Cybersecurity remains one of the hottest job sectors in the 2022’s job market.
According to the International Information System Security Certification Consortium, there are now more than 4.07 million unfilled cybersecurity positions across the world.
But with so many job titles, certifications, and technical requirements, it can feel confusing and intimidating to think about entering the field. The good news is that there are a number of great entry-level jobs out there for employees seeking to enter cybersecurity.
Beginner top three cybersecurity jobs
1. SOC analyst
The Security Operations Center (SOC) is the heart of an enterprise’s cybersecurity efforts, and is usually headed by an enterprise’s top information security talent.
SOC analysts are the most common entry level role on a SOC team. Because they are on the frontline in evaluating cyberthreats, the role serves as the perfect introduction to a company’s network, security policies, and potential issues.
SOC analyst job duties include:
- Monitor ongoing attacks against a company’s network
- Analyze if the attacks are credible
- Analyze severity of potential attack
- Sift out false positives
- Develop incident response plans
- Determine the real issues that exist on the network
- Determine potential risks that exist on the network
- Tracking, documentation, and post-incident reporting
- Provide guidance and training to team members and other departments
The job also gives you a firsthand introduction into the quick decisions cybersecurity teams need to make. Great communication skills are required to escalate threats to the appropriate team members in a timely manner, and to educate other analysts about what to look for in a threat, false positive, or missed negative issue.
SOC Analyst and Network Security in Cybersecurity
Because the SOC Analyst role requires you to have or develop key skills in network security and information technology, it always helps to have some background in these fields and/or a degree in a related field. But, in this field, technical ability is typically more important than formal education.
How to get a cybersecurity certification?
You can also improve your chances by obtaining a recognized certification in the industry, proving you have the hard skills required for success.
And once you’ve had a successful track record as a SOC analyst, you can move on to a number of other roles within the SOC team.
But how much money do SOC analysts make?
Here are average salaries (in June 2021) across the country:
- New York City – ZipRecruiter: $106k; Indeed.com: $92k
- San Francisco – ZipRecruiter: $113k; Indeed.com: $107k
- Nationwide: ZipRecruiter: $97k; Indeed.com: $110k
2. Junior penetration tester (pen tester)
SOC Analysts evaluate incoming threats in real-time. But perhaps you’d rather put yourself in the mindset of one of the bad actors initiating those threats. If so, penetration testing — often called pen testing and sometimes known as “ethical hacking” — may be the career path for you.
What is the main function of penetration testers?
Penetration testers have one job: to find a way to break into their company’s computer networks and security systems in order to assess the risks on their system and prevent a “bad guy” from doing the same.
As a pen tester, you’re using your skills and imagination to “play the bad guy” long enough to find the holes before the real bad guys do. This allows the company to take steps to prevent future damage or loss. For this reason, pen testers are also known as ‘ethical hackers’.
Because you have to understand a system from top to bottom to best figure out its weaknesses, pen testers quickly gain a full view of a company’s security from the top level down to the details. In fact, this step is built into the usual process a pen tester follows: ‘reconnaissance’.
Reconnaissance in Pen Testing
In reconnaissance, pen testers start by using the same methods hackers will use. They get to know the company through public information and look for clues they can use in their attacks. They may even resort to real-life methods like sifting through the company’s literal trash or watching to see if security checks the ID for employees or maintenance workers entering the building.
Of course, they will also do an early process known as ‘scanning’ in the hopes of discovering that their target does not take security seriously. This may involve trying weak or publicly hacked passwords, or attacking the firm through widely known security issues that may never have been patched. After all, why do more work than you have to? It is well known that 95% of cyberattacks are the result of basic human error, such as not changing a password, leaving a laptop unlocked, etc.
Of course, increased attention on cybercrime has more companies taking common sense precautions. This is where the pen tester’s real skill and creativity comes into play. Their goal is to gain and maintain access to the network.
Whether it’s a specific series of tasks to fulfill, or just generally exploiting any weakness found, the pen tester will be putting themselves up against the best efforts of a SOC team in these stages. A real hacker will know they got lucky if they gained access the easy way, and they’ll look for ways to protect that access even if the pathway they found is closed.
Final stage in pen testing
The final stage is the most complex and dangerous (to a company) – being able to obscure the fact that you gained access to their network. Whether it’s an ongoing hack, or just steps you take to cover your tracks after succeeding in a mission, pen testers demonstrate how difficult it can be for SOC teams to do their jobs. After all, you can’t respond to an intrusion if you didn’t know it occurred!
You can learn more here about what it takes to become a pen tester, and you’ll find it’s a well-paying career no matter where you are located (June 2021).
- New York City – ZipRecruiter: $128k; Indeed.com: $130k
- San Francisco – ZipRecruiter: $124k; Indeed.com: $138k
- Nationwide – ZipRecruiter: $116k; Indeed.com: $119k
3. Threat analyst
SOC Analysts scan for incoming threats, and pen testers look to exploit weaknesses in a network’s current security systems. But perhaps you’d rather use your creativity to look ahead and try to work out the threats your company may face tomorrow, next week, or next year – and even who the biggest threats might be.
Threat analysts scan their industry and the information security field to imagine where the next intrusions may come from.
They ask themselves questions about their network like…
- Why would someone want to attack our network?
- What information or physical assets could be valuable to someone?
- How would you access those assets?
- What does someone have to gain from our company or customers’ data?
First and foremost, a threat analyst is a master researcher. They look for information wherever they can get it, and try to understand the players and technologies that affect their company and the areas where it does business. They may keep a close watch on competitors’ problems, and even try to understand if their firm has high-value targets who may be the real focus of an intrusion onto their company’s network.
But perhaps the greatest skill a threat analyst must master is communication and persuasiveness. They need to master the details and communicate them quickly and effectively — both verbally and in writing —to different audiences, including SOC analysts, cyber engineers, and executive management.
Depending on the nature of the threat, they may have to come armed with a persuasive argument to capture the interest of busy team members who may be focused on current problems.
Of course, a key way to build credibility and success in any role is to have an understanding of fundamentals. Threat analysts need to understand the programming languages and technologies their companies use so they can have a full picture of where the future weaknesses can be. A cybersecurity engineering bootcamp and a certification may be great ways for someone without an established industry track record to develop those hard skills.
The good news is that threat analysts are in demand, and boast average salaries that can make them a very compelling career choice. Here are average salaries (June 2021) for threat analysts around the nation:
- New York City – ZipRecruiter: $114k
- San Francisco – ZipRecruiter: $114k
- Nationwide – ZipRecruiter: $106k
Ready for the next step?
Now is the perfect time to get into Flatiron’s cybersecurity course, no matter your experience level.
Whether you’re sure fighting cybercrime is right for you or still exploring which path you will take, schedule a 10-minute chat with Flatiron School admissions to learn more about starting your career in cybersecurity.