Why cybersecurity needs women from non-tech careers – SecurityBrief Australia

A few years ago, I found myself in a building lobby, doing what security professionals do more often than people realize: watching.
I needed access to a network closet as part of an ethical hacking exercise. The parking lot was nearly empty, but one detail stood out: a Ford SUV. Inside, I noticed the front desk attendant had car keys on her purse. I casually mentioned that someone had left a Ford outside that was being towed. She swore and rushed out. The path I needed opened up.
That moment wasn't about demonstrating the clever use of a specific software. It was about observation and understanding people. And, it reflects a larger truth about cybersecurity: some of the most valuable skills in this field are not technical.
When entering the workforce, I didn't start in cybersecurity or even information technology. My background was in linguistics, with a focus on Chinese studies and translation. I decided to pivot into a career in threat investigation and cyber intelligence. That path still raises eyebrows today. And still, coming from a nontraditional background with transferrable skills allowed me to excel in ways others couldn't. Cut through biases. Get to the source. FInd the truth. Deliver a message. It's a familiar "attack chain" in linguistics, intelligence, and cyber defense. 
The cybersecurity talent gap is a topic that is constantly brought up in the industry. What's discussed less often is a perspective gap when managers at technology firms have a narrow definition of "qualified". Qualified, for a technical manager can be written to mean having a specific master's degree and years of experience in system administration or network security. It's the typical, predictable technical ladder. But, this narrow definition excludes skillsets that are essential in spaces that intersect with cybersecurity and modern threat research.
My current work often involves tracking cyber adversaries, including nation-state threats and ransomware groups tied to China and Russia and communicating shifts in the tactics they're using to disrupt information systems and steal critical data. These operations tend to have objectives that serve geopolitical interests and are not as random or chaotic as they appear. 
Understanding adversaries requires technical expertise, but also the ability to interpret behavior through another lens. I've continued to use the same skills that I demonstrated in my linguistics career to translate Chinese business models and insights to American speakers to establish profiles of cyber adversaries, conduct security research, and anticipate threat behavior. The analyst that has  strong pattern-recognition skills, the ability to isolate a target, describe the underpinnings of their movements, and determine their intent is the analyst who informs sound decisions and provides the input to limit undesirable outcomes. How do you hope to understand an adversary without knowledge of their region, language, history, or economy? Deconstruct a ransom note? Engage with an insider? Technical artifacts rarely tell the full story.
Women's participation in cybersecurity matters. Many women are already positioned in analytical functions, using aptitudes that trained cyber technicians and architects don't have. Fields like philosophy, psychology, communications, international relations and more remain timely and relevant, giving professionals from these areas a unique way of adapting, analyzing, and disseminating information. These subjects are not "soft", unscientific skills. They're tactical competencies that drive analysis decisions in council meetings, computer labs, and war rooms.
The cybersecurity employment narrative is evolving. More women are on cybersecurity panels and leading workshops now compared to a decade ago. It;s also worth noting that more career changers are represented in software engineering, security research, intelligence analysis, and computer forensics specialties. Still, there's a lack of representation in leadership roles. 
The barriers that can block progressions to senior-level  and leadership roles in cybersecurity are structural, often stemming from covert biases. Biases in screening and promotion processes can result in an individual experiencing a repeated pattern of underemployment in spite of their observable and documented success in the workplace and active qualifications. Bias can also show up as inequitable pay that does not align with market data on salaries and job functions.
That's why self-advocacy is critical. Professionals can be underestimated at any stage in their career and can't always control that. They can control how they respond. Focus on the work being produced. Build credibility with the people who matter. Advocate confidently and develop an exit strategy. Execute that strategy when issues like inequitable compensation or shrinking advancement opportunities are voiced and dismissed.
For women considering a cybersecurity career now, my advice is this: own your transferable skills. If your background is not traditionally technical, that does not disqualify you. Define what you bring to the table. Add the technical angle that connects it and carve your path forward.
Stay competitive and relevant. I do this by seizing opportunities to upskill and share my expertise. Track paradigm shifts in the cybersecurity industry. Do the research and be intentional about the training you attend, the people you meet, and the events you speak at. Build relationships. I built them across multiple areas and invested in myself, journeying beyond my locality. It's not about getting a job, but gaining insight, sharing perspective and experiences.
For organizations wanting to support more inclusive growth in cybersecurity, the solution is not complicated. Build the environment and people will show up. Invest in technical training, yes, but also in communication and leadership development. If an individual  lacks the knowhow, language  or confidence to advocate for themselves, offer guidance. 
Cybersecurity is not only a technical discipline. It's a human one. As threats become more complex, the cybersecurity field needs more than a technologist who can configure security products or write a program from scratch. Professionals outside of STEM have a range of transferrable skills to transform the ways organizations approach cybersecurity analysis and research. The future of cybersecurity belongs to those who can combine expertise from both technology-centered and human-centered disciplines.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.