Typically when outsiders think of cybersecurity careers, they imagine hackers and technical wizards battling it out in cyberspace. It's an intimidating image, especially for those coming from non-technical backgrounds. But what if I told you that your business skills could be the key to a successful career in cybersecurity?
When I pivoted from accounting to cybersecurity Governance, Risk & Compliance (GRC), it felt like stepping into an entirely new world. But I soon realized two important things: first, that cybersecurity is fundamentally a business problem, and second, that it's a team sport that benefits from diverse skills.
The cybersecurity industry is moving away from alchemy and towards chemistry, from wizardry to accounting. This is where the business skills of GRC team members can make a big impact. Those skills are essential to helping companies reliably achieve their business objectives while managing cyber risk.
Despite this, GRC often gets overlooked. It didn't make the cut for a poster of the top 20 coolest cybersecurity jobs from “the world's largest cybersecurity research and training organization” SANS, and it doesn’t have a spot in the Cyberseek.org career pathway tool. But those are missed opportunities for SANS and Cyber Seek. Here are six reasons why GRC is underrated and a great place to consider for a career:
First, GRC is revenue-enabling. Security assurance work has it directly supporting sales reps in the field and occasionally interfacing with customers. That's where you want to be to understand customer needs, how your company can meet them, and how to make a business impact.
Second, GRC offers exposure working with top experts across all departments—the control owners. That includes Business Operations, Finance, Legal, HR, Privacy, Security Operations, Architecture, Engineering, Product Security, and more. You get to learn about diverse topics ranging from revenue accounting to software development—both very technical, very complicated, and very interesting to get a front-row seat to observe and understand.
Third, GRC gives you exposure to top management, which is a great opportunity.
Fourth, GRC immerses you in the business. When you're exposed to all the departments, you get to learn through immersion and practical application. Even if you want to specialize in something technical, it might be helpful to your career to rotate into GRC and then rotate out, because when you go into your specialty, you'll bring with you that bigger picture perspective on how your function fits into the rest of the company.
Fifth, demand continues to ramp up for customer trust and assurance due to digital transformation, the cost of cybercrime, and the proliferation of flawed and complicated technology.
Sixth (my favourite): GRC is a great way to get your foot in the door in cybersecurity.
So how can you break into cybersecurity GRC from a non-technical background? Consider these steps:
1. Adopt a continuous learning mindset. Cybersecurity evolves rapidly, so staying updated is crucial.
2. Get technical. While you don't need to become a technical expert, having a basic understanding of technical concepts will help you communicate effectively with your technical colleagues.
3. Leverage business skills. Your understanding of business operations, risk management, and how to apply decision making frameworks to business problems can help you bridge the communication gap between technical and business teams.
4. Pursue training and certifications. These can help you get past application tracking systems and demonstrate your commitment to the field.
Breaking into cybersecurity from a business background is not only possible, but valuable. So don't be intimidated by the technical wizardry. Cybersecurity needs diverse skill sets to tackle its complex challenges. Whether you're an accountant, a business analyst, or come from another "non-technical" background, your transferable skills might be exactly what a cybersecurity team needs to succeed.
—
Discover more about how to break into cybersecurity GRC at https://www.cpatocybersecurity.com/