The cybersecurity industry remains a promising area of growth when it comes to career paths in tech and beyond. During the last year, while many industries saw decreases in opportunity due to the economic volatility and uncertainty that came with navigating an unprecedented global pandemic, the cybersecurity industry continued to grow. Remote work security risks, increasing ransomware attacks, and more all contributed to the increased need for cyber professionals. In fact, cybersecurity job postings saw a 65 percent increase during the pandemic.
A recent survey conducted by the World Economic Forum shows that cybersecurity is the number one concern of CEOs at the helm of US-based companies. One part of the concern is that there just aren’t enough people with the necessary skills to hire for all of the available cybersecurity openings. This makes it a great time to consider one of the many different cybersecurity careers available for those with the right training.
Why cybersecurity career paths matter
Becoming a well-rounded cybersecurity professional requires having well-rounded experience. Exposure and experience are critical building blocks of a cybersecurity career early on and will also become valuable (and make you more effective) as your career progresses and you become a senior cybersecurity leader. More importantly, exposure and experience allows you to learn which domains in cybersecurity you want to work in and you can then focus your career path more on those. Before committing to a domain of cybersecurity as a career path, it’s important to get exposure to different areas.
Examples of cybersecurity career paths
There are countless career paths within cybersecurity. Because it’s a fairly new and constantly evolving industry, you may see different categories and titles depending on the company or resource you read. However, it’s common to categorize paths in three areas:
3. Senior leadership
Management: Security governance and oversight roles
The security management and governance domain is all about the oversight and management of cybersecurity within the organization. Though it’s important to understand as much as you can about technology and the technical nuances behind cyber risk, this area tends to be less technical than others. Instead of configuring systems or getting deep into operational support, a career path in this space entails using business savviness, organizational management, and soft skills to programmatically manage security. Example opportunities include, but are not limited to:
- Training and awareness: The majority of cyber breaches stem from human error, making training and awareness of employees and customers a critical part of any cybersecurity strategy. A career in this space is one that involves designing curriculums and content in a way that is engaging and lasting to educate people on cyber risks and influence behavioral changes that promote security.
- Audits and compliance: Cybersecurity is all about checks and balances. There are many rules and regulations, like PCI-DSS and HIPAA, that outline cybersecurity requirements for regulated companies. Professionals in this career domain work to achieve, verify and maintain compliance with those rules.
- Third-party risk management: In today’s connected world, companies must pay attention to how their vendors and partners can impact their security posture. Countless security vulnerabilities stem from attackers breaching one company and then using that access to hop over to another connected company’s network. Professionals in this domain help verify and manage third-party security to ensure partners are not introducing risk to the company.
- Project management: Every security strategy includes process and technology components. Designing and implementing these requires superb project management programs to ensure solutions are implemented effectively and efficiently.
Technical: Security engineering and operations roles
This path area covers the more technical roles in cybersecurity. Here you’ll likely be digging into systems, data, tools, and networks a lot more. The aim is to prevent, detect, and respond to cyber threats. Example opportunities include, but are not limited to:
- Cloud security: With so many organizations moving their data and operations to cloud environments, the cloud has been a major topic of discussion in cybersecurity. Careers here involve protecting data and systems from compromise in off-prem or cloud environments.
- Identity and access management: Protecting the confidentiality, integrity, and availability of data starts with the fundamental principle of controlling access. People should only have access to what they need to have access to, and only when they need it. Building a career in access management ensures just that.
- Security engineering: Enterprise security requires a layered approach. Security engineering career paths include all of the designing and building of the layers of security systems required to protect the enterprise. Examples include building encryption systems, email security systems, firewalls, and more.
- Security operations: With a countless number of hackers out there working around the clock to attack organizations, in defense, companies must keep a consistent watch on security posture, intrusion attempts, and more in order to defend against attacks. A career in security operations encompasses all of that monitoring and response.
- Ethical hacking: A great way to uncover weakness in your system is to try hacking yourself. In this career path, professionals constantly try to break into the organizations’ systems and make recommendations for ways to improve security.
Senior leadership: Focusing on the people
Like any industry, company culture and leadership plays a critical role in the success of the business. Example opportunities in this space include, but are not limited to:
- Chief information security officer: Senior leadership is critical in cybersecurity. To gain buy-in and support across the company, it’s important to have a senior-level champion who steers the team and the company towards a world-class cybersecurity posture. This career path requires a broad range of experience and understanding across all areas of cybersecurity, as well as strong people leadership skills.
- Managers and directors of domains: Depending on the size of the organizations, every domain requires some form of leadership or management. This means that growing a career in some domains may present an opportunity to transition from doing hands-on work to leading and guiding a team of professionals who then do the hands-on work. Taking on this career path in any domain requires balance. To elaborate, it’s important to balance understanding key principles and best practices of the domain while understanding how to manage and motivate others.
Crafting a career path in cybersecurity can be an exciting journey. There is no right or wrong answer. There is no strict path to success. It’s important to gain exposure to what’s available, try new things, learn as much as you can, and figure out what domains you love the most. Then consider whether you prefer to build more in-depth career paths within those domains or gain broad exposure in pursuit of more senior leadership roles. Considering career path options also doesn’t have to mean sticking to one domain. No matter which path is chosen, have fun learning and growing throughout the journey.
Cybersecurity career options
Below of an index of complete career profiles:
- Chief information security officer This is an executive-level position tasked with developing and overseeing a company’s cybersecurity architecture, policy/planning, and execution. This position requires technical chops and management acumen.
- Chief privacy officer A chief privacy officer is a new executive-level position that is becoming increasingly more common at large companies, institutions, and organizations — including municipalities and governmental organizations. This new role was created to ensure the protection of critical data such as personal details and financial information.
- Computer forensics These experts are detectives that work with company officials or law enforcement after a data, network, or security breach to paint a picture of how a computer or computer system was compromised.
- Computer security incident responder The responsibilities for this job are very much aligned with the job title itself. Incident responders are usually the first call within an organization or company if a data breach or hack is detected. The role requires documenting the attack and developing a response.
- Cryptanalysts Today’s codebreakers, cryptanalysts use mathematics, computer science, and engineering to analyze different methods of concealing data. This career name is sometimes used to mean cryptographer, but there is a distinction within the industry.
- Cryptographer A cryptographer working in cybersecurity is a modern spin on an ancient discipline. Cryptographers use algorithms and computer code to create (and decipher) encrypted software and related services.
- Cybercrime investigator Digital crimes are unique in that they are undertaken remotely, or that they can happen in virtual realms, or require sophisticated coordination among many nodes or hubs. Cybercrime investigators act as digital detectives to help bring cybercriminals to justice after a hack or cyberattack.
- Data protection officer The data protection officer (DPO) is a relatively new position created to meet the requirements set by the General Data Protection Regulation (GDPR) in Europe. Since the regulation affects all companies doing business in Europe, a DPO helps develop and implement data privacy strategies within a company or organization.
- Digital forensics These professionals are like the sleuths of the digital world. Often they are tasked with figuring out what happened after a security incident and being able to reverse engineer hacks and attacks. As the number of digital attack surfaces continues to grow, so too does the need for professionals with digital forensic skills.
- Ethical hacker An ethical hacker, also known as a penetration tester, is tasked with trying to find vulnerabilities in a computer system or network. The goal is to find these vulnerabilities and suggest fixes or defenses before cybercriminals or black-hat hackers are able to exploit the systems.
- Malware analyst An important and rapidly growing role within the cybersecurity hierarchy is that of a malware analyst. Part security engineer, part digital forensics expert, and part programmer, this crucial function provides in-depth intelligence after a cybersecurity event.
- Penetration tester Or pen tester, or ethical hacker, is a popular job within cybersecurity. Penetration testers are hired by companies or organizations to look for security issues and vulnerabilities before other hackers do.
- Risk management is a critical part in running a business. Increasingly, understanding and mitigating cybersecurity risk are becoming more important for businesses with a digital footprint. Today’s risk managers need to have a diverse professional background that includes an understanding of cybersecurity.
- Security administrator A security administrator is often an IT-dominant role that can focus or transition into security-related job functions.
- Security analyst A security analyst is responsible for monitoring security procedures and making sure that best practices are implemented and followed. The role of a security analyst might vary widely depending on the size and industry of the employing company, but the career is definitely becoming more popular across all sectors.
- Security architect Designing computing networks and other infrastructure with an eye towards security and maintaining overall integrity is the job of security architects. Often this job draws on the skills and experience from a variety of backgrounds and is considered a foundational function when creating secure and resilient networks.
- Security code auditor This job title is also referred to as a security auditor, source code auditor, or security auditor. This job, which acts as an editor of sensitive security code requires a wide-ranging skillset including programming, an understanding of network and systems infrastructure as well as a familiarity with penetration testing and underlying security protocols.
- Security consultant Security consultants often have a depth of experience and knowledge to pull from and are hired when there is a pressing security problem or issue that a company or organization is trying to deal with or eliminate.
- Security engineer On average, this is the highest paying cybersecurity job with a reported (averaged) income of $128,128 a year. Security engineers are responsible for building and maintaining security code and systems to safeguard data and infrastructure.
- Security software developer A security software developer is tasked with taking software that a company or organization might write for its business or operations and then adding layers of security on top of that software so that it is hardened from an attack perspective. In some ways, this role straddles the worlds of traditional commercial software development with the emerging info security world.
- Security specialist A security specialist is someone with a deep understanding of tactics and best practices and that can be tasked with a number of specific security-oriented roles depending on company or organization size and scope.
In addition to the cybersecurity careers list above, other useful information for finding cybersecurity career opportunities can be found on the program pages, online education pages, and in the resource section.