I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image.– Stephen Hawking
According to some studies, Cyber crime damage costs are predicted to hit $6 trillion annually by 2021, up from $3 trillion in 2015. Covid -19 pandemic has even fueled this rate much faster. At the same time, it is predicted that the world will have 3.5 million unfilled cyber security jobs by the end of 2021.
The demand for cyber security professionals is consistently growing and it shall continue to grow in the next decade. Cyber security roles exist in every size company and they are responsible for protecting organizations from data breaches and cyber-attacks. Cyber security Job postings on various websites have grown three times faster than openings for IT jobs overall.
First step towards reaching to this career is to know what kind of roles available in this field. There are numerous kinds of roles and responsibilities exist but, in this blog, I explain three major cyber security career paths.
Cyber Security Specialist – Entry Level
The Job of cyber security specialist is to assess cyber security risks and propose solutions for different kinds of project in the company. They also provide guidance for protecting and securing their digital data. The position might also be referred to as an information security specialist or IT security specialist.
The salary range for cyber security specialist is broad depending on overall experience, but usually an average salary is $92,000 in the U.S. Cyber security specialist are expected to have 2-4 years of professional experience.
To become a cyber security specialist, following career plan might be helpful:
- Earn a bachelor’s degree in computer science, information technology, cyber security or a related field. Or, gain equivalent experience with relevant industry certifications.
- Pursue an entry-level position in general IT or IT security.
- Enhance your cyber security skills with training and certifications.
As a cyber security specialist, your daily tasks may include:
- Ensure a timely and consistent process for handling of security vulnerabilities in products – including detection, assessment, correction and knowledge distribution
- Performing vulnerability tests and security assessments
- Responsible for tracking, auditing and reporting as per internal Security Development Life cycle
- Testing security solutions using industry standard analysis methods
Recommended certifications for cyber security specialist:
Below are some entry-level certifications that are meant to ground you in the basics – cyber security principles, best practices, important tools, latest technologies etc. Mentioning one or more certification in your résumé will help you build credibility as you climb the career ladder.
- CompTIA Security+
- Certified Ethical Hacker (CEH)
- Cyber security Analyst (CySA+)
Ethical Hacker/ Pen Tester – Mid Level
The demand for skilled penetration testers has been growing since more and more companies relying on penetration testing for identifying gaps in their defense systems. Ethical hackers or Pen testers are highly specialized and trained to think like hackers when exploiting security weaknesses.
Pen testing is one of the top three most-in-demand jobs in cyber security from many years. At the same time, reports show that 23 percent of surveyed organizations had a shortage of penetration testing skills, making it the fourth-highest area of shortage among all cyber security skills.
The average salary for a penetration tester is $103,000.
Many penetration testers and ethical hackers follow a career path that looks like this:
- Get a bachelor’s /masters degree in computer science, information technology, cyber security or a related field. Otherwise gain equivalent experience with relevant industry certifications.
- Pursue an entry-level role as a cyber security specialist/cyber crime analyst/incident analyst.
- Master specialized ethical hacking skills with training and certifications.
As a penetration tester, you’ll be expected to:
- Perform penetration tests on organization’s products/web applications/network/systems. It can also include testing on hardware if company is delivering a hardware with their products. For example, an IOT device.
- Uncover security holes and pinpoint the methods attackers could use to exploit system weaknesses.
- Proper detailed documentation is an important part of pen testing job. Along with the documentation the pen tester is involved with developers to resolve the issues found.
- Sometimes it is needed to write testing tools since existing tools may not have all the needed features. Knowledge of Python is helpful for this development.
If you’re interested in a career path as a pen tester, you will need a mix of technical hands-on skills and broad cybersecurity knowledge. Having a specialized certification is one way to gain the skills and also a proof of those skills to a potential employer. Below are some renowned pen testing certifications:
- CompTIA PenTest+
- Global Information Assurance Certification (GIAC) Penetration Tester (GPEN)
- Offensive Security Certified Professional (OSCP)
Cyber Security Architect – Advanced Level
Cyber security architect is an important role for protecting a company’s data and other sensitive information from hackers. Cyber security architects are responsible for creating and maintaining corporate security structures and ensuring that they function as designed. As high-level leaders, they also supervise security teams. They are involved in designing and implementing security-related policies and procedures.
In the United States, the average salary for this position is $133,000. Cyber security architects are expected to have a minimum of 5-10 years of relevant experience in the cyber security field.
It is a senior position. Someone new to the infosec field have to work his way up through entry- and mid-level positions first. After gaining a few years of entry-level experience, he can then move up to one of the following mid-level positions before applying for the cyber security architect position:
- Cyber security analyst
- Cyber security engineer
- Penetration & vulnerability tester
- Cyber security specialist
As a security architect, you’ll be required to:
- Lead and supervise a security team for planning and designing security architectures for organization’s IT projects.
- Reviewing and enhancing security configurations of routers, firewalls, DMZ and other network devices.
- Research and implement the latest security standards, systems and best practices.
Since cyber security architect is a senior-level position, prospective employers look for accredited security certifications in candidate’s profile. Below are some of the certifications which would be helpful in gaining knowledge and the architect position:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- SANS/GIAC Certification
- Certified Information Systems Auditor (CISA)
- IT Infrastructure Library (ITIL) Certification
There hasn’t been a better time to start a career in cybersecurity. There is no one linear path to a successful career in cybersecurity. Some people enter the security field straight out of college, while others transition from another IT role. Focus towards security aspects and obtaining the right training and certifications will help you get started on the cybersecurity career path.
No matter where you start, all cybersecurity careers begin with general IT experience. You need to understand how technology works before you can learn how to secure and protect it.