Organizations spend millions on securing their data, networks, and computer systems from cybercriminals—but ensuring complete security cannot be solved by spending alone. As cyber-attacks become more sophisticated and prolific, companies must rely on the expertise of cybersecurity professionals to identify potential threats and protect networks.
But according to CyberSeek, close to half a million cybersecurity jobs are unfulfilled. With a rising need and limited talent pool, there’s never been a better time to become a cybersecurity professional. Whether you have no background in the field or are looking to cross over from IT, there are many pathways to start and advance in your cybersecurity career.
In this guide, discover the many jobs within cybersecurity, explore typical career paths, and learn the skills you need to build a lasting career in the industry.
Cybersecurity Career Paths and Domains
Like data science or supply chain management, cybersecurity career paths are non-linear; once you enter the field, your career can go in any direction. Additionally, there are many feeder roles (networking, software development, financial, and risk analysis) that can lead to an entry-level cybersecurity role.
“When I think about [cybersecurity] roles, they all build on top of each other,” said Aspen Olmsted, adjunct professor at New York University’s Tandon School of Engineering and instructor for the Cybersecurity Fundamentals MicroBachelors® Program from NYUx. “For example, you could be a host systems defender, which means you’re really defending a server, or you can be a network defender where you’re defending the network coming in, or you can sort of build those together. You can learn these competencies and then you can aggregate them together to take on more and more responsibility.”
When you think of cybersecurity jobs, red team cybersecurity professionals or ethical hackers who attempt to break in and analyze networks and system security may come to mind. But that’s scratching the surface. Within the field, there are several subdomains and specializations, which fall mostly into two categories: security and risk management and infrastructure management.
Security and Risk Management
Security and risk management involve ensuring companies comply with security policies and laws and making risk assessments to identify any vulnerabilities in physical assets, software, and data. Key jobs within this sub-domain include penetration testing and compliance. In fact, compliance has become so important that some companies now have entire teams dedicated to privacy and data governance.
Common job titles within security and risk management include:
—Cybersecurity analyst
—Information security analyst
—Penetration tester
—Security compliance analyst
—Data security and privacy analyst
—Security specialist
Security Architecture
Enterprises rely heavily on their networking infrastructures. Without proper protection, cybercriminals can easily access and steal private resources and information. To prevent security incidents and data breaches from occurring, cybersecurity professionals must engineer virtual private networks, firewalls, application security, and much more.
Cybersecurity jobs responsible for protecting underlying networking infrastructure include:
- Cryptographer
- SOC analyst
- Security infrastructure engineer
- Security architect
- Cloud security engineer
- Cybersecurity engineer
What Skills Do I Need For Cybersecurity?
Although cybersecurity jobs might seem hyper-technical and math-intensive, cybersecurity professionals are jacks-of-all-trades. They should be competent in both hard skills (networking, scripting, system administration) and soft skill sets (communication, creative thinking, listening).
“When you’re in this field, you have to realize that what you know on one day might be different or obsolete shortly thereafter,” said Jonathan S. Weissman, senior lecturer in the Computing Security Department at Rochester Institute of Technology (RIT) and instructor for RITx’s MicroMasters® Program in Cybersecurity. “It’s the ability to constantly reinvent yourself, learn new things, and adapt to changes. That’s very important for cybersecurity specialists.”
Core cybersecurity skills you need to excel in your career:
Cybersecurity technical skills
- Networking: Networking is the most critical cybersecurity skill. Whether you’re a penetration tester or a network engineer, you should know fundamental networking concepts such as how packets travel from your computer to other computers, OSI models, etc.
- System administration: Cybersecurity professionals need to master system administration. For example, can you manage what happens after downloading viruses on Windows or retrieve files off of a computer without knowing the log-in information?
- Linux: Linux is the operating system used on most network devices and security appliances. Familiarizing yourself with Linux allows you to collect security data and perform security hardening.
- Hacking: The ability to think like a cybercriminal is essential to identify any flaws in networks or security tools.
- Building virtual machines: Cybersecurity experts must master all virtual machine platforms to run malware analysis.
- Programming: You don’t need to be an expert programmer to become a cybersecurity professional, but you do need to approach problems with a programmatic mindset.
“Scripting really helps you to understand how hardware and software works. It’s important, even if you don’t want to be a programmer, to understand enough so you can read code,” said Olmsted, who also teaches in two other NYU MicroBachelors programs: Computer Science Fundamentals and Intro to Databases.
Cybersecurity soft skills
- Ability to learn constantly: New threats are always emerging, which means you need to have the ability to constantly learn new skills and tools.
- Communication: You will spend a significant amount of time educating end-users to configure their machines or adopt security measures.
- Problem solving: Cybersecurity involves finding solutions to problems on a daily basis. If you do not enjoy problem solving, a career in cybersecurity is likely not for you.
The Top Cybersecurity Jobs: From Entry-Level to Senior Level
There are many high-paying, dynamic full-time jobs within the cybersecurity industry. Due to the global talent shortage, many employers are offering average salaries between $70,000 and $90,000 for entry-level roles. More experienced cybersecurity professionals such as cybersecurity directors and chief information security officers (CISOs) can earn over $150,000 annually.
With so much demand for cybersecurity professionals, now has never been a better time to get into the field. Here are some of the highest paying and most in demand cybersecurity jobs today:
1. Cybersecurity Analyst
A cybersecurity analyst, otherwise known as a security operations center (SOC) analyst, is an entry-level cybersecurity role focused on frontline threat detection. Cybersecurity analysts work in security operations centers and must have a diverse set of skills from malware analysis, log analysis, Wireshark, and programming. The primary responsibility of a soc analyst is monitoring network data. While considered routine, the work and experience of a soc analyst role is a great starting place to learn the basics and launch a career in cybersecurity.
If you want to become a soc analyst, you will need to earn a few cybersecurity certifications such as the CompTIA Security+ and the Certified Information Systems Security Professional (CISSP).
2. Vulnerability Assessment Analyst
A vulnerability assessment analyst identifies vulnerabilities in IT systems, applications, and infrastructures and creates policies and strategies to reduce security risks. They often use scanners to find vulnerabilities and threats and create plans and strategies to mitigate them.
Vulnerability assessment analyst positions require a few years of experience. Prospective vulnerability analysts should have a strong grasp of both Java and HTML and a few certifications such as the Certified Ethical Hacker (CEH) and the GIAC Web Application Penetration.
3. Cybersecurity Engineer
Similar to software engineering, cybersecurity engineers build technologies that keep computer architecture safe. Their responsibility is to anticipate network vulnerabilities, which require creating firewalls, running encryption programs, and updating software.
To become a cybersecurity engineer, you need at least a few years of experience and a strong command of programming in Python, C++, Java, or Ruby. Cybersecurity engineers must be able to read computer code to identify malware.
4. Penetration Tester
Penetration testers, otherwise known as ethical hackers or cyber operators, are considered one of the most popular jobs in the cybersecurity field. They are responsible for analyzing and identifying vulnerabilities in network infrastructure and web applications and must document their process and findings. But don’t be mistaken—penetration testing is not an entry-level job.
“To be a pentester who’s really exceptional, you need to have creative thinking,” said Olmsted. “What we can’t automate is creative thinking. A pen tester’s going to think about ways that a malicious user would look at a perspective that the rest of us don’t look at.”
You’ll need a strong grasp of cybersecurity fundamentals and tools such as Kali Linux to work your way up to becoming a penetration tester.
