Aaron Boyd
March 8, 2018

Becoming a successful cybersecurity executive requires more than just understanding the tech. If you want to rise through the ranks—either in government or in the private sector—it helps to have an education that goes beyond computer sciences.

“I got made fun of a lot: I actually have a degree in English,” Tyson Meadors, director of cybersecurity policy on the National Security Council, said during a keynote at the March 8 Annual Cybersecurity Summit hosted by the U.S. Cyber Challenge and the Association for Federal Information Resources Management. “Also in IT, computer science and cybersecurity—I have other degrees, too—but that English degree comes in real handy when you’re trying to explain what a memcached DDoS is to somebody who doesn’t know what ‘mem,’ ‘cached,’ ‘D,’ ‘D,’ ‘o,’ or ‘S’ means. So, ultimately that becomes a pretty important skill as you get higher up in your careers.”

In other words, it helps to be able to clearly explain how your systems were attacked when asking for money to remediate or prevent such attacks in the future.

The federal government currently has some 285,000 cybersecurity positions open, Meadors said, adding that agencies will take people with any level of computer science skills. But for those interested in climbing the ladder, it helps to be versed in more than just technology.

“Take that fifth-year double major because you have to be more than just a cybersecurity expert,” he said. “In order to be a fully professionalized person in this field, you have to bring more to the table than just the ability to code or do log analysis or do big data analysis. You have to understand that environment that you’re working in.”

Jerrod Bates, an information security instructor at Delaware Technical Community College who spoke on a panel later in the day, said the college focuses on similar skills through a “security plus” course and a capstone course.

“That was actually why I went for my bachelors in computers and received my MBA,” or master’s degree in business administration, he said. “Because we need to be able to justify why you’re asking for money—a quarter-million dollars for this device or this software, seven grand for SANS classes. You need to be able to justify that and communicate in their language so they understand what you’re asking for.”

Those who are able to clearly articulate the need will go further in their careers and, with their bosses on board, will be able to create a better cybersecurity posture for their organizations.

“I think that’s the big disconnect: communicating effectively in a way that they understand why you’re asking for it,” Bates said.