Starting a new career in cybersecurity has never been easier than it is today.
In the past year alone, there were nearly 600,000 open positions in cybersecurity, according to CyberSeek, creating a clear opportunity for job seekers. The demand for skilled professionals far exceeds the available talent pool. Fortunately, prospective cybersecurity pros now have more resources than ever to help them find their unique calling.
- What Is Cybersecurity?
- What are the Different Cybersecurity Roles?
- How To Get Started in Cybersecurity
- Moving Ahead in Cybersecurity
- FAQ
What Is Cybersecurity?
Fundamentally, cybersecurity is the practice of protecting information and other resources on electronic devices, networks, and computers. Cybersecurity professionals are charged with anticipating, preventing, and responding to attacks that target these resources.
Cybersecurity continues to gain importance, driven by the growing volume of data traversing networks and the expertise of hackers in intercepting that data.
What Are the Different Cybersecurity Roles?
While not an exhaustive list, here are several of the primary job types.
Cybersecurity/Information Security Analyst
This role centers around understanding, anticipating, and preventing cyberattacks. Analysts may perform research, review security data, construct defensive strategies, and explain security measures to various company stakeholders.
Network Security Analyst
These professionals analyze network traffic, identify anomalies, and implement security measures to protect data and networks. They are also tasked with preventing service interruptions and testing network disaster recovery plans.
Security/Cybersecurity Engineer
Engineers are responsible for designing, implementing, and maintaining security measures to protect data, networks, and systems against threats. They also conduct tests to uncover vulnerabilities and respond to security breaches.
Cybersecurity Researcher
These specialists identify security issues and develop methods and algorithms for detecting and preventing attacks. They may write code to analyze proprietary protocols and network traffic and create technical solutions for intrusion analysis, network security, and data visualization.
Application Security Engineer
This role focuses on identifying and addressing application security weaknesses. Professionals require an understanding of code development, software testing, and production environments. Coding skills are a plus.
Forensic Cybersecurity Analyst/Digital Forensics Analyst
Using specific cyber incidents as a starting point, these professionals trace attacks to their source, collect evidence, and work to prevent future incidents.
Ethical Hacker/Pen-Tester
These experts intentionally hack into their own company’s systems to identify potential security issues and weaknesses.
How To Get Started in Cybersecurity
There are various paths you can take to land your first cybersecurity job. However, understanding your strengths and what you enjoy is the most important step before diving into the field.
A helpful starting point is to take a cybersecurity career readiness assessment. While typically sponsored by hiring companies with vested interests, these assessments can provide valuable insights into your skills and preferences.
Additionally, exploring available training options and gaining hands-on experience through starter labs can offer a glimpse into the cybersecurity field. Resources like Infosec Institute’s skill platform, community college courses, or online platforms like SANS or Coursera can provide foundational knowledge. Plenty of universities also offer cybersecurity boot camps, some of which give students the basics of cybersecurity in as little as 24 weeks. Further options include free or low-cost training, such as Google’s entry-level cybersecurity certificate and (ISC)²’s skill-builder courses.
As you evaluate cybersecurity career paths, it’s important to note that technical expertise isn’t always a prerequisite. “I’ve even seen people who may be social workers decide they want to go for cybersecurity,” said Bret Fund, general manager of Infosec Institute. “If they like puzzle-solving, they can start as an analyst.”
Once you’ve identified your interests and qualifications, there are multiple pathways into the field.
1. The direct route
With a few courses under your belt, you can pursue entry-level cybersecurity roles like cybersecurity analyst, security specialist, or security auditor. These roles allow employees to learn the ropes and gradually progress at their own pace.
2. Working in a security-adjacent role
Starting in roles like SOC analyst, cybersecurity customer service, sales, or helpdesk will provide insight into what security platforms can do and how to use them. Employees can eventually transition to cybersecurity analyst roles or similar positions.
3. Get an apprenticeship
Apprenticeships are a great option for people to break into the field. Cengage, InfoSec Institute’s parent company, actively works with employers to set up apprenticeship programs. According to Fund, many new hires at Cengage have come through an apprenticeship track.
4. Earn a degree
While not required, degrees in cybersecurity, even an associate’s degree, can help get your career rolling. “Companies are really just looking for a signal that you know what you’re getting into and you can learn,” Fund said. “It’s all about efficacy. Employers want to feel like you can actually do it.”
Jonathan Braley, now a cybersecurity operations manager at the Information Technology-Information Sharing and Analysis Center (IT-ISAC) and Conrad Inc., exemplifies a mix-and-match career approach. He started his career with a job in search engine optimization during college. Meanwhile, he gradually learned coding through online courses, gained hands-on experience with deploying Google’s business email, and completed a bachelor’s degree.
Braley’s career progression – from staff assistant to cyber threat analyst to lead threat analyst to cybersecurity operations manager – illustrates the unique path one can take in the cybersecurity field.
Moving Ahead in Cybersecurity
Advancing in the cybersecurity field requires ongoing training, upskilling, and obtaining relevant certifications. Proactivity, curiosity, and a commitment to continuous learning are key.
Here are a few important certifications to consider:
- CISSP (Certified Information Systems Security Professional): Offered by (ISC)², CISSP certification verifies that its holder can successfully plan, deliver, and oversee effective cybersecurity programs. The credential is suitable for experienced professionals looking to demonstrate their expertise.
- CISA (Certified Information Systems Auditor): This ISACA-based credential focuses on auditing and monitoring business and IT systems. The certification is beneficial for entry-level and mid-career professionals, improving IT knowledge and potentially increasing salaries.
- CISM (Certified Information Security Manager): Designed for professionals aspiring to managerial roles, CISM accreditation requires ongoing professional education for renewal. The certification attests to high-level knowledge in risk assessment, incident management, and security governance.
Engaging a mentor is another valuable strategy to advance in your cybersecurity career. Brennan Baybeck, ISACA Board Vice Chair and senior vice president and CISO for customer success services at Oracle, said it’s important to find a good mentor. “People on my staff/leadership team spend a lot of time coaching and mentoring people internally and trying to get them into this field,” Baybeck said.
Taking calculated risks when applying for jobs is also encouraged. “Many of the requirements listed by employers are very optimistic. It doesn’t hurt to apply for certain roles even if you don’t necessarily meet the expectations,” Braley said. “I’ve noticed that many of these roles sit unfilled for quite some time, and companies may be willing to accept and train an employee that may be lacking the skills they are looking for.”
FAQ
Q: What is the importance of cybersecurity?
A: Cybersecurity has grown in importance due to the increasing flow of information across networks and the evolving tactics of hackers in intercepting and compromising that information.
Q: What qualifications do I need to become a cybersecurity analyst?
A: A positive attitude, basic knowledge, and a willingness to learn are essential qualifications.
Q: What is the best way to get into cybersecurity?
A: After acquiring basic knowledge, consider starting with an entry-level job such as a cybersecurity analyst, security specialist, or security auditor. Alternatively, working in security-adjacent roles like SOC analyst, sales, or helpdesk can provide a solid foundation.
Q: How do I gain experience in cybersecurity?
A: Be inquisitive, ask questions, take advantage of company-sponsored training, and seek mentorship to gain valuable experience.
Q: What certifications are important for a cybersecurity analyst?
A: Certifications such as CISSP, CISA, and CISM are important, but the focus may depend on your chosen area within cybersecurity.
Q: What skills are needed to be successful in a cybersecurity role?
A: Success in a cybersecurity role requires understanding your strengths and preferences and a willingness to learn. Basic coding skills can be beneficial.
Q: What is the salary of a cybersecurity professional?
A: Salaries vary based on expertise, with roles ranging from about $65,000 to $165,000 or more.
Q: What are the different types of cybersecurity roles?
A: Roles include security analyst, network security analyst, security engineer, cybersecurity researcher, digital forensics analyst, and ethical hacker/pen-tester.
Q: What resources are available to help learn cybersecurity?
A: Many resources are available for learning cybersecurity skills. They include cybersecurity boot camps, online courses, and certifications.
About the author
Karen D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek and Government Executive.
