Finding the Right Cyber Security Role For You
There are many cyber security career paths, so it can be beneficial to take your time and evaluate your options.
For example, suppose you want to become a security architect — a consistently senior-level role that manages the network and computer security for an organization. In that case, you’ll want to consider the path that most people take to reach such a role. This could include completing a bootcamp, working as an entry-level security analyst, and gaining the experience needed to move up the career ladder. Keeping your “eye on the prize” can be important in cyber security, and the decisions you make early on can have a significant impact down the line.
Entry-level cyber security positions can be a great fit for someone with prior technical experience, someone who recently completed a cyber security bootcamp, or a recent graduate from a degree program. If you’re interested in learning more about entry-level positions in cyber security, read our guide on entry-level jobs in the field.
Here are a few potential entry-level cyber security roles to consider:
Information Security Analyst
Information security analysts protect an organization’s computer networks by planning and executing security measures. Job responsibilities include monitoring networks for security breaches, installing and updating security software, reporting on information or security breaches, and keeping up-to-date on industry best practices.
According to the U.S. Bureau of Labor Statistics, the 2020 median pay for Information Security Analysts was $103,590 per year. Expected job growth for the field is strong, as the BLS projects a 31 percent increase in open roles between 2019-2029. This growth is primarily due to an uptick in advanced cyberattacks and an increased need for cyber security services — particularly in healthcare and finance, where data protection is especially crucial. This role often requires a bachelor’s degree (or equivalent form of education, training, or employment) in a cyber security-related field.
Security auditors are generally viewed as an offshoot of the broader information security analysis industry. They work with companies and organizations to audit security systems and detect any flaws or issues present within those systems. Overall, this position focuses on providing insight into where procedures are sufficient and how an organization can make changes to increase its information security.
People working as security auditors must understand threats and tactics used against computer systems, identify risks, and communicate those risks to other departments, such as network administrators or other levels of management. This communication allows for a quicker, more cohesive problem-solving process resulting in more informed solutions. Someone working as a security auditor needs a mix of technical, communication, and presentation skills to effectively interpret security-related technical matters, properly communicate them to the appropriate parties, and present potentially complex information in a manner that is both understandable and actionable.
Another specific role within information security analysis is penetration tester. This role focuses on identifying existing security issues for a company or organization. Penetration testers can be considered “ethical hackers,” as they attempt to break a company’s security protocols to identify vulnerabilities.
Penetration testers use a variety of methods to test an organization’s security practices and infrastructure. These methods can include testing wireless network security, attempting to attain unauthorized access to a facility’s physical space, or social engineering, which tries to fool people in the organization into breaching security protocols.
The penetration tester’s findings are summarized in a report and presented to the organization in a debrief meeting. Like security auditors, penetration testers must bring a mix of technical and soft skills, as they are regularly tasked with testing an organization’s security and summarizing key findings identified during this process. Working as a system administrator, network engineer, or system architect can prepare someone for work in this role.
While pursuing entry-level roles, it helps to establish a higher job goal for the future — namely in a senior-level position. Forward-thinking can help you find the right fit for an entry-level position and properly kick off your journey.
Here are a few senior-level cyber security positions to consider:
Chief Information Security Officer (CISO)
The CISO is a senior-level executive role within information security analysis. It focuses on developing and implementing security processes that protect an organization from cyber attacks and risks. The CISO creates and maintains a high-level strategy to protect vital information from attacks, allowing organizations to proactively plan for breaches while preemptively fortifying existing infrastructure.
Typically, the CISO is a top executive at an organization that focuses on information security and cyber security. CISOs set the tone and pace for security initiatives in the organization. Most CISO positions require around 7-10 years of experience in the field, and they usually have broad skills like high-level IT knowledge, team management, and critical thinking. Specifically, CISOs should have an eye for potentially complex solutions — balancing the ability to properly communicate plans and spearhead multifaceted initiatives in pursuit of stronger security systems.
Security architects are senior-level employees responsible for maintaining a company’s computer systems and security protocols. This requires high-level knowledge surrounding security frameworks, vectors of attack, and network security. Their experience and skill sets usually include critical thinking, high-level troubleshooting (typically amidst ongoing projects), and the ability to upgrade and maintain a variety of hardware and software. This is a “big picture” role focused on overseeing broad security programs and policies for a company or organization.
Most security architects have five or more years of experience in the field and command high salaries. According to the BLS, computer network architects had a median salary of $116,780 in 2020, and the number of jobs in the field is projected to grow by 5 percent between 2019 and 2029. Demand for these professionals has grown as more firms expand their IT networks, creating additional job opportunities for architects to build new digital infrastructure and upgrade existing networks.
Cyber Security Engineer
Cyber security engineers build and oversee security systems and procedures, identifying threats and vulnerabilities in computer systems and software. They apply their skills to develop solutions to defend against threats and are responsible for implementing associated changes to software and computer systems on an ongoing basis. Job responsibilities include planning, managing, and implementing security measures; troubleshooting security issues; and responding to security breaches as they occur. As savvy auditors and problem solvers, engineers are vital to businesses because they keep networks up-to-date while actively mitigating both budding and existing security threats.
Cyber security engineers tend to have a strong background in software development, broad cyber security protocol, and computer administration and networking. Typically, cyber security engineers also bring several years of experience in relevant technical roles before starting in this position, and applicable skills usually include high-level web development, specific knowledge of security-related digital structures like firewalls, and a strong understanding of network functionality.