Day 3: From QA to Cyber – My Transferable Skills

Just recapping Days 1 and 2: In Day 1, I introduced the cybersecurity colour wheel, focusing on the White Team (Bakers) at its centre. Bakers provide the essential structure for cybersecurity by developing policies, managing risks, and fostering collaboration across Red, Blue, Yellow, and Purple Teams. In Day 2, I looked into the critical role of security policies, showing how they act as the foundation of cybersecurity. Drawing from my QA experience, I demonstrated how clear, actionable policies align with frameworks like the Essential Eight to protect systems and ensure resilience.

Shifting from a career in quality assurance (QA) to cybersecurity might not seem like an obvious leap at first glance. However, by attending workshops via the Cyber Uplift Step Program organised by the Australian Cyber Collaboration Centre I learned more about the world of cyber risk and governance. Many of the skills I have acquired during my QA career—like process improvement, risk management, and attention to detail—are directly applicable to the cybersecurity landscape. In fact, these skills have given me a unique perspective and a strong foundation to thrive in this dynamic and challenging field.

How QA and Cybersecurity Are Alike

At their core, both QA and cybersecurity share a common goal: identifying and mitigating risks to ensure systems and processes function reliably and securely.

In QA, I focused on:

Ensuring that products and systems meet international standards (e.g., the OECD Principles for Good Laboratory Practices (GLP) and Compliance Monitoring and ISO 9001:2015 (Quality Management Systems).
Identifying weaknesses or inconsistencies in production workflows.
Collaborating with teams to design solutions that improved quality and reduced vulnerabilities.

In cybersecurity, these same principles apply:

Instead of product defects, the focus shifts to identifying vulnerabilities in IT systems and networks.
Instead of ensuring compliance with quality standards, cybersecurity ensures adherence to security frameworks like ISO/IEC 27001:2022 (Information security, cybersecurity and privacy protection — Information security management systems — Requirements), the NIST Cybersecurity Framework ISO 27001 and Essential Eight.

The transition from QA to cybersecurity isn’t about learning a completely new skillset—it’s about applying familiar skills in a new way.

Key Transferable Skills from QA to Cybersecurity

1. Process Improvement

QA is all about refining processes to reduce errors, increase efficiency, and ensure consistent outcomes. This skill directly translates to building and improving cybersecurity frameworks.

In QA and in the laboratory testing of samples from clinical trials, I improved the monitoring and documenting of sample handling to minimise errors, ensuring compliance with GLP standards for accuracy, repeatability and compliance.
In Cybersecurity, I can work with a subject matter expert to design a process to ensure that all software updates are tested and deployed promptly, reducing the risk of exploitation.

2. Risk Management

Managing risks is a cornerstone of QA, and it’s even more critical in cybersecurity, where the stakes include data breaches, financial losses, and reputational damage.

In QA: I have evaluated risks to product quality and have created risk mitigation plans to address potential defects in production, such as supply chain vulnerabilities or manufacturing errors.
In Cybersecurity: I can assess risks to digital systems, such as unpatched software, insider threats, or phishing attacks which can help organisations implement controls like multi-factor authentication (MFA) and network segmentation to minimise risk exposure.

3. Attention to Detail

QA demands meticulous attention to detail—missing even a small defect can have major consequences. This skill is equally crucial in cybersecurity, where minor oversights can lead to vulnerabilities.

In QA: I have conducted thorough audits, identifying inconsistencies in documentation or processes. I am able identify a subtle errors in a testing procedure that could compromise product quality.
In Cybersecurity: I would be able to analyse logs, review configurations, and audit systems to detect weaknesses before attackers can exploit them.

The Transition: Why Cybersecurity?

The decision to transition into cybersecurity wasn’t just about finding a new challenge—it was about recognising how my background in QA could fill a critical need in the field. Cybersecurity isn’t just about technical skills; it’s about having a structured, process-driven approach to solving problems and managing risks.

Here’s what drew me to cybersecurity:

Rising Demand: With cyberattacks increasing, organisations need professionals who can think critically, identify risks, and develop resilient systems.
Human-Centric Approach: Much like QA, cybersecurity relies on collaboration and communication to build effective solutions.
Continuous Improvement: Both fields require adaptability and a commitment to staying ahead of emerging threats or challenges.

Examples of the Use of My QA Skills in Cybersecurity

Policy Development:
- In QA, I have written many, many procedures that ensure compliance with various ISO standards.
- In cybersecurity, I am able to develop policies like an incident response plan or an operating system hardening plan applicable to an organisation based on the ACSC’s Emergency Response Guide and ACSC’s Guidelines for System Hardening respectively to strengthen security.
Auditing and Assessment:
- In QA, I conducted audits to verify that processes met regulatory and compliance requirements.
- In cybersecurity, I would be able to perform security assessments to identify gaps in defences and recommend improvements.
Collaboration with Teams:
- In QA, I worked with all types of stakeholders from senior management, line managers, engineers to laboratory and animal house technicians to refine processes.
- In cybersecurity, I would be able to collaborate with IT teams, executives, and end-users to build a culture of security awareness.

Why My QA Background is an Asset

Through my experience in QA, I have a big-picture mindset—the ability to see how systems interact, identify risks, and design solutions that enhance overall performance. This is critical in cybersecurity, where the challenges are complex and constantly evolving.

My QA experience and being a scientist (from my industrial chemistry background) also gives me an edge when it comes to bridging the gap between technical teams and business leaders. I’m comfortable translating technical concepts into actionable plans, ensuring that security measures align with organisational goals.

Linking to Tomorrow: Building a Cybersecurity Strategy

This focus on transferable skills ties directly to tomorrow’s topic: how to build a cybersecurity strategy. Policies and risk assessments are only part of the equation; the real challenge lies in creating a cohesive plan that connects people, processes, and technology.

Much like QA frameworks rely on continuous improvement, cybersecurity strategies must evolve to address new threats and opportunities. In Day 4, I’ll share how my QA mindset shapes the way I approach strategic planning in cybersecurity.

Takeaway

The transition from QA to cybersecurity isn’t as big a leap as it seems. Both fields are rooted in process improvement, risk management, and attention to detail. By applying these skills in the context of cybersecurity, I’m able to bring a unique perspective to building resilient, secure systems.

In Day 4, I will explore how to build a cybersecurity strategy that aligns governance, risk management, and operational goals.