How are galaxies formed? What happens when they collide? These are questions that Dr. Leila Powell grappled with in her previous life as an astrophysicist.

But in 2015, she put these galaxy-sized problems aside and turned to cybersecurity.

"The pursuit of understanding the universe is really important, but I felt like I wanted to do something that had more of an impact on people's daily lives," she said.

Like many job seekers, Ms. Powell was seeking better pay and conditions.

"There are various challenges in the academic career path that may prevent people from persisting, including job security and pay compared to industry," she said.

Dr. Powell is the principal security data scientist at Panaseer, a company that helps organizations understand possible gaps in network security controls.

She is one of many people bringing other career skills to the cybersecurity field.

Cybersecurity encompasses a range of roles designed to protect organizations and their technology from cyberattacks. Some help prevent incidents by analyzing or improving the security of applications, networks and devices. Others help organizations continue operations or recover in the event of an attack.

According to ISC2is an organization of cybersecurity professionals, and 39% of new hires in the industry come from non-IT positions.

“I saw an ad for a (cybersecurity) job and it said they needed someone with data expertise,” Dr. Powell said. “Problem spaces attracted me.”

“Because I come from a different industry, I see things in the data that I might not see when I’m looking for something specific.”

When Ms. Powell now hires new team members, she doesn't mind where people get their skills. "I would encourage anyone who thinks they don't have the right skills to actually take a look. If I hadn't seen that ad, I never would have thought cyber security could be an industry I could get into."

ISC2 estimates that an additional 4 million cybersecurity professionals are needed worldwide.

“I don’t think it’s necessarily a skills gap because the skills are there,” said Amanda Finch, chief executive of the Chartered Institute of Information Security (CIISec). "It's really about getting people with networking skills into networking and then letting them develop further."

“I think a lot of it (the shortage) is because people don’t understand what networking involves,” she added. "A lot of security is about people, process and technology. When we surveyed each year what skills we were lacking, we found that technical skills were lower than communication, analysis and problem-solving skills."

For newcomers, the salary package may be good.

Cybershark Recruitment Survey Salaries for over 2,000 UK cyber security professionals. Those with one to three years' experience can earn between £40,500 and £58,000 in digital forensics; threat intelligence fees range from £39,500 to £55,000.

CIISec advises organizations trying to fill cybersecurity roles to focus on the transferable skills that career changers can bring to the table.

Ms. Finch recommends that organizations break down jobs into responsibilities, which makes it easier to identify relevant skills. "If you're analyzing logs and trends, you need someone with good analytical skills," she said. "If it's incident management, you want someone who can handle the stress of a crisis and have good communication skills."

Calum Baird gained these skills working for Police Scotland for almost 10 years. His responsibilities there included response policing, violence reduction, digital forensics and cybercrime investigations.

Currently, he is a Digital Forensics and Incident Response (DFIR) consultant at Systal Technology Solutions. The company helps clients investigate and recover from cyber incidents, including ransomware attacks.

“Police taught me how to quickly assess and prioritize risks based on them, which is a very useful skill when dealing with cyber incident response,” he said. "It's not exactly a life-or-death matter[in terms of cybersecurity]but it's a huge cost to businesses and a significant disruption to people."

The communication skills he developed in the police serve him well in his current role, which includes supporting clients on the worst day of their careers. “Soft skills in cybersecurity are sometimes undervalued,” he said. “Being able to talk to the client, put them at ease, clearly explain the process, and reassure them that someone is on their side and fighting for them.”

Baird said he has had a lifelong love of learning new skills, which are vital to police and valuable in the private sector. "There are so many devices, operating systems, applications, and you can't find anyone who knows everything in depth," he said. “One of the key skills in cybersecurity is the ability to find a topic and dig deeper.”

According to ISC2, 41% of companies are trying to recruit non-technical people from other positions within the company into the cybersecurity field. Rebecca Taylor is an example of someone who made this transition. She is the Threat Intelligence Knowledge Manager at Secureworks. The company provides threat detection and response technology and issues recommendations about threats.

"My job is to capture any information related to the threat, make sure it's accurate and useful, and get it into our systems," she said.

She joined Secureworks as a personal assistant. “It’s just making tea and coffee, taking a few minutes, sitting down and talking,” she said. “I quickly discovered that this was an area that was changing and aligned 100 percent with what I wanted, which was to keep learning.”

After working in resource coordination and change management, she became an incident command knowledge manager and a member of the ransomware response team. "They're trying to find someone who can take notes, capture metrics, and be there to help foster that engagement," she said. "I love it."

She works with people studying history, geography and archaeology, and says her own humanities background helps her work today, processing information. “If I reflect on my English and Creative Writing degree, (it was) reading a lot of text and being able to extract the interesting bits.” Her writing studies contribute to the blogs and other materials she produces to explain cybersecurity threats.

"There's a common perception that cyber security will be all technical chat, coding and artificial intelligence," she said, "but there's much more to cyber than technology. I wouldn't describe myself as a techie. I'm just a person who's passionate about distilling useful information ”