The Ultimate Guide to Cybersecurity Careers
How do you change careers to cyber security? What cyber security jobs are there? What’s the average salary? All our questions are answered here.
If you’re seeking a career that brings purpose and excitement to your life, venturing into the realm of cybersecurity careers might be the perfect avenue for you. As a cybersecurity specialist, you’ll find yourself at the forefront of the cyber industry that actively combats sophisticated cyber threats, safeguarding businesses and their clientele, all while honing your profound technical skills.
Starting a career in cybersecurity offers a future-proof career path. Cybersecurity specialists have one of the most in-demand skillsets in the U.S., and the number of cybersecurity jobs in America is growing exponentially — but there are not enough trained professionals to fill them. In fact, there are predicted to be 3.5 million unfilled cybersecurity jobs globally by 2025, according to the Cybersecurity Ventures 2023 official jobs report.
With an ever-expanding scope, the cybersecurity industry offers significant potential both for entry-level cybersecurity jobs as well as seasoned professionals — it’s also a pathway toward meaningful and rewarding work.
But it’s not always clear how to get into cybersecurity — or what it means to enter the cybersecurity industry.
In this Cybersecurity Careers Guide, we’ve compiled insights, tips, and everything else you should know about cybersecurity with our Head of Education, Dr. Bret Fund — formerly of SecureSet Academy — based on his years of experience in cybersecurity.
What skills do you need for cybersecurity?
If you’ve got a technical background, there are some great opportunities for you in cybersecurity. For example, IT professionals and military security specialists often transition into cybersecurity when they’re looking for a fresh challenge, and a fulfilling, stimulating — and sometimes more lucrative! — career.
But if you don’t have a technical background, it doesn’t mean this career field is not available to you. In fact, it’s very much available, and the cybersecurity industry needs you! Some of the best careers in cybersecurity don’t require a technical skillset for entry-level cybersecurity jobs, and you can build technical skills as you progress in the field. That’s why soft skills are so important in cyber.
Companies will recruit individuals for cybersecurity roles because they have the specific skills needed, and that becomes more important than having an advanced university degree.
The best advice is to start by identifying which career path you’re aiming to enter, and then equip yourself with the cybersecurity skills that are important for that path.
Cybersecurity career paths
When most people think about cybersecurity, the first thing that springs to mind is the kind of hacker that you see in movies – a rogue character in a hoodie typing furiously at a glowing screen in a dark room, trying to break into a government or company computer system.
In reality, there are “hacker” jobs in the cybersecurity industry — and they’re known as Pen Testers. These roles are essentially “ethical hackers” who are hired to try and penetrate an organization’s systems and detect vulnerabilities so they can predict and prevent future threats. Companies hire Pen Testers into “red teams” to assess their systems, so they can mitigate future cyber attacks and prevent a serious loss of assets or data breach.
This is an exciting and crucial cyber career path, but it’s not the only one! There are many more cybersecurity jobs in the industry. In the broadest terms, there are two overarching categories that cybersecurity jobs can be mapped into: analysts and engineers.
Cybersecurity Analysts vs. Cybersecurity Engineers
To understand the fundamental differences between cybersecurity analysts and engineers, imagine a company’s computer network as a Formula 1 race car.
Cybersecurity analysts are like the F1 drivers — they’re paying attention to how the car is working, and everything going on around it. They know if something’s not right with the car (i.e. the computer network), and if there’s an issue with the way it’s functioning, but they don’t know how to get under the hood and fix it.
Cybersecurity engineers are like the F1 engineers — they understand all the nuts and bolts of how the system within the car operates. They design the systems that make the car (i.e. the computer network) function as efficiently as possible and have a technical understanding of how to fix issues and make sure that the system is fine-tuned and functioning correctly.
The great thing about the cybersecurity careers industry is that you can start at different points, and then pivot later. For example, you might want to start as a cybersecurity analyst because you don’t have a technical background, and then later move into engineering after some additional education. Cybersecurity offers the flexibility and the freedom to transition and try new things as you progress in your career.
So how do you get into cybersecurity? You can make your decision based on the type of work you’re interested in doing, and the skills you have now.
Cybersecurity analyst careers
What do cybersecurity analysts do?
Cybersecurity analysts focus on research, data analysis, and creative problem-solving. Day-to-day work can include scanning internal datasets to detect system vulnerabilities and cyber attackers, and drawing on external intelligence to predict and prepare for future cyber threats. They’re also great communicators and managers, as they play a pivotal role in connecting the dots with other organizational functions.
As analysts grow in their careers, they have a lot of options. They can take a manager track leading a security team, or they can become a Chief Security Officer heading up the security function for the entire organization.
Alternatively, they can switch to a more technical track, and build skills in engineering or system architecture as they move further along. This means they will continue to do analytical work, and start to introduce some limited engineering work on their own, as well as working with engineers at a more advanced level.
Skills needed for cybersecurity analyst jobs:
First and foremost, cybersecurity analysts need strong research, analytical and problem-solving skills. They also need an understanding of information systems, and a sound grasp of information security — if you work in security, you should understand exactly what security is and means.
Project management skills are also very important. This is not a technical skill, like the engineer working on a car — it’s about managing time, people and data. This type of management skillset is really important for entry-level cybersecurity analyst jobs.
Common cybersecurity analyst job titles:
Incident Analyst: Responds to cyber crimes that have occurred, and pieces together a narrative to understand how the crime was committed. They gather evidence to clarify the events that occur when a hacker has broken into a system.
National average salary for Cybersecurity Analyst: ~$66,000
Threat Intel Analyst: Specializes in monitoring and analyzing active as well as potential cybersecurity threats. They focus on analyzing useful intelligence from a wide spectrum of sources to keep their finger on the pulse of cybersecurity.
National average salary for Threat Intel Analyst: ~$107,000
Security Hunt Analyst: Responsible for defensive cyber counter-infiltration operations against Advanced Persistent Threats (APT). They focus on searching for hackers who have already burrowed deep within their company’s network.
National average salary for Security Hunt Analyst: ~$108,000
Compliance Analyst: Ensures their organization’s systems are compliant with government rules and industry regulations. They figure out which regulations affect their organization, and develop plans to meet the necessary standards. They research, educate and project-manage to ensure that all members of a cybersecurity team are on the same page.
National average salary for Compliance Analyst: ~$73,000
Cybersecurity engineering careers
What do cyber security engineers do?
Cybersecurity engineers are much more technically focused. They specialize in how computer networks work, how computers are sharing information with each other in the network, and how to put up firewalls and gateways to control what’s happening within their organization’s network.
Computer networks are made up of both hardware and software, and engineers understand how all these different systems and subsystems are working together, where the vulnerabilities lie, and how to fix them.
Later in their career, engineers have lots of options to transition to other jobs in the same way that analysts can. In fact, engineers often switch into analyst roles, as well as systems architecture and consulting (we’ll talk more about consulting below!).
Skills needed for cybersecurity engineering jobs:
Entry-level cybersecurity engineer roles need a sound technical understanding of information systems, security systems, and how computer networks work.
They also need to be well-versed in information assurance and cryptography – making sure data is secure across the network, and looking for points of vulnerability.
The fundamentals of network security are also useful at this level. This is not just about understanding how computers work and talk to each other, but how to engineer, design and create security systems.
Common cybersecurity engineering job titles:
Security Engineer: Develops detailed cybersecurity designs and builds computer security architecture. They’re on the front line of protecting network assets from threat actors, and they create robust defense systems, building and implementing tools for threat detection. They also lead incident response by minimizing the impact of security breaches, conducting investigations, and developing response strategies to protect their network.
National average salary for Security Engineer: ~$152,000
Pen Tester: What do pen testers do? Well, they make their living trying to break things. Organizations hire them to probe computer networks and discover vulnerabilities that a truly malicious hacker could exploit. They simulate a cyber attack and attempt to breach their organization’s network. The insights from a pen tester’s report allow the organization to patch up vulnerabilities in the security system.
National average salary for Pen Tester: ~$116,000
Cybersecurity consulting careers
As well as working in analyst and engineering roles for in-house security teams, cybersecurity specialists can also become independent consultants.
Before 2014, the cybersecurity expert in most companies was typically someone on the IT career track who had started playing around with security and had become the “security person” for their organization. Then about six years ago, companies and governments around the world started to wake up to the fact that customers, companies, and data need protection from cyber threats. This has created a huge demand for cyber security skills in organizations — people with the skills to set up security teams and security programs
In response to this, there’s been a great explosion of cybersecurity careers for consultants to help them set up their own security program in-house, or manage their security for them in an outsourced format.
Security consultants focus on protecting their client’s networks, by assessing them and suggesting new protocols, policies, and security plans to improve the security of their networks. They can either work in-house (commonly as sales engineers) or within a consulting firm.
They typically have a generalist skillset spanning both analytics and engineering. People who start at entry-level working for an in-house security team — in both analytics and engineering — often move into consulting further into their career.
Our 15-week Cybersecurity Engineering course gives students the skills to fast-track into cybersecurity consulting careers.
Disclaimer: The information in this blog is current as of 28 June 2023. Current policies, offerings, procedures, and programs may differ. For up-to-date information visit FlatironSchool.com.
Posted by Dr. Bret Fund / May 7, 2020
Learn to Code Python: Free Lesson for Beginners
Flatiron School Welcomes Peter Barth as CEO
“As we navigate a dynamic and complex tech talent landscape, Flatiron School’s mission – to enable the pursuit of a better life through education – is more vital than ever.”