As a former police officer turned cybersecurity consultant, I’ve seen how investigative instincts from law enforcement can be just as vital in the digital world, writes Calum Baird, Digital Forensics Incident Response Consultant at the security firm Systal.
And with a recent wave of cyber attacks hitting UK retailers – including M&S, the Co-op, Harrods, and most recently Pandora – it’s clear that organisations need more than just technical defences. They need people who are trained to investigate complex crimes, manage high-pressure incidents, and think like cybercriminals. As threats grow more sophisticated, it’s time to rethink where cybersecurity talent comes from.
Skills gap
The UK is facing a significant shortage of skilled professionals. According to the Department for Science, Innovation & Technology, 44 per cent of UK businesses (around 637,000) report gaps in basic cybersecurity skills, while 23pc (about 390,000) lack advanced capabilities such as penetration testing and incident response. This growing skills gap highlights an urgent need to think differently about where cybersecurity talent comes from. So, who better to defend against cybercriminals than those who have experience dealing with criminals in the real world?
Policing experience
Before moving into cyber security, I spent almost ten years in policing, with my final years focusing on digital forensics and cybercrime investigations. While switching from Detective Constable to Cybersecurity Consultant might seem like a big leap, the two roles actually have a lot in common.
Both require strong investigative skills, staying calm under pressure, and a clear focus on managing risks effectively. Intelligence is just as critical in cybersecurity as it is in policing – the proper collection, review, dissemination, and use of intelligence can significantly augment operational effectiveness and improve the quality of investigations in both fields.
For example, I recently worked on a digital forensics case where I was initially asked to forensically examine devices and provide a report. However, after learning more about the client’s situation, I suggested we also look into additional evidence investigative opportunities – audit logs, message trace reports, Microsoft 365 data, and publicly available information.
That investigative approach helped uncover extra evidence which ended up becoming an important part of the case and the report we delivered. This went beyond the original scope and provided valuable insights for the client.
This curiosity and the drive to ask, “What else can we discover?” – is key to strong cyber defence. Whether you’re tackling organized crime or a ransomware attack, the principle is the same. In policing, quick decisions depend on accurate, timely information. Cybersecurity works the same way. Being able to gather, understand, and act on threat intelligence is what helps move from simply reacting to threats to staying one step ahead.
New challenges
Moving from policing to the private sector does come with its challenges too. Policing is often structured and hierarchical, while the corporate world tends to be more agile and less layered in decision-making. This can feel unfamiliar at first, but it also offers a refreshing environment that encourages faster innovation and more open collaboration.
There are also skill gaps to address, especially around project management in a business setting. While technical training can help close these gaps, adjusting to corporate culture takes time, observation, and a willingness to learn.
For anyone thinking about making the switch, the key is to stay curious, adaptable, and open to learning. Cybersecurity is constantly changing, with advances in AI rapidly reshaping both the threats we face and the tools we use to combat them. Today’s knowledge may become obsolete within a decade because technology evolves so quickly. If you remain curious, keep building your knowledge base, and consistently work to keep your skills relevant, you’ll not only adapt to those changes but also set yourself apart from others in the field.
Luckily, there are UK Government-backed upskilling programmes that make this transition easier than ever. Programmes like ISC2’s 1 Million Certified in Cybersecurity initiative offer an accessible way to build skills and expertise from within.
Talent
In cybersecurity, homogeneous teams, no matter how talented, inevitably see problems through a single lens. Complex threats demand multiple perspectives, and that means bringing together professionals with different experiences, skills, and ways of thinking. Teams that include people from IT, academia, and law enforcement, as well as individuals from a wide range of countries and cultures, doesn’t just broaden their technical capabilities – it changes the way they respond to incidents.
The influx of former police officers into cybersecurity is a prime example. Their communication skills are particularly valuable in cybersecurity, where professionals often support clients through some of the most challenging moments of their careers. Soft skills are too often understated in this field, yet the ability to speak with a client, put them at ease, clearly explain the process, and reassure them that they have someone in their corner can make all the difference. This combination of empathy, composure, and clear communication truly stands out.
In cyber security, clients often remember less about the technical fix itself and more about how the team handled the situation. This is especially true for managed security service providers (MSSPs), who play a vital role in augmenting and enhancing cybersecurity capabilities that can be challenging for organisations to maintain in-house.
As cyber threats grow more sophisticated, especially with AI-powered attacks on the rise, the need for professionals with investigative instincts, crisis management experience, and a relentless curios-ity has never been greater. Former police officers bring more than technical skills; they bring a key mindset shaped by real-world urgency and purpose. Cyber security isn’t just about firewalls and code, it’s about people who know how to respond when everything’s on the line. That’s why the industry must look beyond traditional talent pools and embrace those who’ve already proven they can protect and serve.
