Cybersecurity career paths
Where the cybersecurity jobs can be found
Cybersecurity is a rapidly growing field filled with tons of exciting job opportunities. As the threat of cyberattacks looms larger than ever before, companies are scrambling to fill their ranks with professionals who can safeguard their data and networks. From cybersecurity analysts to penetration testers and cybercrime investigators to cybersecurity architects, there’s a role in the field for everyone.
Cybersecurity professionals are found in almost every industry imaginable: government agencies, corporations, universities, financial institutions and even defense/aerospace firms. Any company that handles private data or classified information relies on highly trained specialists to protect their business and customers.
Thanks to the critical nature of the work, cybersecurity jobs salary are highly lucrative: “Cybersecurity professionals report an average salary of $116,000, or approximately $55.77 per hour. That’s nearly three times the national median income for full-time wage and salary workers, according to the Bureau of Labor Statistics,” wrote CIO Magazine’s Kenneth Corbin in 2013.
Most cybersecurity professionals don’t get into the field for the paycheck alone. The work is incredibly challenging and requires a balance of finely tuned technical skills with the creativity and flexibility to tackle even the most frustrating problems. While job duties vary between different careers, one thing is true across the board: standing on the front lines of a company’s information security efforts is not only a huge responsibility, but also indispensably valuable.
What cybersecurity careers are in demand?
Cyberattacks happen every day, all over the world. Keeping data safe, secure and out of the hands of cybercriminals is more important than ever. As the need for digital protection rises, so does the demand for talented cybersecurity professionals. Between 2016 and 2026, the field is projected to see a 28% increase in jobs, according to the U.S. Bureau of Labor Statistics (BLS).
Not only is demand high, but a shortage of qualified candidates means that competition is less fierce than in other industries. In fact, a 2016 survey by McAfee found that 82% of cybersecurity leaders felt there was a shortage of cybersecurity skills. That skills gap is what’s going to result in nearly 3.5 million unfilled cybersecurity job openings by 2021.
When we talk about employment in the field, “cybersecurity” is a catch-all term that refers to many unique roles that utilize different skill sets. Job titles vary from company to company, but here are some of the most common roles. (You can find out more info by watching this short video introduction.)
IT auditors identify flaws in a system’s network and create action plans to thwart security breaches in the technology. The role suits people who have a meticulous eye for detail and the ability to accurately record complex information. You’ll identify and document any gaps and compile them in a report so management can take action.
Keep in mind that IT auditors don’t actually fix the issues; instead, they uncover and document them. Some IT auditors travel extensively to conduct audits on-site at their client’s location, while others work remotely.
IT auditors may also be known by any of the following titles:
- Senior IT auditor
- IT audit manager
- Senior IT internal auditor
- Senior IT compliance analyst
Incident analysts are trained to rapidly respond to security incidents as they’re unfolding. Not only will you jump in to identify the incident’s causes, you’ll also conduct damage control, investigate the situation and make recommendations on how future incidents can be prevented.
Due to the sensitive information they handle, many incident analysts need to obtain a security clearance. Incident analysts rely on a wide array of computer forensic tools to do their jobs, so a background in computer forensics or computer investigations is key to springboarding into this career.
Other common job titles for incident analysts are:
- Information security project manager
- Security project manager
- Senior analyst, information security
Cybercrime investigators don their proverbial deerstalker hats to get to the bottom of crimes committed online. According to Infosec, a cybercrime investigator “investigates a number of crimes that range from recovering file systems on computers that have been hacked or damaged to investigating crimes against children.” This role overlaps with law enforcement and investigations.
Common responsibilities include recovering sensitive information from devices used by criminals, retrieving evidence for prosecuting crimes, working alongside law enforcement officers and testifying in court.
Depending on where they work, you may see cybercrime analysts called any of the following titles:
- Digital forensics analyst
- Cyber-IT/forensic/security incident responder
- Cyberforensics analyst
- Digital forensics technician
- Cybersecurity forensic analyst
Cybersecurity specialists play an important role in securitizing a company’s computer information systems. Using a highly specialized skill set, they offer invaluable protection against an arsenal of threats including malware, viruses, phishing and denial-of-service attacks.
Other common job titles for cybersecurity specialists include:
- Information security specialist
- IT specialist, information security
- Information technology specialist — information security
- IT security specialist
Cybersecurity analyst is an entry-level job in cybersecurity and a popular option for newcomers to the field. Being successful in this role means balancing strong analytical skills with creativity and a natural knack for solving problems. Day to day, cybersecurity analysts may do things like encrypting data transmissions, performing risk assessments, erecting firewalls and protecting sensitive information.
At some companies, the job title for cybersecurity analysts may vary based on the specific job duties. Here are the most common titles:
- Information security analyst
- Security analyst
- IT security analyst
- Senior security analyst
Cybersecurity consultants help businesses understand the current threat landscape and evaluate risks posed by potential cybersecurity issues, security incidents and attacks.
Interestingly, cybersecurity consultants often to get to play the roles of both attacker and victim. According to Infosec, “they can work on both the Red and Blue Teams and offer their insight to the organization as to how they can better protect themselves from looming cyberthreats. They can also be found working very closely with threat-hunting, incident response and even forensic investigation teams as well.”
Cybersecurity consultants also work under the following job titles:
- Security consultant
- Security specialist
- Commercial security consultant
- Senior security consultant
Penetration testers are the cybersecurity world’s “ethical hackers.” Your job is to run simulated attacks against corporate security systems in order to find any gaps before real hackers uncover and exploit them. When you discover a weakness, you share it with the team and help brew up ideas for strengthening the system. Pentesters are needed almost everywhere, so you can find plenty of job opportunities in-house at companies or, if you prefer, freelancing on your own.
Penetration testers are also sometimes called:
- Ethical hacker
- Assurance validator
Cybersecurity Architects are corporate leaders with the mindset of a hacker. They’re largely responsible for building and maintaining corporate security structures to thwart potential attacks. As experienced leaders in the field, they also supervise security teams of more junior employees.
At some companies, cybersecurity architects may go by other job titles, including:
- Security architect
- Information security architect
- Senior security architect
- IT security architect.
Cybersecurity engineers are highly skilled, detail-oriented professionals on the front lines of protecting a company from security breaches. Their daily responsibilities often include analyzing computer networks, ensuring networks are running securely and anticipating security issues that may come up in the future. The core of their role involves designing computer systems that can withstand major disruptions like malicious cyberattacks or even natural disasters.
Other common job titles for cybersecurity engineers include:
- Security engineer
- Network security engineer
- Data security engineer
- IA/IT security engineer
Cybersecurity managers are senior-level IT professionals who play a major role in creating corporate security strategies and supervising information security staff. Companies rely on cybersecurity managers to prevent security breaches from taking place. Instead of doing hands-on work, they direct a team of security staff such as technicians, analysts and auditors to keep the system safe and iron-clad against attacks.
Since this is a senior role, most cybersecurity managers have years of experience working in entry- and mid-level roles in addition to a master’s degree.
How to get into cybersecurity
Interested in starting a career in cybersecurity? When you apply for a job in cybersecurity, the hiring manager is going to pay close attention to three things:
- Employment history
How far along you are in your career is going to affect your resume. Recent college graduates will focus on their education and internship opportunities, while seasoned professionals will have more work history and professional accomplishments to show.
If you’ve studied the basics of cybersecurity but don’t have the work history to back it up, earning certifications are an excellent way of showing employers you have the skills and expertise they’re looking for. The Information Systems Security Association (ISSA) recently reported that “61% of ISSA members surveyed for this report believe that cybersecurity certifications are far more useful for getting a job than they are for doing a job. In other words, certifications get individuals in the door but once they are employed they rely on other KSAs.” Certifications show employers that you have all the basic skills you need to get started at their company or earn promotions and raises at your current company.
Entry-level cybersecurity certifications are a great place for newcomers to start. The entry-level certifications test your basic skills and foundational knowledge of information security. These include CompTIA Security+ and MTA Security Fundamentals. Once you achieve some of the basic certifications, you can pursue advanced-level certifications that teach you a more specialized skill set.
And don’t forget: the CyberSeek Career Pathway Tool is an excellent resource for learning more about how to get into cybersecurity!
Why is cybersecurity important?
Cybersecurity is critically important to keeping sensitive data from falling into the wrong hands. Whether it’s top secret government information or customer credit card numbers, thieves want them for their own purposes and will go through great lengths to steal them. Malware, phishing attacks and denial-of-service attacks are just a few weapons in a hacker’s arsenal, and as technology advances, hackers are learning how to deploy them with increasing sophistication and precision. Cybersecurity professionals are trained to predict how and when attackers will strike and how to best thwart their attacks.
Excited to join the fast-paced, cutting-edge cybersecurity field? Awesome! Take a look at the articles in this series to learn which cybersecurity career pathway is best for you. Once you’re done reading, hop into the interactive CyberSeek Career Pathway Tool to learn more about how you can get started on your rewarding cybersecurity career.
- Cybersecurity Career Pathway, CyberSeek
- Hacking the Skills Shortage, McAfee
- Cybersecurity Jobs Report 2018-2021, Cybersecurity Ventures
- Cybersecurity Pros in High Demand, Highly Paid and Highly Selective, CIO
- Detailed Guide for Information Security Analysts in California, Employment Development Department
- The Life and Times of Cybersecurity Professionals, ISSA