Two diplomats review a set of documents.
Article

Diplomacy Careers in Cybersecurity That Don’t Require a Technical Background


International Relations

Technology doesn’t recognize international borders nor do cyber threats to governments. Nations must work together to prevent and respond to cybercrimes. To achieve international cooperation to combat cybercrimes requires diplomats who are trained and experienced in developing international relations to mutually address cybersecurity challenges.

The consequences of a cyber attack on a country’s infrastructure or political system are increasingly dire. The Center for Strategic and International Studies lists dozens of cyber attacks targeting government computer and telecommunications networks in 2019. As international cyber threats grow in number and severity, a greater need exists for diplomacy and international relations skills in cybersecurity careers.

Public service professionals considering a career in cybersecurity will find many roles don’t require an extensive technology background. The American Foreign Service Association (AFSA) notes that international efforts to catch cyber criminals cut across security, economic, and human rights issues. As an example of the role of diplomats in the battle against cyber threats, the AFSA cites work executed by the U.S. Department of State’s Office of the Coordinator for Cyber Issues to oversee the efforts of officials in more than 20 countries in response to a persistent botnet attack on U.S. financial systems sponsored by Iran. An important element in this task was the ability to improve cooperation and sell the benefits of coordinated responses to partner countries.

When pursuing careers in cybersecurity, professionals in the public sector must understand the unique responsibilities of specific diplomatic roles in the fight against cyber criminals. This guide describes several job categories that require the application of international relations skills to prevent cyber attacks.

Skills and Knowledge Needed for Cybersecurity Jobs

Many types of cybersecurity jobs share requirements for critical and analytical thinking. Cybersecurity positions require individuals to identify and explain security threats, both orally and written.

Qualified cybersecurity candidates are in short supply, making it difficult for both public and private organizations that it to fill open cybersecurity positions. The third annual study of global cybersecurity professionals conducted by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) in late 2018 reported that 74% of organizations were affected by the shortage of skilled cybersecurity professionals. At the same time, cybersecurity professionals are playing a bigger role in protecting their organizations’ private data at 84% of surveyed organizations.

The National Initiative for Cybersecurity Careers and Studies reports that demand for cybersecurity professionals is increasing at a rate 12 times faster than the overall U.S. employment growth. CyberSeek estimates that the total number of unfilled cybersecurity job openings in the U.S. was about 500,000 as of November 2019.  A report issued by Cybersecurity Ventures in 2018 forecasts the total number of cybersecurity jobs in 2021 at 3.5 million.

Security vendor Cipher identifies both the technical and soft skills required for a career in cybersecurity. The technical skills encompass fields such as security information and event management (SIEM), security audits and compliance requirements, firewalls for intrusion detection and prevention, digital forensics, identity and access management, and mobile device management. However, success in a cybersecurity career also depends on the following soft skills:

  • Demonstrated leadership through credibility, responsiveness, and ethics.
  • Life-long studying and learning about new security challenges and techniques.
  • Persistence in combating cybersecurity threats by continually adapting and implementing new, improved approaches as they develop.
  • Collaboration among cybersecurity professionals to ensure shared responsibility and encourage cooperation throughout the organization.
  • Analytically and “hypercritically” thinking to get ahead of cyber criminals by anticipating their targets and methods before they can act.
  • Project management leadership in the execution of a “defense in depth” strategy to combat cyber threats on an ongoing basis rather than responding to each threat individually.

Among the certifications held by cybersecurity professionals:

  • Global Information Assurance Certification (GIAC) issues the GIAC Security Leadership Certification (GSLC)for security professionals who work in managerial and supervisory capacities. The GSLC validates that the holder of the certification understands governance and technical controls related to cybersecurity.
  • The GIAC Security Expert (GSE) certification demonstrates that the holder has mastered the skills needed by “top security consultants and individual practitioners.”
  • The CompTIA Security+ certification verifies that the recipient has a command of baseline security skills, especially the latest trends and methods in risk management and mitigation, threat management, and intrusion detection.

Professionals familiar with cybersecurity issues and possess skills in leadership, analysis, and communication may pursue diplomacy careers in cybersecurity such as diplomatic security agent, cyber policy analyst, associate security analyst, cyber lawyer, and digital forensics analyst.

Diplomatic Security Agent

The U.S. Department of State’s Diplomatic Security Service (DSS) ensures a safe environment for all State Department officials and employees. The DSS also investigates passport and visa fraud, identifies and addresses terrorist threats to U.S. personnel and facilities, and applies innovative cybersecurity and physical security techniques to safeguard its operation. Diplomatic security agents work in partnership with law enforcement and security organizations throughout the US and around the world.

Diplomatic security agents include technical experts who design and implement security countermeasures to protect diplomats and sensitive government information. They assess security precautions in overseas missions, participate in surveillance countermeasures, and manage projects and people. Agents in the Mobile Security Deployments (MSD) unit of the DSS are trained in “rapid tactical responses to emergency situations” anywhere in the world within 24 hours of the event.

The AFSA emphasizes the importance of leadership skills to succeed as a diplomatic security agent. From the beginning of training, agents are charged with large interdisciplinary teams of cyber investigators. The training includes an eleven-week Advanced Tactics and Leadership Skills program now mandatory for all agents.  It replaces two-week high-threat training courses that only agents posted to dangerous locations were required to complete in the past.

The State Department describes the duties of Diplomatic Security special agents (DSSAs) as ensuring the security of U.S. foreign service personnel, property, and sensitive information. The specialized experience required to qualify for a position as a DSSA includes administration of security programs, investigation skills, and threat assessment. The agents must be “fit for strenuous physical exertion” and prepared to work “long and unusual hours” in all types of conditions.

Starting salaries for DSSAs are $44,271 to $59,496 per year, excluding the 16.14% overseas comparability adjustment for assignments overseas and other potential adjustments.

Cyber Policy Analyst

The principal duties of cyber policy analysts are planning and implementing the entire data security infrastructure for an organization. The duties of cyber policy analysts continually expand as existing networks grow and increasingly interconnect and as new network and security technologies are released. Forbes outlines the following as key tasks:

  • Define the protection mechanisms for the infrastructure, data, and systems that comprise modern networks via appropriate security policies.
  • Create and implement policies that include measurable goals for cybersecurity controls and responses.
  • Ensure that cybersecurity policies are written clearly for consistent implementation throughout organizations and between nations.
  • Work collectively with international partners and stakeholders to ensure that a breach in one country doesn’t spread to others.
  • Fully understand the complex legal and policy challenges of securing highly integrated information systems from both technical and human resources perspectives.

In the diplomatic sector, cyber policy analysts are charged with planning, implementing, and supporting defensive cyber operations on a government-wide scale. They require a solid understanding of government cyber policy and strategy as well as the ability to collaborate with a range of stakeholders in government agencies, including program managers and executive officers, legal staff, and agency staff members.

Defense contractor CACI International explains that to qualify for a cyber policy analyst position, candidates typically have experience in one or more of the following fields: cyber policy, business, law, and international affairs. Other job requirements include experience in research and analysis contributing to the formulation of cyber policy, strategy, and doctrine; the ability to write reports and conduct briefings on cyber policy and activities; and familiarity with information mapping tools that support advanced visualization and classification of an organization’s information. Cyber policy analysts generally must possess a top-secret (TS) and sensitive compartmented information (SCI) government clearance.

The median annual salary for cybersecurity analysts was about $75,900 as of November 2019, according to PayScale.

Associate SecurityAnalyst

Associate security analysts work at the front line of the battle to secure the data and computer systems of government agencies and international organizations. Among the duties of an associate analyst are: analyzing data generated by systems and networks to identify threats and attempts to breach the systems, reporting to senior information technology (IT) managers and program leaders on the status of the organization’s cybersecurity efforts, and documenting security protections. An associate analyst also may participate in employee security training and create disaster recovery plans.

Security vendor Digital Guardian lists several of the primary duties of associate security analysts:

  • Monitor access control mechanisms.
  • Perform risk analysis and vulnerability testing.
  • Document and identify the cause of security breaches and attempted breaches.
  • Conduct internal and external audits of security systems.
  • Keep the organization’s incident response procedures up to date.
  • Ensure that third-party security tools meet the organization’s requirements.

Among the skills required to qualify for a position as an associate security analyst are penetration testing and other ethical hacking, intrusion prevention, computer forensics to mitigate and prevent data breaches and reverse engineering to understand the mechanisms used in attacks on the organization’s data and systems. Employers also want candidates possessing experience in database management or computer systems management as well as an information security credential, such as the International Information Systems Security Certification Consortium (ISC2) Certified Information Systems Security Professional (CISSP) certification.

The median annual salary for information security analysts was $98,350 in 2018, according to the U.S. Bureau of Labor Statistics (BLS).

Cyber Lawyer

Lawyers specializing in cybersecurity generally serve as litigators who represent clients in technology-related civil cases, defend or prosecute cyber criminals, and advise their corporate clients on technology-related matters. Or they’re advisers not involved in litigation but who offer counsel on technology-related matters. Cyber lawyers serve public agencies and private businesses by helping them navigate the complex, evolving field of cyber law.

In addition to understanding laws applying to cyber crime and tech-related legal issues, cyber lawyers remain current on new technology developments, including IT best practices,  the latest cyber threats, and regulations relating to data privacy and liability for data breaches. The American Bar Association suggests several ways for cyber lawyers to gain the technical skills the position requires:

  • Courses in cybersecurity and networking basics to better understand legal matters from an IT perspective.
  • Hands-on or virtual IT training in such areas as intrusion detection, access controls, compliance with data privacy regulations, and IT best practices.
  • Computer security certifications from CompTIA, GIAC, and other security accreditation bodies.

Intellectual property (IP) protections are rapidly gaining importance in the U.S. and internationally, as UpCounsel explains. The primary forms of IP protections are copyrights, patents, and trademarks. IP also involves trade secrets and disputes related to domain names, contracts, defamation, and employment law. cyber lawyers also advise on compliance with regulations that apply to data retention; determine the appropriate jurisdiction for cyber cases, and; interpret new cyber laws in the U.S. and around the world.

The median annual salary for lawyers was $120,910 in 2018, according to the BLS.

Digital Forensics Analyst

Digital forensics is the practice of recovering and analyzing data from storage devices including computers, magnetic and optical disk drives, networks, and mobile phones. The goal is assisting law enforcement in the U.S. and overseas in criminal investigations of hackers, data breaches, and other investigations that involve the use of computers.

Forbes describes the skills required to qualify for digital forensics analyst positions:

  • Analytics. Investigations require the ability to identify patterns in data and collect evidence by correlating the analyses with ongoing criminal cases. This entails observation skills used in military and intelligence cyber operations.
  • Cybersecurity. Hands-on technical skills are useful, but many roles in digital forensics emphasize knowledge of the techniques used by cyber criminals and the methods used to thwart them. Experience working as a member of a cybersecurity team helps land a position as a digital forensics analyst.
  • Lifelong learning. The never-ending struggle between cyber criminals and law enforcement requires that cybersecurity professionals stay current on the latest changes in technologies and the new threats posed to government agencies, private businesses, and citizens.

The GIAC Certified Forensics Analyst (GCFA) certification demonstrates that the holder possesses the skills required in incident investigations, including internal and external data breaches, advanced persistent threats, and techniques used by cyber criminals to hide their activities. Another certification available for digital forensics analysts is the GIAC Certified Forensics Examiner (GCFE), which emphasizes the collection and analysis of data from Windows computers for use as evidence in e-discovery and forensic reporting.

The median annual salary for forensic science technicians, including digital forensics analysts, was $58,230 in 2018, according to the BLS.

Preparing for a Diplomacy Career in Cybersecurity

Cybersecurity is more important than ever to diplomats in navigating the dynamic field of international relations. Not every diplomatic career involving cybersecurity requires a deep technological background. SANS points out that a desire to learn about technology is often more useful than an extensive background in a single aspect or area of technology. Many of the problems facing cybersecurity professionals involve solving entail human challenges rather than technical ones. Opportunities are available for professionals with the leadership, critical and analytical thinking, and collaboration skills necessary to coordinate cybersecurity teams and communicate complex technical information clearly to all stakeholders.

Programs such as Norwich University’s online Master of Arts in International Relations prepare students for diplomacy careers in cybersecurity. The program offers concentrations in International Security, National Security, International Development, Cyber Diplomacy, and Regions of the World.

Keeping the lines of communication open between nations becomes more critical as rapid technological changes and cyber criminal activity pose a greater impact on international relations. The range of careers in cybersecurity for professionals without an extensive technical background expands with the proliferation of international computer crimes and cyber attacks. As digital technologies permeate the infrastructures of cultures and communities around the world, professionals adept at cybersecurity are mandatory to ensure that our digital lives remain peaceful and secure.

Recommended Readings

Government Careers: The Role of an International Research Specialist in Establishing International Policy
How Does a Background in National Security Help You Gain a Government Position?
Comparing Education Paths: International Studies vs. International Relations