“It was there that I discovered my love for cyber and investigating cyber crimes,” Marrè tells Fortune. 

He spent more than a decade with the FBI, eventually reaching the rank of a special agent cyber investigator. Today, Marrè serves as chief information security officer at cybersecurity company Arctic Wolf, which is ranked by Fortune as the third-best workplace for millenials.

Cybersecurity has both abundant career potential and open job opportunities; projections from CyberSeek show there are more than 700,000 cybersecurity positions open in the U.S. alone. There’s ample opportunity to make a career switch into the industry, no matter your background. 

Although Cybersecurity is notably one of the more mysterious and misunderstood industries and professions out there, it is distinct from its adjacent counterparts—computer science, data science, and analytics—because cybersecurity requires a mission-oriented mindset and advanced problem-solving skills. 

Marrè’s career path shows the number of transferrable skills from other industries to cybersecurity. After 12 years in the public sector, Marrè switched careers again and joined Qualtrics, where he built up the software company’s security team. He eventually went on to run the company’s worldwide security operations through the company’s acquisition of SAP and then spinoff from the IPO, he says. Then, there was an opportunity at Arctic Wolf, where he’s served as CISO for about a year.

Fortune sat down with Marrè to learn more about his unorthodox path to cybersecurity leadership. 

The following interview has been edited for brevity and clarity. 

From video game development to the public sector cybersecurity

Fortune: Why jump from a career in video game development to the FBI?

Marrè: That was a huge change, even more than going from the FBI into the private sector. I was not someone that grew up wanting to be a law enforcement officer in the military. I had relatives that did that, but that wasn’t my goal. That was a complete mindset change and I learned a lot. 

Obviously I had some technical ability making video making and designing video games, but understanding computers down to the forensic level and even being able to conduct an investigation was something I received training first in the Army as a counterintelligence agent, and then later in the FBI. I could conduct an investigation, but then really learn about all the ins and outs of cyber crime, cyber investigations. 

I had to start from scratch with networking because I knew computers and some codingand some development, but then I had to learn a lot about networking to understand how the attacks were happening. It was years of education on the job to get me to a point where I could conduct my own investigations and do my own forensic investigations and collections.

How much did you learn on the job? How much did you have to teach yourself or learn elsewhere?

In the Bureau, they spend a lot to train you. I got the initial training and then I would take courses, especially on the forensic side. I signed up for everything I could from the FBI. But then there was a lot of self-study even, even in the old, old days—10, 15 years ago. Even back then, there was a lot of online material to use to study and getting old equipment to set up home labs to be able to experiment on things. What I quickly learned is that you’re not going to learn everything in classes and courses. I didn’t do any university courses once I was working, but Mandiant would teach courses at the Bureau. I even took a course at the Idaho National Lab. 

There are free courses, there are not-free courses, there’s going to conferences that have courses and taking those. It’s one thing to go and sit in those classrooms and even study and take the test, but it’s another thing to actually internalize and start using the techniques you learn.

From public sector to private sector cybersecurity

What was the transition like working in cybersecurity in the public sector to the private sector?

I had my eyes wide open. Having conducted a lot of investigations on breaches and large scale organizations, I realized that security is really hard and there are a lot of very hardworking, well-intentioned people who just don’t have the time, money, or effort to do everything they want. Part of the attraction to me was the challenge of helping these companies on their worst day. I had definitely been a security-minded person being in the FBI and for almost all of my time in the FBI was also on the SWAT team and was a tactical instructor and firearms instructor.

I wasn’t just a nerd behind the keyboard. I also was a door kicker and did some of those law enforcement efforts as well because I found that there was something I could do and I believed in it and it was important. I definitely had a security mindset, but what I needed in education was more in the business side of things, so I learned even more how to quantify risk, how to communicate risk in ways that business leaders understand. I then became a business leader myself and understood how to put the context of the risk and the context of the security concern in the rest of the business. 

How did you build up the business acumen you needed in the private sector?

There are two skillsets that I also had to learn. One is leadership, and I started learning that way back in the Army—all the way through different leadership courses, experiences with leadership through the FBI, and then even learning some more business leadership. Most of that was done through getting mentors—formal and informal mentors and courses that were taught in all of those places. 

I also did a lot of reading on the best books on leadership. Even when I was still in the FBI, I just started with Googling MBA reading lists and things like that—the basics down to finance, governance, even the structure of businesses. That wasn’t something I studied in university, so I had to learn all of the basics there. And then when I went into the private sector, I looked at even more freeware courses at Harvard, MIT that I’ve watched lectures from and read the books from. I did take a CISO course to get a CISO certificate from Carnegie Mellon.

Advice to future cybersecurity leaders

What’s your advice for someone considering a career switch into cybersecurity?

Do you read articles about breaches? Are you curious about them? Do you want to understand them? In order to succeed in cybersecurity, you have to be naturally curious and confident enough to go out there. Understand you’re never going to master the whole field because it’s just way too vast. 

If you’re at least curious and this is really exciting for you, go for it. But if you really are not that interested in computers and you just don’t care, it’s going be a struggle for you. Even if you learn all this stuff and then you get in and you get a job, you have to continue learning about it because the technology’s changed so rapidly.