Non technical career (and person!) to cyber security?

[careerthink]

I potentially have the opportunity to do a degree in cyber security through work. I work in a related compliance/risk field, although do nothing technical, I rely on the techy people to translate for me!

I would not describe myself as a "technical" person, humanities was always my preference and I have a degree and postgrad in humanities based subjects. I was fine at maths and science in school (I got As and Bs at GCSE including an A* in ICT) but struggled with biology at A level so dropped it and only touched humanities since, declaring myself as not capable of STEM (probably a bit unfair but after doing well at GCSE, A Levels knocked my confidence)

Is this crazy? Whilst I am competent at using IT, I've never really understood how computers/networks work, am I capable of learning and understanding the backend like that?! Anyone else done it?

If it's focused on cyber security, I think it would be fine (said as someone non-techy who has to do some stuff with cyber crime/cyber security). While there is some tech stuff you can learn, a lot of cyber security is also about things like governance, security controls, policies etc.

@mynameiscalypso thank you yes I've been looking at the syllabus and it seems to cover governance and risk etc which is my area already that's fine, but I think there are practical elements too so potentially more than theoretical (though I need to read it more carefully I've only skimmed). It doesn't have any pre-requisites other than basic UCAS point and GCSEs though.

How is it taught and supported? Is it a conversion degree or undergraduate?

I think it's more about the teaching and support than you (and I'd say the same about the struggles that originally knocked your confidence).

There is so much more to cyber sec than actually doing the geek bit...lots on the Comms side in terms of getting boards (and academia, health trusts, SMEs and other institutions) to take it seriously and without assuming you are a woman there is also a great push for more female representation to help outreach into schools etc. I say go for it!

@swanling it's an apprenticeship degree, so it's done via a uni distance learning but you have a uni tutor and a work sponsor too I believe (which is why I'm not certain if I can do it as I work tangentially in cyber sec rather than directly so need to speak to my boss)

@friskybivalves thank you, yes absolutely, this is why I want to get to grips with the tech side as I feel I know the other bits really well but it would help so much to understand the nuts and bolts. And I fancy a challenge tbh.

I'm senior management in Information Security, Governance, Risk and Compliance. Responsible for the Information Security Management System for a global organisation with over 200 offices...yadda yadda.... and I have no IT background or qualifications.

Look at the ISO27001/27002 standard and NIST, they give you the framework of what you need to ensure is in place for a comprehensive InfoSec management system.

The techy people do the actual controls, they make sure that for example data is encrypted, you make sure there is a Policy that defines what Encryption standards should be used, when it should be implemented, how often the policy should be reviewed, how it should be communicated, how risks should be identified, scored and treated, who is responsible for delivering the solution and documenting the procedures.
You will ensure there is a governance structure in place that reports risks, corrective actions and continuous improvement up the chain, that there are objectives in place that can be measured and tracked, that there is planned audit activity to ensure the policies are being followed and identify the corrective actions.

It is useful to have a high level understanding of the various controls, but you don't and will never need to understand the granular detail.

@FatAgainItsLettuceTime infosec is where I am coming from, I have CISMP and have led info sec teams but it has always been quite separate directorate to cyber security in the organisations I have been in, the cyber sec directors where I am always seem to have technology experienced leads and are placed within DDaT.