Interested in applying to Flatiron School? Schedule a 10 min chat with AdmissionsSchedule a Chat
If you’re looking for a new career to inject more meaning and challenge into your work, starting a cyber security career is an exciting option. Cyber security specialists work on the front lines of a growing and flourishing global industry, tackling advanced cyber threats, protecting companies and their customers, and mastering deep technical expertise along the way.
Starting a cyber security career also offers a future-proof career path. Cybersecurity specialists have one of the most in-demand skillsets in the U.S., and the number of cyber security jobs in America is growing exponentially — but there are not enough trained professionals to fill these cyber security jobs. In fact, there are predicted to be 3.5 million unfilled cyber security jobs globally by 2021, according to the Cyber security Ventures 2019 Cyber security Almanac.
With an ever-expanding scope, the cyber security industry offers significant potential both for entry-level cyber security jobs as well as seasoned professionals — it's also a pathway toward meaningful and rewarding work.
The Coronavirus also increased the demand for cyber security skills. According to one report, 80% of cyber security threats are now using COVID-19 as leverage, and coronavirus themes have been used across nearly all types of cyber attacks, including business email compromise (BEC), credential phishing, malware, and spam email campaigns. Cyber security specialists have never been more important than they are today, to protect businesses, people, and their data during this global crisis.
But it’s not always clear how to get into cyber security — or what it means to enter the cyber security industry.
There are plenty of questions swirling around the cybersecurity industry.
What do people with cyber security jobs do? What kind of skills do you need to be a cyber security analyst? Where should you start your job search? What are entry-level cyber security jobs? How much do entry-level cyber security jobs pay? Better yet, what do experienced cyber security jobs pay?
And why is cyber security important?
In this Cyber security Careers Guide, we’ve compiled insights, tips, and everything else you should know about cyber security with our Head of Education, Dr. Bret Fund — formerly of SecureSet Academy — based on his years of experience in cyber security.
What skills do you need for cybersecurity?
If you’ve got a technical background, there are some great opportunities for you in cyber security. For example, IT professionals and military security specialists often transition into cyber security when they’re looking for a fresh challenge, and a fulfilling, stimulating — and sometimes more lucrative! — career.
But if you don’t have a technical background, it doesn’t mean this career field is not available to you. In fact, it’s very much available, and the cyber security industry needs you! Many cyber security career paths don’t require a technical skillset for an entry-level cyber security job, and you can build technical skills as you progress in the field. That's why soft skills are so important in cyber.
Companies will recruit individuals to cyber security roles because they have the specific skills needed, and that becomes more important than having an advanced university degree.
The best advice is to start by identifying which career path you’re aiming to enter, and then equip yourself with the cyber security skills that are important for that path.
Cybersecurity career paths
When most people think about cyber security, the first thing that springs to mind is the kind of hacker that you see in movies – a rogue character in a hoodie typing furiously at a glowing screen in a dark room, trying to break into a government or company computer system.
In reality, there are “hacker” jobs in the cyber security industry — and they’re known as Pen Testers. These roles are essentially “ethical hackers” who are hired to try and penetrate an organization’s systems, and detect vulnerabilities so they can predict and prevent future threats. Companies hire Pen Testers into “red teams” to assess their systems, so they can mitigate future cyber attacks and prevent a serious loss of assets or data breach.
This is an exciting and important cyber career path, but it’s not the only one! There are many more cyber security jobs in the industry. In the broadest terms, there are two overarching categories that cyber security jobs can be mapped into: analysts and engineers.
To understand the fundamental differences between cyber security analysts and engineers, imagine a company’s computer network as a Formula 1 race car.
Cyber security analysts are like the F1 drivers — they’re paying attention to how the car is working, and everything going on around it. They know if something’s not right with the car (i.e. the computer network), and if there’s an issue with the way it’s functioning, but they don’t know how to get under the hood and fix it.
Cyber security engineers are like the F1 engineers — they understand all the nuts and bolts of how the system within the car operates. They design the systems that make the car (i.e. the computer network) function as efficiently as possible, and have a technical understanding of how to fix issues, and make sure that the system is fine-tuned and functioning correctly.
The great thing about the cyber security industry is that you can start at different points, and then pivot later. For example, you might want to start as a cyber security analyst because you don’t have a technical background, and then later move into engineering after some additional education. Cyber security offers the flexibility and the freedom to transition and try new things as you progress in your career.
So how do you get into cyber security? You can make your decision based on the type of work you’re interested in doing, and the skills you have now.
Cybersecurity analyst careers
What do cybersecurity analysts do?
Cyber security analysts focus on research, data analysis and creative problem solving. Day-to-day work can include scanning internal datasets to detect system vulnerabilities and cyber attackers, and drawing on external intelligence to predict and prepare for future cyber threats. They’re also great communicators and managers, as they play a pivotal role in connecting the dots with other functions in their organization.
As analysts grow in their careers, they have a lot of options. They can take a manager track leading a security team, or they can become a Chief Security Officer heading up the security function for the entire organization.
Alternatively, they can switch into a more technical track, and build skills in engineering or system architecture as they move further along. This means they will continue to do analytical work, and start to introduce some limited engineering work on their own, as well as working with engineers at a more advanced level.
Skills needed for cybersecurity analyst jobs:
First and foremost, cyber security analysts need strong research, analytical and problem-solving skills. They also need an understanding of information systems, and a sound grasp of information security — if you work in security, you should understand exactly what security is and means.
Project management skills are also very important. This is not a technical skill, like the engineer working on a car — it’s about managing time, people and data. This type of management skillset is really important for entry-level cyber security analyst jobs.
Common cyber security analyst job titles:
Incident Analyst: Responds to cyber crimes that have occurred, and pieces together a narrative to understand how the crime was committed. They gather evidence to clarify the events that occur when a hacker has broken into a system.
National average salary for Cyber Security Analyst: ~$78,000
Threat Intel Analyst: Specializes in monitoring and analyzing active as well as potential cyber security threats. They focus on analyzing useful intelligence from a wide spectrum of sources to keep their finger on the pulse of cyber security.
National average salary for Threat Intel Analyst: ~$100,000
Security Hunt Analyst: Responsible for defensive cyber counter-infiltration operations against Advanced Persistent Threats (APT). They focus on searching for hackers who have already burrowed deep within their company’s network.
Compliance Analyst: Ensures their organisation’s systems are compliant with government rules and industry regulation. They figure out which regulations affect their organisation, and develop plans to meet the necessary standards. They research, educate and project-manage to ensure that all members of a cyber security team are on the same page.
National average salary for Compliance Analyst: ~$63,000
Cyber security engineering careers
What do cyber security engineers do?
Cybersecurity engineers are much more technically focused. The specialize in how computer networks work, how computers are sharing information with each other in the network, and how to put up firewalls and gateways to control what’s happening within their organization’s network.
Computer networks are made up of both hardware and software, and engineers understand how all these different systems and subsystems are working together, where the vulnerabilities lie, and how to fix them.
Later into their career, engineers have lots of options to transition to other jobs in the same way that analysts can. In fact, engineers often switch into analyst roles, as well as systems architecture and consulting (we’ll talk more about consulting below!).
Skills needed for cyber security engineering jobs:
Entry-level cyber security engineer roles need a sound technical understanding of information systems, security systems, and how computer networks work.
They also need to be well versed in information assurance and cryptography – making sure data is secure across the network, and looking for points of vulnerability.
The fundamentals of network security are also useful at this level. This is not just about understanding how computers work and talk to each other, but how to engineer, design and create security systems.
Common cybersecurity engineering job titles:
Security Engineer: Develops detailed cyber security designs and builds computer security architecture. They’re on the front line of protecting network assets from threat actors, and they create robust defense systems, building and implementing tools for threat detection. They also lead incident response by minimizing the impact of security breaches, conducting investigations and developing response strategies to protect their network.
National average salary for Security Engineer: ~$113,000
Pen Tester: What do pen testers do? Well, they make their living trying to break things. They are hired to probe computer networks and discover vulnerabilities that a truly malicious hacker could exploit. They simulate a cyber attack and attempt to breach their organization’s network. The insights from a pen tester’s report allows the organization to patch up vulnerabilities in the security system.
National average salary for Pen Tester: ~$116,000
Cyber security consulting careers
As well as working in analyst and engineering roles for in-house security teams, cyber security specialists can also become independent consultants.
Before 2014, the cyber security expert in most companies was typically someone on the IT career track who had started playing around with security, and had become the “security person” for their organization. Then about six years ago, companies and governments around the world started to wake up to the fact that customers, companies and data need protection from cyber threats. This has created a huge demand for cyber security skills in organizations — people with the skills to set up security teams and security programs
In response to this, there’s been a great explosion of cyber security consultants who work with companies to help them set up their own security program in-house, or manage their security for them in an outsourced format.
Security consultants focus on protecting their client’s networks, by assessing them and suggesting new protocols, policies and security plans to improve the security of their networks. They can either work in-house (commonly as sales engineers) or within a consulting firm.
They typically have a generalist skillset spanning across both analytics and engineering. People who start at entry-level working for an in-house security team — in both analytics and engineering — often move into consulting further into their career.
Our 15-week Cyber security Engineering course gives students the skills to fast-track into cyber security consulting careers, now available on our New York and Washington, D.C. campuses.
Dr. Bret Fund
VP of Education
Since we opened our doors in 2012, thousands of students have joined Flatiron School to launch new careers in tech.
Find the perfect course for you across our in-person and online programs designed to power your career change.
Connect with students and staff at meetups, lectures, and demos – on campus and online.
Have a question about our programs? Our admissions team is here to help.