Why are cyber employers hiring staff from other sectors?

Not all cybersecurity professionals spent their teenage years learning how to hack, or went to university to study computing. Far from it, in fact – and today, more and more cybersecurity workers come to the industry from diverse professional backgrounds. 

When we asked Max Imbiel (CISO at Bitpanda) which key criteria he looks for when hiring new cybersecurity talent, he said:

“There are of course multiple dimensions to this task of hiring talent:

• Do I have the right inclusive wording and definitions on the application form?
• Do I need someone with experience in a certain area or can they be trained on the job?
• Do they fit our team and company culture?
• What are their ambitions? 

So for me the person behind a profile is always more important than just the skills and certifications.”

And he’s not alone in considering the real person and diverse experience behind a C.V. – not just the technical skills it lists. Increasingly, cybersecurity employers are looking outside of conventional employment routes and seeking skills from across industries. 

Pay conditions across industries are pushing more workers towards cybersecurity 

In a number of industries, progression and pay has stagnated in recent years – which is pushing skilled workers to consider alternative careers, including cybersecurity. 

From science and academia to law enforcement and creative industries, when opportunities dry up, people consider making a drastic move and retraining in a new career. 

In an interview with the BBC, astrophysicist Dr Leila Powell explained why she made the leap from scientific study to cybersecurity: 

“The pursuit of understanding the universe is really important, but I got to a point where I felt like I wanted to do something that impacted people’s daily lives more. There are various challenges in the academic career path that can dissuade people from sticking at it, including job security and pay in comparison with industry.” 

The diversity of skills and roles in cybersecurity make it suited to a broad range of talent 

Cybersecurity isn’t just about technology. It’s about people; about psychology; about systems design, forward strategy, and creative thinking. The vast array of cybersecurity challenges that exist mean that the sector needs diverse minds and a wide range of skill sets – so workers from other industries who are motivated to explore roles in cyber can often find a good fit. 

In their 2023 Cybersecurity Workforce Study, researchers from ISC2, a global non-profit cybersecurity member association, found that 39% of new employees in the sector came from a non-IT role. 

They might see an ad for a cybersecurity job on LinkedIn, for example, and decide to apply. Or they might learn about the opportunities in cyber over a period of time before deciding to actively launch their own job search in the sector.

And cross-industry experience is valuable in cybersecurity: different experiences mean that workers look for, or notice, different patterns and elements in data that might be missed if they’d only ever worked in cyber. 

Cybersecurity employers continue to seek skilled professionals from other industries 

The ISC2 report noted that staffing shortages and skills gaps are consistent challenges in cybersecurity, with 67% of all survey respondents stating that their organisation has a shortage of cybersecurity staff. Beyond that, 92% reported skills gaps in their organisation – particularly in cloud computing security, AI/ML, and Zero Trust implementation. 

The message to cross-industry professionals is this: consider cybersecurity as a sector where you could find a fulfilling, sustainable role that leverages your existing skills and enables you to grow. 

And the message to cybersecurity employers? Cast your net wider. Don’t assume that someone isn’t a good fit for your organisation because they don’t have specific technical skills, and consider expanding the reach of your recruitment drives to attract cross-industry talent. 

Join us at Black Hat MEA 2024 and discover how to improve your organisation’s cyber resilience.