Launch into a Cybersecurity Career Path

Cybersecurity Career Path
1

Cybersecurity Overview

Cybersecurity jobs are projected to grow over 32% over the next decade. This makes it one of the fastest growing IT professions with a large pool of open jobs. If you’re looking for job security, you should look no further.

What’s the reason for this growth? Every year there’s one or more data breaches that make the news.

2013: Yahoo breach exposed information for 3 billion users. Target exposure of 110 million user’s credit card and contact details.

2014: eBay breach disclosed information of 145 million users. JP Morgan Chase had a data breach which impacted 76 million households.

2015: Anthem encountered theft of personal information of 78 million customers.

2016: Uber had information from 57 million users and 600,000 drivers compromised.

2017: Equifax breach exposed 143 million user’s social security number, drivers license number, birth date, and address

2018: Aadhaar breach impacting 1 billion citizens in India. Marriott breach exposed information for 500 million users. Facebook breach of 87 million user’s information.

2019: CapitalOne breach of 106 million accounts.

Some cybersecurity professionals have stated this is a new type of cyber-warfare. Foreign government security agencies and non-government entities are inflicting lasting damage to company systems, financials, and public trust around the world.

The threat is only getting more severe as more individuals gain access to the tools used to exploit system flaws and insufficient security measures.

This is precisely why there was a sharp spike in information security or cybersecurity jobs in the past 10 years. Companies need trained armies of cybersecurity professionals to combat and mitigate these threats to protect their customer and other proprietary data.

As a result, there has been an explosion of cybersecurity jobs across every industry in the past couple decades. Some of the more prevalent job titles include Cybersecurity Architects, Analysts, Engineers, Consultants, and Managers.

What Cybersecurity Professionals Do: Plan and carry out security measures to protect an organization’s computer networks and systems. (US Department of Labor)

Cybersecurity Career Outlook & Salary

VERY POSITIVE (HIGH RATE OF GROWTH)

According to US Bureau of Labor, information security or cybersecurity jobs are expected to grow by 32% between 2018-2028. New information security jobs continue to open up as companies face an unknown enemy that is constantly finding new ways to break into their systems.

This is going to be a never ending war between hackers and companies that posses valuable data. As a result, the career opportunities for cybersecurity engineers and architects is expected to keep increasing.

Certainly, the salary will depend on your experience with cybersecurity and/or technology. You can expect to make a lot more with the right background. In general, the average salary for a cybersecurity professional is between $65-136K, according to data from PayScale. This is well above the national average and is pretty high compared to other jobs in IT.

Top Paying Cybersecurity Skills

There is a wide range of technical skills related to cybersecurity professions. They continue to evolve as information security technology and methods mature across every industry.

The following skills are crucial to develop over the course of your career if you want to be successful in the cybersecurity practice:

Security Information & Event Management: Deploy information security monitoring tools and analyze real-time information to develop a response plan for handling non-compliance with company security policies and standards.
Security Incident Handling: Develop plans and solutions to respond to active, imminent, or potential threats to the company’s network, systems, and data. These security events can include malicious attacks like malware, ransomware, phishing, and distributed denial of service (DDoS) or internal security breaches.
Identify and Access Management (IAM): Understand how security roles, profiles, and accounts are used in alignment with security policies to ensure authenticated users have access to the appropriate systems and information.
Audit & Compliance: Execute audits of systems and information to verify compliance to company and external policies or standards. This includes compliance to SOX, HIPAA, FISMA, GDPR, ISO 27001 / 20000, and other standards defined for each industry to prevent significant fines and penalties for the company.
System Security Planning & Development: As part of the software development life cycle (SDLC), be able to identify, fix, and test vulnerabilities in the application or system when deploying to production environments.
Programming & Coding: Familiarity with the various coding languages and platforms your company uses is crucial to understanding how to mitigate and address vulnerabilities. You may not need to know how to code, but you should feel comfortable analyzing code and configurations to identify security risks.
Data & Information Protection: Implement safeguards and encryption for data being stored, transmitted, processed, or accessed. This is becoming more critical as companies move more of their data to externally hosted cloud solutions.
Forensic Investigation: Familiarity with the tools and forensic methods used to investigate malicious activity or anomalies detected on the company’s network and systems.

In addition to these technical skills, you should also focus on developing soft skills that will make you a well-rounded cybersecurity professional. The crucial soft skills to work on include:

Security Oriented: First and foremost, you should be constantly thinking about security and potential vulnerabilities. This should be the case during your work day (meetings, projects, assessments, etc.) and after hours when you should be staying informed of developments in the field.
Strategic and Tactical: Cyber security engineers need to be able to think broadly about the environment their company operates in (industry, location, customers, etc.) to assess various points of security and compliance weakness. In addition, you need to be tactical in the design of solutions and processes being implemented to address specific threats.
Constant Learner: As technology and the way business is conducted changes, your skills should be keeping up with the change. This will require you to stay up-to-date on the latest cybersecurity threats and technologies.
Detail Oriented: While technology assists with security analysis and investigation, you’ll need to remain vigilant while on the job. Missing an alert or warning sign can mean the difference between a thwarted hacker and a multi-million dollar data breach for the company.
Critical-Thinker: You may have heard the phrase “think like the criminal” in context of a police investigation. This is similar when understanding the drivers behind why a hacker network or individual may want breach your company’s security. What information or result are they after? What is the source of the attack? Who is carrying out the attack?

Finally, it’s important to note that often cybersecurity is a thankless profession. Unless you bring down a large network of hackers, you likely won’t receive a ton of acknowledgement for your work.

Unfortunately, there are companies that don’t think about security until something drives them to do so, like a data breach or incident. However, there are many companies out there that value the work and skills required to ensure their systems, networks, and data is protected.

Regardless of what type of company you work in, you’ll need to consistently remind IT and business employees you work with of the value and importance of good information security practices.

Journey Down a Cybersecurity Career Path

Career Path - New Grad

During college, you should focus on a major in a technical field. This can include information systems, data management, computer science, or cybersecurity.

Making a career change? You should really have some level of technical experience. If you don’t have IT experience, it’ll be an up-hill battle, but you may be able to get by with training to develop core technical knowledge.

Land your first job: When searching for internships or entry-level jobs, search the job boards (Glassdoor, LinkedIn Jobs, etc.) to see what companies are hiring cybersecurity developers, analysts, engineers, or architects. You’ll need to narrow down the industry you want to get into since cybersecurity jobs are everywhere you look.

Launch your career: Your first few years should be about developing a broad knowledge base for the cybersecurity concepts, methodologies, and technologies. You should constantly be researching cybersecurity trends and common challenges.

Information security is constantly evolving since the technology, hackers, and vulnerabilities are changing at an incredibly rapid pace. Don’t get left behind.

Shadow and discuss security related topics with other practitioners at your company. Understand where the company has experienced security incidents in the past and where there may be vulnerabilities in the network, software, or people.

Like a hacker outside the company – find the greatest point of weakness.

Think about and explore how systems integrate with each other, user access is provisioned across the enterprise, data is encrypted, and where cybersecurity defenses may need to be enhanced.

Ultimately, your job is to find and address points of weakness before your company’s enemy’s have a chance to exploit the weaknesses.

Common Job Titles: Cybersecurity Engineer, Developer, Analyst, or Administrator

Get trained and certified: If you don’t consider yourself a life-long learner, work on changing that mindset. You should be consistently learning and attending training to build your knowledge. This is especially important in a field like cybersecurity where change is constant.

This is also a great time to select an area of focus and earn a cybersecurity certification that demonstrates your expertise.

Established Career

At this stage, it would be recommended to pursue a Certified Information Systems Security Professional (CISSP) or CompTIA Security+ certification to get started.

Explore new career opportunities: Once you’ve got some experience under your belt and maybe one or two certification, the doors to new opportunities will start to open.

You should also start searching for new positions inside or outside of your current employer depending on your level of contentment. Employers will be actively seeking you with the right work experience, training, and a certification in cybersecurity!

This may also be the right time to completely change your career if you find you’re no longer interested in the technology. It’s never too late to try something new and find a career your passionate about.

Common Job Titles: Senior Cybersecurity Engineer, Developer, Analyst, Auditor, or Architect / Consultant

Manager and Specialist

Take charge: At this point in your career, you’re the go-to person for all things related to cybersecurity standards and technology.

You have a deep knowledge of cybersecurity policies, best practices, technical solutions, threats, and core business processes to guide strategic cybersecurity decisions.

This experience puts you in a position to lead IT and business teams to ensure the company’s assets are well protected.

Climb the ladder: By demonstrating your ability to lead cybersecurity projects and teams, this sets you up for a management position within the organization. Seek opportunities to coach and mentor team members that may be less experienced than you.

It’s your job to ensure each employee you interact with understands their responsibility as it relates to keeping company information and systems secure. Everyone has a role to play when it comes to security.

Common Job Titles: Cybersecurity Manager, Specialist, or Senior Consultant

Becoming a leader: Once you reach a certain level of experience and skills, you can position yourself for a leadership role. While training and certifications can get you part of the way there, you need to also demonstrate leadership skills.

This includes ensuring your team has the resources and appropriate attention from your to be successful.

Leader and Expert

A servant and humble leader: You should be meeting with your team and other leaders to assess how the team is performing. Without that feedback, it becomes difficult to understand what actions need to be taken.

Are resources skilled enough for the work? Do they require guidance or course correction? Are they happy with their role and responsibilities on the team?

These are a few questions to help inform how best to support each individual on your team.

Also, it’s important to remind yourself that you don’t know everything about the cybersecurity technology and standards – regardless of your years of experience. Be open to the ideas being shared by others around you about how to better secure the company’s assets.

Common Job Titles: Cybersecurity Director, Vice President, Data Privacy Officer, or Chief Information Security Officer (CISO) / Chief Security Officer (CSO)

Recommended Cybersecurity Training & Certifications

While there are several information security standards organizations, the top names when it comes to job postings are ISACA and CompTIA. They offer the most widely known and desired cybersecurity certifications by most companies.

1. CompTIA Security+

This is often the most recommended first security-related certification an IT security professional should obtain. The CompTIA Security+ certification provides the foundational knowledge and skills required for cybersecurity professionals to launch their career. The primary focus is on covering the latest risk and threat management techniques.

Recommended Training: CompTIA Security+ Certification Prep Course – Cybrary

2. Certified Information Systems Security Professional (CISSP)

Becoming a Certified Information Systems Security Professional (CISSP) should be a top goal for all experienced information security practitioners. The certification is approved by the US Department of Defense, which has some of the highest standards in the world. CISSP is also one of the most frequently used filter criteria used by hiring managers on many job sites. This means having the credential next to your name puts you at the top of the list.

Recommended Training: CISSP Certification Course – Simplilearn

3. Certified in Risk & Information System Control (CRISC)

Whether you’ve been in information security for decades or are just starting your career, becoming Certified in Risk and Information Systems Controls (CRISC) through ISACA is one of the best qualifications to have. With CRISC, you’ll learn how to identify and assess risks to an enterprise so effective mitigation plans can be designed and deployed. This certification builds a mindset and set of competencies in you to better manage information security systems and processes.

Recommended Training: CRISC Certification Exam Course – Certified InfoSec

4. Certified Information Security Manager (CISM)

Ranked among the top IT certifications, becoming a Certified Information Security Manager (CISM) positions you for greater earning potential and career opportunities. Without question, security is one of the most in-demand professions and there is a large market for those looking for leadership positions in the space.

- Recommended Training: CISM Online Exam Prep Course – Certified InfoSec

Who’s Hiring Cybersecurity Engineers

Almost every company out there.

Regardless of the industry, there is a universal need to protect the information, systems, and network every company operates on. Companies are hiring cybersecurity engineers, architects, and consultants in large numbers to prevent their company’s name from becoming the next data breach headline.

They are constantly searching for skilled and trained cybersecurity practitioners to join their teams to help them keep the company’s information secure.