You’re closer than you think to a career in tech. Our grads have launched rewarding new careers — you can too.View Our Jobs Report
Cyber security is a fast-growing industry with a huge skills gap
Cyber security roles are high-paying and in-demand
It’s best to start with a Sec+ certification and choose a secondary certification based on your career path
Many other technical fields have skills that can easily transfer to cyber
Soft skills like presentation and communication skills are also important in a cyber career
There are many paths to pursue based on your interests and skillset
Cyber security bootcamps, college, and self-teaching are all reasonable paths to a cyber career, since any of the three can help you get certified
Besides data analytics, programming, and DevOps, cyber security is among the most in-demand skillsets by employers. Knowing this, you might wonder how to break into the field, what it entails, and what skills (both technical and soft) you need to survive and thrive in cyber security.
Here, we answer such questions. Whether you’re an experienced cyber security engineer, fresh college graduate, or a complete newbie, this article should help answer your questions so you can learn how to get into cyber security.
What is cyber security?
In simple terms, cyber security is the practice of securing networks, resources, and systems from digital/cyberattacks. This means anytime you take measures to protect a system or network from cyberattacks, you are practicing cyber security.
Despite its superficial simplicity, cyber security is a lot more complex than installing antivirus or antispyware software onto your machines. It is a wide, comprehensive field consisting of different disciplines and best practices to preserve the safety, integrity, and reliability of networks and digital systems.
Why is cyber security important?
Digital life is becoming more pervasive and will continue to become more pervasive. We live a large chunk of our lives online, from social media to online shopping, gaming, and even remote work.
These come with requisite data such as passwords, credit card information, staff numbers, protected health information, personally identifiable information, and sensitive documents (such as copyrights, trade secrets, patents, and so on).
A data breach could expose sensitive information to people with malicious intent and cause severe embarrassment for individuals, damage to reputations, and huge monetary costs.
Information theft is not the only goal of a cyberattack — hackers and malicious actors sometimes attack infrastructure controls and compromise data integrity. These attacks cost organizations more and more money as hackers develop novel and innovative ways of getting to protected data. Records show that a cyberattack occurs every 14 seconds, and a 2019 estimate predicts that cyberattacks could cost up to $6 trillion in 2021.
Therefore it’s critical, both at the individual and organizational level, to find ways to secure the data that we rely on so much.
What cyber security jobs are out there?
If you’ve done any research into cyber security positions, you must have come across something called the cyber security talent gap. The cyber security talent gap is the lack of skilled cyber security personnel available to fill much-needed roles in organizations. A recent estimate shows that over 3.5 million cyber security roles will go unfilled in 2021 globally. These are positions that you could already be training to fill!
Furthermore, a PricewaterhouseCoopers report states that less than half of companies worldwide are prepared for a cyberattack. It’s a fact that cyberattacks are increasing in regularity and severity, and this points to a serious need for skilled personnel in the cyber security industry. So what’s needed to get into cyber security?
Further reading: The Ultimate Guide to Cyber Security Careers
Basic education requirements for cyber security jobs
Cyber security is a vast field with different job roles. No matter your background, there is something you can contribute to the cyber security discussion. Because of this, the educational requirements for cyber security vary. For instance, many entry-level cyber security jobs do not require a bachelor’s degree in cyber security or even a related field.
On the other hand, more advanced jobs require at least a bachelor’s degree or a master’s in some cases.
The position of a Chief Information Security Officer (CISO), a mid-executive level employee who plans, coordinates, and directs an organization’s cyber security blueprint, requires a minimum of a bachelor’s degree in cyber security or similar fields and 7–12 years of experience in a similar field. A master’s degree in the mentioned fields is advantageous as some larger companies require at least a Master’s degree in cyber security or a related field.
However, keep in mind that the best way to thrive in a cyber security career is to acquire certifications. More on this later.
Cyber security salaries and the cyber security job market outlook
A cyber security career promises a high paying role. The high demand for cyber security jobs coupled with the particular skills needed for the job practically ensures an attractive employment package.
But with that being said, the average salaries for cyber security positions vary from state to state (like with almost any job).
To provide some context around how salaries can vary by location, here are average salaries across states with high cyber demand.
New York cyber security salaries
According to Indeed.com, entry-level cyber security salaries vary based on the specific position. These are the most prevalent cyber security positions in New York and their corresponding salaries.
Security Officer: $55k
Security Engineer: $140k
Security Administrator: $93k
IT Security Specialist: $118k
Information Security Analyst: $101k
Entry-level Analyst: $64k
Washington, D.C. cyber security salaries
In Washington, D.C., the most looked for positions, and their attendant salaries are listed below
IT Security Specialist: $120k
Information Security Analyst: $120k
Security Engineer: $136k
Security Analyst: $120k
Intelligence Analyst: $106k
San Francisco cyber security salaries
San Francisco is a booming market for cyber security, with many global companies having corporate offices in the city. The most looked for positions, and their corresponding salaries are as follows
IT Security Specialist: $138k
Information Security Analyst: $92k
Security Engineer: $159k
Security Analyst: $156k
Seattle cyber security salaries
There are tons of cyber security opportunities here, with employers looking to fill a multitude of positions. Here are the most looked for:
IT Security Specialist: $118k
Information Security Analyst: $110k
Security Engineer: $138k
Security Analyst: $123k
Chicago cyber security salaries
As with the other cities mentioned, Chicago also hosts a multitude of cyber security opportunities, with the most looked for as follows:
IT Security Specialist: $107k
Information Security Analyst: $89k
Security Engineer: $127k
Security Analyst: $81k
National cyber security salaries
The national averages for the most sought cyber security jobs are as follows:
IT Security Specialist: $82k
Information Security Analyst: $94k
Security Engineer: $108k
Security Analyst: $99k
Further reading: How to Stand Out and Get a Job in Information Security
How to get into cyber security if you come from another technical field
A lot of skills needed in other technical fields are transferrable to the cyber security space. You might need to acquire/polish some of those skills, though, like security ops or information systems.
A lot of technical jobs serve as a good entry-point into the cyber security realm. People with jobs in financial and risk analysis, security intelligence, and the like are well-positioned to transition into cyber security.
Moreover, only about 20% of employers view an undergraduate degree in cyber security or a related field as the most important qualification for getting a job. Most of them tend to value skills and professional certifications over a degree. Some of the most relevant skills are knowledge of basic and advanced cyber security concepts and strong non-technical/soft skills.
Technical skills you’ll need in cyber security if you’re coming from another technical field
Here’s a comprehensive list of the technical skills you’ll likely need for a budding career in cyber security.
1. Risk assessment and management
This is possibly the most important skill a cyber security specialist can have. It entails identifying possible threats and analyzing and evaluating the risks the organization faces. It ensures that the measures to protect the organization are appropriate to the organization’s risks. Also, organizations will require you to evaluate candidate systems and assign them a score based on how vulnerable they are to exploitation.
This is the process of ascertaining a user’s identity, thereby allowing them access to digital resources. This is one of the most important skills in a cyber security career. Cyber security professionals create new authentication schemes and audit existing ones for possible data leaks/breaches. In addition to this, the cyber security professional should be comfortable with firewalls and Intrusion Detection Systems (IDS).
This open-source operating system is a favorite of cyber security professionals because of its flexibility and transparency. As a result, most cyber security tools (such as penetration testing, vulnerability analysis, and ethical hacking) are developed for the Linux operating system. It’ll do you good to learn it before embarking on your cyber security career.
4. Information systems
This refers to how information is collected, processed, stored, and distributed both within and without an organization. As a cyber security professional, you should understand, to a high level, the routes the data takes and what operations are performed on it. This will help in identifying breaches and building better protective measures for the data.
5. Digital forensics
This refers to the investigative methods used to find anomalies and malicious activity on the network. This is an important skill to have
6. Coding languages
Many cyber security jobs entail fluidity or at least familiarity with various cyber security coding languages.
Soft skills you need in cyber security if you’re coming from another technical field
Apart from your technical know-how, it is also important to have the necessary soft skills to thrive in any work environment, especially in the cyber security niche. Here are a few of the soft skills that you need in cyber security.
A lot of people picture cyber security specialists as lone rangers, hunched over a keyboard somewhere and typing commands straight into the shell at the speed of light. This couldn’t be further from the truth.
Most organizations require a team of efficient professionals working together. The size of the team depends on the size of the organization and their data needs. Any kind of friction between team members can lead to the overall subpar performance of the team, and this can be dangerous.
2. Presentation skills
Cyber security experts often need to explain very technical topics to non-technical people. The ability to simplify complex topics and present them in a simple and/or visual manner is vital.
3. Problem-solving skills
The ability to look at a problem, understand it, and come up with a viable solution is important across different walks of life and even more so for cyber security. Here, cyber security professionals have to preempt the problems and solve them before they even happen. You wouldn’t want your cyber security team to always react after a breach, would you? The ideal scenario will be to prevent the breach from happening in the first place.
How to acquire these cyber security skills and demonstrate your experience
As someone coming from a technical field, your best bet for acquiring these much-needed skills will be to attend a cyber security bootcamp. Bootcamps offer a quick, relatively cheap way to skill up in cyber security-specific skills. They also offer flexibility in the instruction process, with prospective students able to choose between full-time/part-time and in-person/virtual programs.
To demonstrate your skills, networking is important. One of the best ways to do this is by attending hackathons. Hackathons or hacking marathons offer participants the chance to work on a problem and try to solve it over several days. It gives cyber security enthusiasts the chance to showcase their skills in a time-constrained, competitive environment. You might also look into attending local security meetups and events.
This is a great way to meet other enthusiasts and possibly learn a lot of insider information.
How to get into cyber security if you already work in IT
People from IT backgrounds tend to find that a lot of the skills they already have translate well to cyber security. People from software engineering backgrounds, for instance, are used to working with and manipulating data in databases and working with front and backend frameworks. People with IT experience are most times familiar with information systems and networks. They also tend to have been exposed to such fundamentals as configuring and administering systems, coding, database management, IT procedures, and real-world business operations.
Technical skills you’ll need in cyber security if you already work in IT
Depending on the cyber security role you have in mind, your technical skills from your previous IT role might not translate perfectly. That being said, some IT roles are such a good fit for cyber security that they are called feeder roles. The skills you’ll need are:
Risk assessment and management
Soft Skills you’ll need in cyber security if you already work in IT
The soft skills you might need include:
Verbal and written communication
How to acquire these skills and demonstrate your experience
The IT field is a great stepping stone for a cyber security career. Your best course of action should be to accumulate as many relevant certifications as possible. You might consider this route expensive and/or time-consuming. If so, consider a reputable bootcamp. As previously stated, bootcamps offer a flexible, relatively inexpensive way to level up your skills and compete meaningfully on the cyber security front.
Keep in mind that cyber security certifications are important to most employers. This is because they announce the skills that you have acquired with the benefit of the backing of the organization issuing it. This gives you a foot in the door at interviews and helps to reputably demonstrate the valuable skills you’ve recently acquired.
How to get into cyber security if you have no technical experience at all
We’ve talked at length about what people from technical backgrounds have to offer in the field of cyber security. Does this mean that only technical individuals have a future in it? No! Far from it. You don’t have to be a technological genius to excel in the cyber security space. Cyber security is an end-to-end business, and there is something for everyone.
While it is possible to get into the cyber security field without technical experience, your journey will likely be longer than someone with a technical background. This is because you’d need to get trained in skills that someone previously in tech is already grounded in. To help in your journey, we’ve compiled a list of skills you should concentrate on, at least at first.
Technical skills you’ll need in cyber security if you have no technical experience
If you’re coming from a non-technical background, your technical skills might leave something to be desired. That being said, here are some skills to get you up to speed:
1. Penetration testing
This is also called pen testing. This is a way to check a system for vulnerabilities by simulating a cyber attack on it. After the test parameters are planned, the specialists audit the system and find out how it should respond to the intrusion. After this, they try to gain unauthorized access to the system. Pen-tests are performed at every entry point for system data. The results of the pen-test are then analyzed, and countermeasures are created by the cyber security team.
2. Cloud security
The “cloud” is such a common term nowadays that it’s easy to misunderstand it. The cloud is just a collection of computers/servers that you can access remotely as opposed to locally. By extension, cloud security is then any method by which applications, data, and resources are protected in the cloud.
3. Digital forensics
This means exactly what it sounds like; following digital clues to uncover crimes and crime attempts. Cyber security experts use this when there is a data breach to attempt to uncover who did what and when.
Soft skills you’ll need in cyber security if you have no technical experience
The soft skills needed are virtually the same as those needed if you’re from a technical or IT background. However, the most important ones for you are:
1. The willingness to learn
A lot of the things you’ll encounter, at least at first, will be completely new to you. To top it off, people with IT backgrounds already know a lot of them. This means you start at a slight disadvantage. The willingness to learn new things will push you to skill up as quick as possible and is probably the single most important skill you can have
2. Management skills
Cyber security is about people too. You’ll need to brush up on your people skills. You also need to learn how to effectively manage time, projects, deadlines, and the like.
How to acquire these skills and demonstrate your experience
As you’re already a bit behind when compared to people with IT experience, you’ll need to dedicate time and resources to your learning journey. One option will be to go to college and pursue a cyber security degree. This will get you up to date on the theory behind it and give you some solid grounding in cyber security concepts.
The expense and time of college are not a burden everyone can shoulder. If you can’t or simply don’t want to do so, the bootcamp route can be effective. Bootcamps take a lot less time and are miles cheaper than a college degree. Bootcamps will offer you the practical knowledge that you need to get an entry-level job. However, you might not be as solid in theory as a college graduate.
The best option for someone not going the college route is a combination of a bootcamp and self-study. The study will bolster any practical knowledge acquired with the underlying theory.
Choosing a cyber security career path that works for you
To choose implies that there are options for you to choose from. The cyber security space is vast enough that you can find roles that suit the skills you have and your natural inclination. To help with the selection, we’ve compiled a list of cyber security roles and what is needed for each one.
A pen tester is someone you hire to hack you. Sounds counter-intuitive but wouldn’t you want to know about your system’s vulnerabilities before external and possibly malicious parties do? The pen tester simulates a cyberattack, and the insights they generate can help an organization close up the vulnerabilities in their system.
Pen testers are creative; they have to be to find ways to penetrate networks. They also keep extensive records of their activities and any vulnerabilities they discover. If this appeals to you, then you may have found your calling.
Average salary: $118k
Compliance analysts make sure their organization is up to date with government rules and industry regulations. They are more into research and administrative work. They ensure which rules directly or indirectly affect their organization and educate the members of the organization to make sure they comply.
The compliance analyst is a researcher, and more than anything has top par project and people management skills.
Average salary: $92k
As the name suggests, a threat intel analyst monitors potential and active threats to the organization’s cyber security. They are people who have good attention to detail, are organized, and have good presentation and communication skills
Average salary: $98k
4. SOC Analyst
SOC stands for Security Operations Center. The SOC analyst monitors an organization’s network security for malicious activity. The job requires great attention to detail and a firm grasp of information systems and how they operate. Familiarity with software such as Intrusion Detection Systems and firewalls is also necessary.
Average salary: $106k
This is a more technically-focused role than the previously mentioned ones. The cyber security engineer must know how computers and networks work, how data is shared in a network, as well as Intrusion Detection Systems, configuring firewalls, and also how to manage people and projects.
Becoming a cyber security engineer is an amalgamation of a pen tester, a cyber security analyst, and a cyber security architect.
Average salary: $108k
Become a cyber security consultant means having a general skillset of both analytics and engineering. They protect their clients’ networks by assessing them and suggesting plans and policies that improve security. They could work in-house or be part of a consulting firm.
The average cyber security consultant is good at project and people management. They also have to have been firmly grounded in basic and advanced cyber security concepts. Good problem-solving skills are a must.
Average salary: $89k
Certifications in cyber security
Cyber security certifications help demonstrate that you have the chops to do the job. But you need to focus on getting the right ones for them to be effective. A good place to start is probably the CompTIA Security+ certifications. CompTIA offers numerous certifications and has a strong reputation. That being said, here are the top 3 cyber security certifications available now:
The Certified Information Systems Security Professional (CISSP) certification is the premier certification for cyber security professionals and is offered by (ISC)2, the leading organization in cyber security certification and training. CISSP is ideal for professionals looking to prove their mettle across a wide variety of cyber security arenas.
To be eligible, you need at least 5 years of experience. As an entry-level professional, you might want to start with the CompTIA Security+ certifications.
This advanced certification indicates that you have the necessary skills to design, implement and manage an Enterprise Information Security System. It is offered by ISACA and is meant for professionals with at least 5 years of professional cyber security experience.
This is also offered by ISACA. The certification shows you know how to audit, control, and secure enterprise information systems. While there’s also a 5-year experience required to qualify, but there are waivers for special situations. This is ideal for professionals in audit and control roles.
Main skills needed for cyber security jobs
One of the main skills for a lot of cyber security roles is programming. We have put together a list of the most relevant programming languages and why they’re used.
Python is an open-source scripting language that has been steadily gaining popularity over the years. It is popular mainly for how easy it is to learn and its readability. The extensive number of libraries and support also help
A lot of malware is coded in Golang. This makes it an ideal language to pick up and master. Its advantage is its portability and the ability of malware coded in it to escape detection by antivirus software due to its large size
C is a low-level programming language that is useful for reverse-engineering malware and creating antivirus software to counter it. Its simple syntax and a small set of commands make it ideal for learning. The language is also used to identify weaknesses in a network before it is attacked
C++ was created as an improvement on C. It was made to support objects and classes and is faster and more flexible than C. It can also help in reverse engineering and for identifying network vulnerabilities
This is the language used to access and manipulate data in most databases, making it the most popular data management language. It has simple, English-like statements and so is easy to understand. Most websites store their data in relational databases and use SQL (Structured Query Language) to access and modify it.
Assembly language is a low-level language that speaks almost directly to computer hardware. It can be difficult to write and read but is extremely powerful. Especially when it comes to reverse-engineering malware. It is a vital tool to have in a cyber security professional’s toolbelt.
Powershell is a more robust and powerful command-line utility than the traditional windows command-line tool, CMD. Administrators can use it to automate tasks or get in touch with the nitty-gritty details of the system, such as window APIs and events. Attackers like to use it to gain access to systems.
This is a backend scripting language known for its clean syntax and ease of use. It is also popular because it allows you to get more done with less code. It is used on servers and is written in C.
This programming language has remained relevant for a long while because of its versatility, security, and power. It can be used for virtually any programming task, such as pen testing and creating vulnerability testing software. It can have a steep learning curve, at least initially.
PHP is the most popular server-side language. It is still used by a large majority of websites. It is easy to learn and use. Its popularity means that there is vast support and a lot of frameworks and libraries make programming in the language much easier.
The most important soft skills for a cyber security role are:
Management skills: this refers to time, people, and project management.
Verbal and written communication
Willingness to learn
Loyalty and integrity
How to learn the skills you need: 3 paths
If you find college expensive or stifling, you can study by yourself and gain the requisite skills to start a cyber security career. There are a ton of resources (free and otherwise) for you to use in your journey. Books, blogs, and trade magazines should be your constant companions.
Best books on cyber security
Cyber security for Beginners by Raef Meeuwisse
The Basics of Hacking and Penetration Testing by Patrick Engebretson
Social Engineering: The Science of Human Hacking by Christopher Hadnagy
Best cyber security blogs
Flatiron School’s cyber security blog – Resources for beginners and pointers
Krebs on Security — An investigative journalism hub dedicated to reporting on cybercrime.
Zero-Day — A news site offering 24/7 coverage of breaking cyber security headlines.
You need a lot of discipline to stay the course
It could take a long time
Going back to college
If you’re switching careers, you might decide to go the college route. A cyber security degree or a related one (such as computer science) will nicely set you on your path. The best schools for cyber security degrees are listed
Messiah University: The program lasts 4 years and will set you back $36,340 per year.
Drexel University: This school offers a 4-year course with the option of full-time or online participation. The tuition costs are $17,956 per term or $530 per credit online.
Maryville University of St Louis: This University offers a comprehensive 4-year program. Tuition costs $24,766 per year or $622 per credit online.
You’ll get a solid understanding of the basics
Can be expensive
Takes a long time (3-4 years)
Going to a cyber security bootcamp
If college is not a viable option for you and you’d like to acquire cyber security skills in a short amount of time, you should consider a bootcamp. They are cheaper than college and offer a practical curriculum based on what you’re likely to encounter in the industry. And history shows cyber security bootcamps are worth it if you want to start a cyber career.
You’ll gain practical skills
Offers online or in-person programs
Takes between 12 weeks to a year
Sometimes gloss over underlying theory
Best cyber security bootcamps
Flatiron School offers both cyber security engineering and cyber security analytics courses that take 15 and 12 weeks, respectively. Students learn Network and Systems Security, Python, cryptography, threat intelligence, and more. The engineering and analytics programs cost $20,000 and $17,000, respectively.
Fullstack Academy: This school offers a part-time (26 weeks) and a full-time (17 weeks) cyber security course. The students learn encryption, networking, system architecture, and more.
Claim Academy: this intensive 14-week program trains students in Python, perimeter security, security applications, and more.
No matter your experience level, you can join the cyber security industry if you work hard and learn the right things.
Since we opened our doors in 2012, thousands of students have joined Flatiron School to launch new careers in tech.
Find the perfect course for you across our in-person and online programs designed to power your career change.
Connect with students and staff at meetups, lectures, and demos – on campus and online.
Have a question about our programs? Our admissions team is here to help.