Cybersecurity Career Paths

Interested in cybersecurity career paths? With the current market combining high demand with an insufficient amount of qualified cybersecurity professionals, now is a great time to enter the industry. 

In this post, we’ve collected some standard job titles, their typical requirements, and the average salaries to expect.

What is Cybersecurity?

Cybersecurity, also called information technology security, is the protection of computer systems and networks from information disclosure, theft of, or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

In more simple terms, it is the practice of protecting sensitive digital information from unauthorized access.

Why pursue a career in Cybersecurity?

Frankly, demand is booming for cybersecurity professionals. According to research by Cybersecurity Ventures, “the number of unfilled cybersecurity jobs grew by 350 percent, from 1 million positions in 2013 to 3.5 million in 2021 … and an estimated 1.8 million cybersecurity jobs will go unfilled.” (1) 

For those looking to switch jobs or careers entirely in Cybersecurity, there are myriad opportunities. According to Cyber Seek, there are over 714k jobs available in the US alone, especially in tech hotspots of the country like California, Texas, Florida, Virginia, and New York. (2)

Cybersecurity Career Paths Job Openings By State
Cybersecurity Job Openings in the USA State Heatmap (Cyber Seek)

Recent years have seen digital transformations in the form of new platforms (i.e., the cloud), technologies, and software. Paired with recent waves of new regulations on the digital space due to growing privacy concerns and recent high-profile breaches, the cybersecurity industry is struggling to keep up and is faced with a growing skill shortage. 

For many organizations, current staff training levels leave companies unprepared for new digital risks and compliance requirements, and bad actors are taking advantage. 

Related article: Top 3 Cybersecurity Pain Points

Rise In Cyber Attacks

Despite the persistent cultural mental image of hackers as a single individual in a dimly lit basement, in the digital age cyberhacking has become a lucrative, multi-billion dollar industry. (3) And, with the rise of advanced technology such as artificial intelligence, machine learning, and automation, the industry has seen an exponential increase in the number, frequency, and complexity of cyber attacks. 

This is exacerbated by the COVID-19 pandemic that forced a rushed adoption of remote working and left companies to fumble through the transfer to cloud hosting platforms and employees working from home with lower security levels and far more access points. 

The cyber skill gap highlights vulnerabilities concerning newer technologies and platforms that, if left open to attackers, could cripple a company before it’s aware of the risk. 

Organizations, both big-name and boutique, are rapidly hiring cybersecurity professionals to fill skill gaps on their teams, particularly those concerning newer technologies and platforms.  For those interested in Cybersecurity, there is no better time to enter the field.

Entry-Level Roles

Information Security Analyst

Average salary: $113,653 USD*

Typical job requirements: Information Security Analysts are the gatekeepers and security guards of information systems. These professionals plan and execute security measures to shield an organization’s computer systems and networks from infiltration and cyberattacks.

Security Specialist

Average salary: $72,242 USD*

Typical job requirements: A Security Specialist is responsible for maintaining the security of an organization’s database, ensuring that it’s free from cyber threats and unusual activities. 

They upgrade hardware and software applications, configure networks to improve optimization, address unauthorized database access, troubleshoot system discrepancies, conduct security audits on the system, and improve automated processes.

​​Digital Forensic Investigator

Average salary: $93,908 USD*

Typical job requirements: A Digital Forensics Investigator uses digital evidence to solve virtual crimes. Should a security breach occur, resulting in stolen data, a Digital Forensic Investigator will attempt to recover data. This can include documents, photos, and emails from computer hard drives and other data storage devices that have been deleted or damaged.

IT Auditor

Average salary: $103,138 USD*

Typical job requirements: Information Technology (IT) Auditors protect internal controls and data within an organization’s technology system. They safeguard sensitive information by identifying network weaknesses and creating strategies to prevent security breaches.

Mid-Level Roles

Security Systems Administrator

Average salary: $88,315 USD*

Typical job requirements: A Security Systems Administrator is someone who gives expert advice to companies regarding their internal security procedures and helps detect network weaknesses that may make them vulnerable to cyber-attacks. 

Security Systems Administrators are in charge of the daily operation of security systems and can handle things like systems monitoring and running regular backups, setting up, deleting, and maintaining individual user accounts, and developing organizational security procedures.

Penetration Tester

Average salary: $108,671 USD*

Typical job requirements: Penetration Testers, often abbreviated as “pen testers”, perform simulated cyberattacks on a company’s computer systems and networks. These authorized tests identify security vulnerabilities and weaknesses before malicious hackers have the chance to exploit them.

Security Engineer

Average salary: $116,786 USD*

Typical job requirements: Security Engineers are responsible for testing and screening security software and monitoring networks and systems for security breaches or intrusions. 

Security Architect

Average salary: $166,521 USD*

Typical job requirements: Security Architects assess an organization’s IT and computer systems to identify strengths and weaknesses. They also conduct penetration tests, risk analyses, ethical hacks, and assess routers, firewalls, and systems to determine efficacy and efficiency.

Cryptographer

Average salary: $97,477 USD*

Typical job requirements: Cryptographers secure computer and information technology systems by creating algorithms and ciphers to encrypt data. They often also carry out the duties of a cryptanalyst, deciphering algorithms and ciphering text to decrypt information. Cryptographers also analyze existing encryption systems to identify weaknesses and vulnerabilities. 

Cybersecurity Manager

Average salary: $130,243 USD*

Typical job requirements: Cybersecurity Managers monitor the channels through which information flows into and out of an organization’s information network. They are responsible for observing all of the operations occurring across the network and managing the infrastructure that facilitates those operations. 

Senior Level Roles

Senior Manager of IT & Security Compliance

Average salary: $142,631 USD*

Typical job requirements: A Senior Compliance Officer manages an organization’s compliance team to ensure adherence to industry guidelines. They check for, investigate, and resolve any unethical or illegal behavior, identify regulatory compliance issues, and conduct compliance risk assessments.

Director of IT Security

Average salary: $173,829 USD*

Typical job requirements: An Information Security Director oversees the information technology security operations of a business. Responsibilities often include security assessments, department budget management, training employees, managing security programs, and crisis management. 

Cybersecurity Architect

Average salary: $142,486 USD*

Typical job requirements: A Cybersecurity Architect plans, designs, tests, implements, and maintains an organization’s computer and network security infrastructure. 

Chief Information Security Officer (CISO)

Average salary: $200,965 USD*

Typical job requirements: A Chief Information Security Officer (CISO) is the executive within an organization responsible for establishing and maintaining the enterprise’s vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in developing processes, responds to incidents, establishes standards and controls, manages security technologies, and directs the establishment and implementation of policies and procedures. 

Bug Bounty Specialist

Average salary: $115,627 USD*

Typical job requirements: Also known as an “Ethical” or “White Hat Hacker”, a Bug Bounty Specialist is an individual that takes advantage of deals offered by websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those regarding security exploits and vulnerabilities.

Breaking Into The Field

The market in 2022 is red-hot, to say the least. With frequent cohorts of cybersecurity graduates training in the latest technologies and platforms and high amounts of turnover as skilled workers trade up for more convenient and lucrative jobs, the talent pool is both deep and competitive.

To be a competitive applicant for these cybersecurity career paths, gaining an educational certificate from an established training organization like Flatiron School can super-charge your career and make you stand out among a sea of hopefuls. 

Ready to take the next step? Start with a Free Cybersecurity Lesson, or check out the Cybersecurity Course Syllabus that will set you up for success with the skills to launch you into a fulfilling and lucrative career.

Related Articles:

What Certifications Do You Need for Cybersecurity?

How to Get into Cybersecurity: 6 Questions from Beginners

Top 3 Cybersecurity Pain Points in 2022

* Salaries cited current as of June 2022 

Sources:

  1. https://www.linkedin.com/pulse/future-cybersecurity-job-market-2022-amit-doshi/
  2. https://www.cyberseek.org/heatmap.html
  3. “Cybersecurity: Hacking has become a $300 billion industry,” InsureTrust
  4. https://www.isc2.org/News-and-Events/Press-Room/Posts/2021/10/26/ISC2-Cybersecurity-Workforce-Study-Sheds-New-Light-on-Global-Talent-Demand

Top 3 Retail Tech Trends in 2022

Shopping and retail tech in the modern age move at the speed of the internet, and retailers – both big box and boutique – need to evolve to keep up.

The tech that powers personalized shopping experiences, marrying online and in-store data, and cashier-less checkout are only as effective as the engineers behind the scenes.

Trend #1: Digital-First Shopping

While the retail market had already seen a shift away from brick-and-mortar shopping in the early 2010s, the arrival of the COVID-19 pandemic in 2020 cemented the turn towards online shopping. 

Shoppers by and large are no longer walking into physical stores for their goods, instead, they are logging onto their computers with credit cards in hand.

Companies whose digital presence does not present an attractive and easy-to-use platform to users will inevitably suffer in the digital-first modern age and be left in the dust by big-box retailers who offer ease of use. 

Faced with the urgent pressure to digitize, retail tech teams need to modernize their online platforms and will need a technically trained team to keep up.

TIP: Invest in Skilled Engineers

In a recent study, retailers reported software development as the #1 desired technical skill for new hires. Java, software engineering, SQL, Python, JavaScript, and data science also made the list.1  

So, how do retailers build out a technical team to get your digital storefront live and profitable? Sourcing recent graduates from technical training institutions can help ensure that new hires are up to date on the newest software, platforms, and best practices in the online marketplace. 

Over the past 10 years, top retailers such as Amazon, Walmart, Target, and Best Buy have hired our graduates across all disciplines including Software Engineering, Data Science, Cybersecurity, and UX / UI Product Design. 

Big box and clothing retailers in particular source our Software Engineering and Data Science graduates for their skills in Python, Java, JavaScript, and SQL. These languages are used in online interfaces such as cashier-less checkout, virtual storefronts, virtual dressing rooms, and marrying online and offline data to personalize shopping experiences and increase profitability.

See the full skills list taught to our graduates and learn more about hiring our top tech talent

Trend #2: Mobile Commerce

Going hand in hand with the shift to online-first shopping is mobile apps for on-the-go convenience. Customer touch points now feature everything from brand-owned mobile apps to social media platforms, each of which is a chance for retailers’ brand messaging to reinforce customer loyalty. 

But, in a crowded app market with dozens of competitors vying for screen time, how can a retailer increase downloads, user engagement, and – most important of all – mobile conversions? 

TIP: Revamp UX / UI For Seamless Shopping

UX / UI design is a critical success factor in mobile commerce, one that Data Scientists are tackling by connecting data points from multiple systems and gaining actionable one-to-one insights at scale. 

For brand-owned mobile apps, this is often where the most loyal (and profitable) customers aggregate. User experience and user interface can make or break mobile viability, and nothing bottoms out an app’s performance faster than a difficult-to-use interface.

Retailers should utilize UX / UI Product Designers to revamp user interfaces and imbue brand-owned mobile apps with easy-to-use features to ensure a seamless experience that will keep users coming back.

Trend #3: Cybersecurity For The Digital Age

While not a new topic and certainly not unique to retailers, recent cybersecurity trends and high-profile breaches have resulted in several pain points for brands that hold personally identifiable information (PII). 

With the shift towards remote/hybrid working, many retailers are realizing new or increased vulnerabilities including cloud hosting platforms, number of access points, more frequent cyber attacks, and a lack of internal resources struggling to keep up. 

In the digital age where automated attacks can quickly overwhelm retailers, having adept and skilled professionals in place is critical to a company’s continued prosperity and longevity.

TIP: Upskill Cybersecurity Teams

Essential cybersecurity skills for the digital age include SQL, which attackers could use to steal confidential data, compromise data stores, and execute web-based attacks, as well as Python, which helps to scan and analyze malware, and Java, which can be used in penetration (pen) testing.

For retailers to ensure their databases are secure, recruiting cybersecurity professionals with up-to-date and relevant skills or upskilling in-house teams is critical.

Partnering with established training organizations to hire top-level graduates can help retailers build out a team that is up to date with current technology and regulations.

Alternatively, retraining or cross-training existing employees can be a more financially effective option. Utilize technical training organizations to address technical skill gaps on your team and build on existing internal expertise. 

Custom-Tailored Solutions For Retailers

For retailers to keep up in the modern age, skilled technical teams, whether comprised of new hires or upskilled current employees, are critical to long-term viability and profitability.

If your organization is building out a technical team, there are some must-have skills sets to look for:

  • Software Developer / Software Engineer: JavaScript, HTML, Ruby, CSS
  • Full Stack Developer: JavaScript, HTML, CSS, Java, Ruby, Python, SQL
  • Front-End Developer: JavaScript, HTML, CSS
  • Back-End Developer: Java, Ruby, Python, SQL
  • Mobile Developer:  Java, JavaScript
  • Data Scientist: Python, SQL, Java
  • Data Analyst: Java, Python
  • Cybersecurity Risk Specialist / Analyst: SQL, Python, Java
  • Product Designer: UX, UI, ethical and inclusive design
  • UX Designer: UX (user experience), ethical and inclusive design
  • UI Designer: UI (user interface), ethical and inclusive design

But, retailers are busy, and sifting through a mountain of applications takes time. To ease organizations into the digital age with qualified employees, Flatiron School teaches the skills and disciplines retailers’ technical department teams need to keep up.

Software Engineering Data Science Product Design Cybersecurity
Website Development & Management X X
Cashierless Checkout X X
Virtual Storefronts X X
Virtual Dressing Rooms X X
Marrying Online & Offline Data X
Personalization X X X
Brand-Owned Mobile Apps X X
Mobile Social Commerce X
Protect PII X
Inventory Management X X
Sophisticated Pricing Algorithms X X
Increased Shipment / Delivery Speed With Drones, Other Tech X

To see how technical recruiting, upskilling and retaining, or hire-to-train programs offered by Flatiron School can help level up your retail tech team, visit our retail industry page.

Need something special? Talk to our team of retail tech experts about how we can build a curriculum to fit your organization’s needs. 

Sources:

  1. https://insights.dice.com/2021/06/14/technology-jobs-in-retail-demand-these-core-skills/
  2. https://hbr.org/2015/11/how-marketers-can-personalize-at-scale
  3. https://www.forbes.com/sites/bernardmarr/2022/01/12/the-five-biggest-retail-tech-trends-in-2022/?sh=2df4a01e36d4

Top 3 Cybersecurity Pain Points in 2022

Cybersecurity is a quick-moving and ever-evolving discipline, with cyber criminals and providers constantly trying to outpace one another. With dire consequences should an organization’s security slip, here are the top 3 cybersecurity pain points to be aware of in 2022 and on.

Shift to Remote Working

With the arrival of the COVID-19 pandemic in 2020, companies were forced to adapt to working from home with little time to plan or prep. As the pandemic slowly fades out, working from home seems to be here to stay for many organizations, and presents cybersecurity risks and challenges.

Cloud Hosting Platforms

For teams working remotely, cloud platforms such as Google Drive and Amazon Web Services facilitate communication and collaboration but can be minefields for cyber risk. 

The vulnerability of these platforms is highlighted due to the increased entry points for attacks and the potential for misconfigured settings leading to unauthorized access, insecure interfaces, and account hacking if passwords are compromised or two-factor authentication is not set up. 

For effective utilization of convenient cloud platforms, cybersecurity professionals need to understand the backend workings of the interfaces and undergo sufficient training for relevant certifications. The haphazard implementation of these platforms across an organization, without the proper security or preparation, could leave a company open to attacks.

Lower Security Levels

As one may expect, home offices tend to be less secure than centralized office locations. Company offices have more secure firewalls, routers, and access management systems, not to mention a team of security professionals on-site. 

Comparatively, home security is often limited to default provider settings, leaving an opening for more knowledgeable bad actors to take advantage. 

In addition, while one of the benefits of working remotely is that one may work from anywhere with a Wi-Fi connection, connecting to non-secure public networks may unintentionally provide access to hackers. Coffee shops, libraries, and airports are all places where anyone can connect anonymously to a shared network and get up to anything they like, including hacking.

Increased Number of Access Points

With the line between work and life blurred, the use of personal devices in a working capacity has become pervasive. Personal mobile devices are used for two-factor authentication, corporate messaging systems (such as Microsoft Teams, Slack, Zoom), and checking company email. Where employees once used only a single desktop in the office, there are now multiple devices signing on simultaneously to a single controlled account, often with varying security levels. 

While not intentionally risky, the use of non-controlled personal devices can present vulnerabilities due to weak passwords, ineffective firewalls, loose settings, and the transfer of files between devices for convenience (using a personal tablet instead of a work-issued laptop while on a plane, for example). 

These obvious entry points are in addition to the ever-expanding IoT network. IoT refers to any device that connects to the internet to share data other than computers, phones, and servers. This can include tools such as smartwatches, fitness trackers, smart kitchen appliances, and voice assistants (such as the pervasively popular Amazon Echo and Google Home). With an anticipated 64 billion IoT devices by 2026, the entry points for bad actors are plentiful. (1) 

While the original shift to remote working in early 2020 was rushed and accomplished with devices that may not have been properly secured, with the WFH shift gaining permanence organizations are assessing risks and vetting platforms, software, and devices that enable remote teams to connect securely.  

Rise of Artificial Intelligence

Despite the persistent cultural mental image of hackers being a single individual in a dimly lit basement, in the digital age cyberhacking has become a lucrative, multi-billion dollar industry. (2)

And, with the rise of advanced technology such as artificial intelligence, machine learning, and automation, the industry has seen an exponential increase in the number, frequency, and complexity of cyber attacks. 

To make matters worse, a high level of expertise in malicious software is no longer needed to execute a devastating coup. There is now off-the-shelf, highly complex ransomware that can be purchased and repurposed for a fee that, in the face of potentially millions paid in ransom for a catastrophic data breach, has a significant ROI for the users. 

Remote working has exacerbated vulnerabilities. Ransomware attacks can come from any digital point of access and have been gaining complexity using social engineering. By targeting isolated employees working remotely from a seemingly authoritative source via any number of digital access points with automation software, bad actors have scaled both their attempts and success rates. 

Common Cyber Attack Tactics

Smishing: sending text messages purporting to be from reputable companies.

Vishing: making phone calls or leaving voice messages purporting to be from reputable companies. Most notably used as part of a Twitter hack in 2020 targeting the company’s customer service representatives working remotely.

Phishing: sending emails purporting to be from reputable companies or people.

Whaling (a.k.a. Spear Phishing): attackers use phishing methods to go after a large, high-profile target, such as the c-suite.

The number and frequency of these attacks are increasing year over year, and organizations that do not plan ahead leave themselves vulnerable. Rigorous employee training and well-communicated best practices can help prepare employees, but having knowledgeable cybersecurity professionals in place as the first line of defense is vital.

Lack of Internal Resources

Recent years have seen the proliferation of digital transformations in the form of new platforms (i.e., the cloud), technologies, and software. This, paired with recent waves of new regulations on the digital space due to growing privacy concerns and recent high-profile breaches, has left the cybersecurity industry struggling to keep up. 

For many organizations, whether small or large, current staff training levels leave companies unprepared for new digital risks and compliance requirements, highlighting the cyber skill gap concerning newer technologies and platforms and worsening vulnerabilities. 

This lack of knowledge, staffing, or both makes these companies figuratively sitting ducks in the murky waters of the digital world that is growing more fraught with each passing year. 
According to Check Point Research (3), cyberattacks have increased 50% each year, reaching the highest levels since reporting began, with education and research industries being the most frequently attacked sectors. For organizations lacking the internal resources to prepare for these onslaughts, breaches can be almost inevitable.

The Cost of a Breach

The price paid for lax digital security can be a hefty sum as well. 

According to the Ponemon Institute and IBM’s Cost of a Data Breach Report, the average total cost of a data breach increased from $3.86 million to $4.24 million in 2021. (4)

For the industry to keep up with current demand, estimates project that an additional 2.72 million skilled workers are needed to fill employment gaps. (5) But, with the ongoing market trend labeled “the great resignation” (or “the great reshuffle”), companies are having difficulty recruiting and retaining top talent.  

In a digital world where automated attacks can quickly overwhelm manual monitoring attempts, having adept and skilled professionals in place is critical to a company’s continued prosperity and longevity. 

How To Mitigate Cybersecurity Risks

To address these cybersecurity pain points, organizations need to reinforce their cyber protocols and ensure that their team is skilled, supplied with appropriate software and platforms, and has the bandwidth necessary to handle the deluge of attacks. This can be accomplished either by outsourcing to third-party providers or investing in internal infrastructure and employees.

External Talent Recruiting

The market in 2022 is red-hot, to say the least. With frequent cohorts of cybersecurity graduates training in the latest technologies and platforms and high amounts of turnover as skilled workers trade up for more convenient and lucrative jobs, the talent pool is both deep and competitive. 

Partnering with established training organizations to hire top-level graduates can help your company ensure that new team members are up to date with current technology and regulations.

Upskilling Current Employees

For companies with an existing team that is interested in retraining or cross-training, upskilling can also be an option. Employee loyalty is a hard-won and well-earned honor that, when built upon, can prove to be the foundation that carries your organization forward into the digital age with ease. 

Utilize technical training organizations to address technical skill gaps, improve employee retention, and build on existing internal expertise. 

For more information on how technical recruiting, upskilling and retaining, or hire-to-train programs offered by Flatiron School can help level up your cybersecurity team, visit our enterprise page

Together we’ll discover your organization’s true cyber potential. 

Sources:

(1) https://www.businessinsider.com/internet-of-things-devices-examples?r=US&IR=T 

(2) “Cybersecurity: Hacking has become a $300 billion industry,” InsureTrust

(3) https://blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year/ 

(4) https://www.ibm.com/security/data-breach 

(5) https://www.isc2.org/News-and-Events/Press-Room/Posts/2021/10/26/ISC2-Cybersecurity-Workforce-Study-Sheds-New-Light-on-Global-Talent-Demand