’s security culture, awareness and training, and operations can often heavily influence the cyber hygiene of their employees. From rolling out password managers, to automated software patching, to targeted training and engagement efforts, there’s a lot a company can do to mitigate employee risk. One of our most popular badges is Security Awareness and Training, which goes into more detail about how to do this. Teaching your colleagues to avoid critical errors is an important and valued responsibility for nontechnical cybersecurity jobs. This work calls for business skills like communication, problem-solving, and organization. The good news is that these are all skills you have likely picked up in your work and life experience before you ever even considered a career in cybersecurity. 

The business skills you need for your cybersecurity career

To work more effectively in tech, soft skills are often touted to be just as desirable as tech skills. Cybersecurity is no different. Certain business skills are essential to helping your organization maintain a strong cybersecurity program. 

Attention to detail

Conducting thorough incident response, developing policies and ensuring compliance, performing accurate vulnerability assessments, monitoring networks effectively, detecting phishing attempts, maintaining meticulous documentation, analyzing trends, and reporting. The list goes on of all the tasks that require a careful eye and detailed execution. Small oversights in these processes can have significant implications.

Collaboration

Maintaining security is a collective effort. You need to be able to work with team members and collaborate effectively to problem-solve and find solutions to various challenges. Due to the complex and interconnected nature of cybersecurity challenges, you need to know how to collaborate with multiple teams and functions within an organization (and sometimes this might involve third parties and vendor management). You also need to be able to share best practices across teams, coordinate effective crisis management plans, and use relationship building for industry collaboration with fellow cybersecurity professionals. Sharing industry best practices and knowledge is a great way to stay up to date and relevant on the latest threats and defense methods. 

Communication

To influence and gain buy-in for decisions and execution strategies, you need effective stakeholder engagement, clear and engaging documentation, comprehensive training, and internal messaging that tells a compelling story. Explaining complex security concepts to nonexperts is a common requirement of security professionals. It requires clear, effective communication, both oral and written, at the executive level and across the organizational chart.

Critical thinking and problem-solving

This skill is at the heart of cybersecurity, with professionals regularly identifying vulnerabilities, investigating breaches, and devising fixes. You need to know how to assess risks, methodically analyze intelligence, and adapt to ever-evolving cybersecurity threats.

Empathy and emotional intelligence

Understanding the perspectives and concerns of users and adversaries is crucial. It guides the design of ‌security measures and enables effective threat assessment. Empathy and emotional intelligence allow you to transform the way you communicate, apply a user-centric approach, control your reactions during a crisis, and even make more ethical decisions.

Knowledge of AI

We can’t ignore the onset of AI and its impact on the cybersecurity world. It’s important to stay current with AI trends and understand how AI might mitigate risk but at the same time, expand the threat landscape. This includes knowledge of the regulatory and ethical aspects of AI and how AI impacts policies, business strategy, data governance, and privacy.

Leadership

Many roles involve leading teams, accountability, delegation, making critical decisions, and taking responsibility for projects and outcomes. The roles also include driving change, developing new strategies, and fostering a security culture. A security culture encourages creative problem-solving to tackle complex cybersecurity challenges.

Project management

You need to have a handle on effective technical project planning and organization, resource management, and decision-making and prioritization methods. Project management principles are important for various roles across the cybersecurity career spectrum from technical to nontechnical. It’s common for teams to take on several projects at a time. When various contributors are kept aligned on tasks and deadlines, it helps teams accomplish their goals.

Explore nontechnical cybersecurity jobs and the more high tech kind

• Security awareness specialist: Develop learning and awareness programs to create a culture of cybersecurity within an organization.
• Technical project manager: Develop and manage IT project plans, including tasks, milestones, status, and allocation of resources.
• Threat intelligence analyst: Identify threats through intelligence analysis and support incident response and forensics efforts.
• Cybersecurity risk manager: Protect digital business assets by managing risks, including identifying, assessing, and mitigating the risks to systems and networks.
• Cybersecurity compliance analyst: Protect businesses and consumers from breaches by helping them comply with security laws, regulations, standards, and policies.
• Cybersecurity leader: Manage teams and oversee business and technology activities in security-related matters.

Salesforce has partnered with the World Economic Forum, Fortinet, and the Global Cyber Alliance to create resources to support the next generation of cybersecurity professionals. And we’re hoping you’re one of them. The Cybersecurity Career Path is a partnership between these powerhouse organizations, who are all dedicated to tackling the skills gap in cybersecurity and creating career opportunities.

Get started on the path to a successful cybersecurity career

I’m a good example of someone who didn’t have cybersecurity experience coming into the field. But, my business skills include communication, relationship-building, project management, detail-orientation, and training. These skills made me a great fit for the security awareness and training role I applied for. As for the cybersecurity-related aspects, I learned those on the job. The rest, as they say, is history! 

If you’re looking for a fulfilling, challenging, dynamic, and lucrative career where you’re learning all the time and using a diverse set of skills, look no further than cybersecurity. Here are some recommended steps on how to get started on your path to a nontechnical cybersecurity job.

Get your foundation: Learn about cybersecurity concepts and best practices. Use resources like Trailhead, the World Economic Forum, Fortinet, and the Global Cyber Alliance.

Develop your practical skills: Gain hands-on experience through internships, projects, or a bug bounty program.

Network: If you don’t know anyone in the cybersecurity field, don’t worry. Salesforce’s Trailblazer Community has an entire group of people called Cybersecurity Trailblazers who can help along the way.