So, you’ve decided to make a career move and enter the professional world of cybersecurity. But there’s just one problem – you’re not sure how to get started. Whether you’re a new college graduate, considering an advanced degree, or looking for a complete career change, we’ve got you covered.
The great thing about cybersecurity is that anyone can enter the field regardless of educational background, or professional experience. It also applies to every industry vertical – whether you’re working in healthcare, or for the government. Every business or organization has unique cybersecurity requirements and it is a never-ending mission to protect and defend their IT infrastructure from attackers.
There is arguably unlimited growth potential in the cybersecurity industry. For years to come, experts seem to agree that the demand for cybersecurity professionals will never meet supply. Cybersecurity Ventures estimates that in 2021, there were 3.5 million unfilled cybersecurity job openings. That’s up from one million in 2013.
Cybersecurity can be a lucrative career choice – especially if you have the certifications to put on your resume. The median salary for an information security analyst in the United States is $102,600 according to the U.S. Bureau of Labor Statistics (May, 2021).
If you obtain a Google Cloud Professional Cloud Architect (PCA) certification, the average salary is $176,000. Even the Certified Information Systems Security Professional (CISSP) certification remains highly valuable, with an average salary of $141,000 (Pluralsight).
Which Cybersecurity career path is for me?
A career in cybersecurity can take you in many different directions. Typically, there are three core domains that cyber careers fall under:
- Technical
- Management
- Leadership/Executive
As a technical cybersecurity professional, you can expect to work with a plethora of network security tools and systems. You will be on the front lines of cyber prevention, detection, and response. Examples of roles within this domain may be Security Engineer, Systems Engineer, Penetration Tester, or Malware Analyst.
As a cybersecurity professional working in management, you will primarily be focused on policy, oversight, and risk mitigation strategies for your employer. While you may still have technical skills and need to understand the latest threat vectors, you will be less engaged with the nuances of internal systems like a technical colleague would. Examples of roles within this domain may be Business Information Security Manager, Lead Security Consultant, Cybersecurity Auditor, or Data Protection Officer.
Finally, as a Leadership or Executive professional, you will be in charge of overall company security posture and culture, and may report to executive boards, investors, or influence product offerings. In contrast to other cybersecurity roles, this is a very public role within a company and often the expectations are that you frequently travel, engage in public speaking events, and industry conferences. Examples of roles within this domain may be Chief Technology Officer, Chief Information Security Officer, or Chief Privacy Officer.
What skills do you need to be in Cybersecurity?
This is a common question that doesn’t have an exact answer, as it will depend on the type of role you’re applying for. It could even depend on the company or agency you intend to work for.
Broadly speaking, someone seeking a technical role within cybersecurity will need to emphasize experience with skills such as penetration testing, risk analysis, and security assessment. Experience with cybersecurity tools for network visibility and control; orchestration; EDR/XDR; SIEM or big data; and vulnerability scanners will be critical.
Examples of such tools may include:
- Snort, Ossec, Fortigate IPS, ExtraHop, or other Next Generation Intrusion Prevention System (NGIPS)
- Tenable Nessus or Rapid7 vulnerability scanner
- Cisco, Palo Alto Networks, Juniper, Fortinet or similar next generation firewalls (NGFW)
- Forescout or Cisco Identity Services Engine for network access, visibility and control (NAC)
- Splunk, Chronicle, Elastic, LogRhythm for Security Information and Event Management (SIEM)
- Dragos, Claroty, Nozomi, Forescout eyeSight for Operational Technology (OT), Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA)
Someone seeking an executive or leadership position will need to understand current and future industry security trends and threats, combined with educational degrees and career experience. Bachelor or Master degrees in Cybersecurity, Management Information Systems, or Computer Science would be immediately applicable to a career in cybersecurity. However, cybersecurity doesn’t require specific degrees as it has become so broad and impacts every industry.
Understanding compliance, business impact and mitigation strategies for cybersecurity will be critical in executive and leadership roles. Successfully planning for business continuity and disaster recovery are critical responsibilities for a Chief Information Security Officer.
Finally, someone seeking management within the cybersecurity industry should possess a strong understanding of any direct report’s responsibilities while being able to manage a diverse team and reporting to leadership. For example, a Network Operations Center (NOC) lead will likely possess a very strong technical background and remain certified in critical areas such as networking or security. However, they also need to have the people and management skills to lead a team, plan critical maintenance and outages, respond to incidents, and maintain a well-staffed NOC operation. This would be in contrast to security software engineering where certifications will not be required, but familiarity with software languages, project goals and management, and hitting development deadlines will be paramount.
Do I need to be technical to enter the cybersecurity field?
If you’re afraid you lack the necessary technical skills to enter this field, do not panic. To be successful in the cybersecurity industry—no matter what company or role—you need a few key traits:
- Always be learning. Always be curious. Nobody knows all the answers, so don’t feel that you need to know everything on day one. It’s a marathon, not a sprint. If you think you know everything you need to know about a topic, move onto the next.
- Persistence. While some technical certifications may be required to enter the door, don’t wait to apply for jobs you feel qualified for. Just apply, and let the company decide if you’re qualified or not. If you’re working with a recruiter, ask for any feedback if you’re not chosen on what would make you a strong hire. Take that feedback and put it into action.
- Attention to detail. It doesn’t matter if you’re managing code or network switches: attention to detail is critical in this field.
- Energy. You don’t have to show up every day like you’re ready to tackle the world, but direct energy into your work and it will carry you far. You’ll be recognized by peers, management, and customers for it. A positive attitude goes a long way. Especially in difficult situations.
