10 Non-Technical Cybersecurity Roles to Consider in 2024: *Governance, Risk and Compliance *Cyber Security Project Management *Policy Writing *Cyber Law *Compliance Auditor/Analyst *Cyber Security Sales/Marketing Specialist *Security Awareness Trainer *Data Protection Officer *Third Party Risk Manager/Analyst *Customer Success Manager Which other non-technical roles have I missed?
Can we be clear that while most are non technical as in the hands on technical… there still needs to be an appreciation and understanding of technical so as to enhance the actual effectiveness and translation. GRC - how do you assess risk with understanding the technical controls. Policy writing - how do you ensure you cover the right areas of you don’t understand technicalities Compliance Auditor - assume would be limited on what they are auditing as without a technical appreciation they will not be giving any level of assurance for technical control checks. Etc etc… I am fully onboard with the non technical folk can work in cyber… but we cannot be saying non-technical without a caveat that at least an understanding of tech is needed.
Interestingly enough, hardly anyone these days gives you a chance to move from one section of cyber security to another with already good experience in cyber. Forget about people entering this industry with no experience. That's why there is such a lack of mid/senior level experts. It's easier to leave the industry and get into different sections of tech rather then try to stay in it and get the opportunity to find out what part of cyber security suits you the the best.
Governance Risk and Compliance isn’t a role. Thats the broad term for most of the roles we know today. As for the others, you still need a technical understanding to deliver on these. Knowing the law for example is one thing, but if you don’t understand how the technical elements are applied, you’re on a hiding to nowhere.
…that require 10+ years experience with the technical to perform the non-technical.
There are some, though our field is not really accommodating for people without a technology background. We need to create an environment where they will be able to survive and make an impact
SOC analyst as well, Dear Simon Cox could you elaborate more and compare career in perspective of salary, future, growth between non-technical and Technical in cybersecurity .
Great list! Comprehensive and informative. Simon Cox
Information Security Leader | CISSP, CCSP, MBA
7moI agree with the comments regarding the need for some level of technical understanding in some non-technical roles. That said, I have worked with many excellent individuals across both cyber and IT who are as good, if not better, than their more technical colleagues in the same role. The point my post was looking to demonstrate was that there are many interesting and exciting roles in our field for which you do not have to have come from a technology background, as is often assumed.