What do you really need for a career in cybersecurity? It’s probably not what you think.
It’s no surprise to anyone reading this that cybersecurity jobs are more important now than ever. The White House made that abundantly clear on July 31 by releasing its plan to accelerate the number of people working across the information security field and giving the public the skills necessary to better defend themselves online. Additionally, many federal agencies, foundations, and tech companies have committed to spending tens of millions of dollars and launched new training programs to help close the cyber skills gap.
But one aspect that is often overlooked in the conversation about filling cybersecurity roles today and in the future — and potentially not well understood among some of the most qualified candidates — is that you don’t need to be a skilled cyber specialist, programmer, developer, hacker, technocrat, legal expert or necessarily even have a college degree to get a job in cybersecurity.
Brig. Gen. Matteo G. Martemucci, Director of Intelligence at U.S. Cyber Command, made this point during a recent talk hosted by the Leadership, Ethics, and Practice Initiative at George Washington University. Yes, technical expertise is valuable, he stressed, but it’s not a prerequisite, nor is prior government experience. Much of that experience can be gained on the job, he said. Government agencies hire and train individuals to instill technical proficiency and operational understanding. Furthermore, Brig. Gen. Martemucci said, many private-sector cyber professionals have seamlessly transitioned to the public sector.
Like other career paths, cybersecurity is full of people with diverse skill sets and backgrounds. In fact, Martemucci emphasized, “The skills needed to progress in cyber are similar to those required in any other career path.”
He highlighted the importance of communication skills and the ability to present complex material concisely. He also offered a piece of advice when writing for policymakers, or any professional for that matter: Stick to the active voice! The passive voice is highly discouraged for its indirectness and vague subject attribution.
Fluency in foreign languages is another prized asset. It is pivotal in threat intelligence, helping professionals to access a broader range of foreign websites, forums, and underground networks where threat actors communicate. Moreover, knowing languages spoken by American allies facilitates quicker information sharing and incident response.
But above all, whether within government agencies or private companies, the ability to think critically and solve problems is the cornerstone of a successful career in cybersecurity. Martemucci pointed out the challenges of working in a new and ever-evolving field without an established playbook for governments or industries to rely on. The lack of standard policy responses requires innovative approaches and questioning the status quo when optimizing security protocols and mitigating the damage of cyberattacks.
In particular, government agencies encourage former military personnel to explore cyber-related careers. The focus on detail, teamwork, discipline, and creative problem-solving taught during military training translates well to cybersecurity.
Opportunities are available for anyone who believes they can help the U.S. achieve a decisive advantage in what the Biden Administration has called America’s decisive decade. CYBERCOM and other government agencies offer full and part-time cybersecurity internships on USAJobs, the USCYBERCOM Employment Opportunities Page, the Department of Defense’s Emerging Technologies Talent Marketplace, and other online job platforms.
With roles spanning strategic planning, human resources, logistics, marketing, communications, research and more, it’s clear the government requires expertise beyond technological savviness. However, it’s worth noting that candidates without a bachelor’s degree usually have to compensate with a foundation of technical knowledge, which is attainable through certificates, boot camps, and training programs. CYBERCOM is accessible to those interested and invites questions and inquiries at cyber_recruiting@cybercom.mil.
There are also cyber-related service-learning opportunities, which continue to grow in numbers and are provided at various government, academic and private institutions. For example, USCYBERCOM launched its annual Student Volunteer Program in 2021 for full-time law students and will accept applications for the 2024 cohort from Jan. 3 to Jan. 31. Furthermore, attending cybersecurity conferences and events is an excellent way to connect with industry professionals.
In addition to opportunities, Martemucci touched on some of his department’s recent initiatives and expanded engagement with the public. Beyond CYBERCOM’s operational and advisory roles, the department takes up an equally important educational mantle through public awareness campaigns and private-sector collaboration. He also heralded the “great result” from the recently implemented Under Advisement Program, or UNAD, which features two-way unclassified information sharing on foreign threats between academia, industry, and the public sector. Little by little, initiatives like these enhance the nation’s collective preparedness, of which a large part depends on having an expansive and diverse cyber workforce.
And while cybersecurity roles in the government generally required years of professional and academic experience in the past, the DOD is actively working to lower entry barriers through assessment-based hiring. Essentially, the DOD recognizes that some of the most qualified candidates might not meet the stringent criteria typical of traditional government employment. USCYBERCOM and other agencies now place greater emphasis on well-rounded candidates with soft skills like the desire to learn, intellectual curiosity, and attention to detail.
Of course, however, the government can’t match the salaries offered by the private sector, but as the White House’s recent strategy mentions, the government is working to narrow this gap and provide good-paying jobs in cybersecurity. Furthermore, safeguarding U.S. citizens and interests is a privilege few positions can fulfill. Martemucci said it best: “While the government cannot compete with private sector salaries, the private sector cannot compete with the government in purpose.”
This article was produced in cooperation with U.S. Cyber Command.
Matthew MacKenzie is an international affairs master’s student specializing in U.S. foreign policy at George Washington University, where he is currently a member of The Elliott School’s Leadership, Ethics, and Practice Initiative.
Shreya Lad is a Young Global Professional with the Forward Defense Program at the Atlantic Council, and second-year student in the Master of Arts in International Affair at the Elliott School of International Affairs at George Washington University.
Joshua Monacelli serves as a cyberspace intelligence planner within the Department of Defense. He’s also a member on the Leadership, Ethics, and Practice Advisory Council at the Elliott School for International Affairs at George Washington University.
