The term cryptography is said to be derived from the Greek words krypto, which means hidden, and graphene, which means writing. The first known uses of encryption are believed to date back at least 2,500 years, and some believe they can be seen in hieroglyphs known to be 4,000 years old.
Today’s use of cryptography is obviously many orders of magnitude removed from the methods used even a hundred years ago. The science is now employed to securitize much more complicated data utilizing much more involved and advanced techniques.
Those who find cryptography intriguing, and maybe even inspiring, are encouraged to research its fascinating history. A 1996 book by David Kahn called The Codebreakers provides a fairly comprehensive history from ancient times to the internet era. There is actually an organization called Codes and Ciphers Heritage Trust that is devoted to the history of cryptography.
Cryptography in the 21st century combines mathematics, computer science, and engineering to design, develop, and analyze methods of concealing sensitive digital information to maintain security.
Cryptanalysts must have a strong grasp on all three disciplines, as well as thorough and advanced knowledge of current encryption techniques in order to decipher the codes. They are the codebreakers of today.
Cryptanalyst vs. cryptographer
The terms cryptanalyst and cryptographer are often used interchangeably, but there is a distinct difference in cryptography circles.
Technically speaking, cryptographers are the code makers while cryptanalysts are the code breakers. In many organizations, positions with the title cryptographer are tasked with being both the code makers and codebreakers. So often the line between the two jobs is blurred, or even erased completely. But the distinction is worthwhile due to the two different classes of employers that generally utilize their services.
Cryptographers can be employed by just about any organization that wishes to take an extra step of securing their data. Instead of just stopping hackers from getting into its systems and networks, cryptographers also prevent hackers that are able to penetrate the systems and get data from being able to utilize or understand that data. They “make,” or create the encryption codes to securitize sensitive data.
Cryptanalysts, on the other hand, are generally employed by law enforcement and spy agencies to decipher encryption codes being used by lawbreakers and nefarious government actors. The FBI, NSA, DHS, and CIA all employ cryptanalysts to sift through data being transmitted around the world by known or suspected criminal organizations. Cryptanalysts must be up-to-date on the latest techniques and codes being utilized by cryptographers. To “break” these codes, cryptanalysts poor over bits of data and programming code to uncover the cipher keys and return the data back to its intended format.
Four steps to becoming a cryptoanalyst
1. Education It’s always a good idea to start getting whatever education is available as soon as possible. In cryptography, there are a few venues to obtain introductory and intermediate education and training outside of college. For instance, InfoSec Institute has an introduction to cryptography available on its website. College degrees best suited to careers in cryptography include mathematics, computer science, computer engineering, and computer programming. Coursework should also be focused on various aspects of cybersecurity whenever possible. Employers requiring graduate degrees from cryptographer job candidates are not unusual, so consider moving on to obtaining a master’s degree with a few years of work experience under the belt. And a substantial portion of employers will require a Ph.D. as well.
2. Certifications/training Despite cryptography being the oldest form of information security in human history, there are few professional certifications available. These are the only ones being offered today.
3. Career path Cryptography is a highly specialized discipline. It is sometimes considered to be part of mathematics or computer science rather than cybersecurity, but the end goal is to keep information secure. Because of the technically challenging aspects of being a cryptographer or cryptanalyst, it often requires a few years of work experience to break into the roles, but there are some opportunities for stand-out college graduates. Also, with the skills required to master cryptography, career options are broad outside cybersecurity. But within the cybersecurity umbrella, cryptanalysts are already more technically advanced than most other disciplines, so lateral options may be limited. For cryptanalysts who make the investment to obtain a master’s degree, or even a doctorate, career value will increase considerably. In addition to attaining more senior levels in cryptography, advanced degrees will enable other career changes such as security consultant, college professor, research cryptology scientist, and information security systems engineer.
4. Staying current Keeping up-to-date on technology, skills, and knowledge is paramount to success in almost every aspect of cybersecurity. The nature of information security is changing so rapidly that not being current will quickly make professionals dinosaurs. One great way to keep up is with trade associations. These organizations typically offer some of the best research available and also plenty of opportunities to network with other professionals. Fortunately for cryptoanalysts, there are several trade associations available.
- International Association of Cryptologic Research (IACR)
- International Financial Cryptography Association (IFCA)
- American Crypto Association (ACA)
What is a cryptanalyst?
To be able to decipher encrypted data, cryptanalysts must know and understand the systems and networks being worked on. They also must have intimate knowledge of the programming languages and encryption techniques being utilized to encrypt the data and be able to search code and data bit by bit to crack the cipher key used and produce the true underlying information. The obvious applications for cryptanalysis are law enforcement, espionage, and military cybersecurity operations. As technology and the skills of those seeking to secure the sensitive data, namely cryptographers, are constantly and rapidly evolving, so too must the cryptanalyst.
Cryptanalyst skills and experience
Cryptanalysts candidates will often be required to have multiple years of experience in a related field, such as computer programming or advanced mathematics. Some exceptional college graduates may be able to find their way into the field directly after graduation. Within government agencies like the FBI and NSA, there are self-contained training programs for cryptanalysts that take them from complete novices to experts, usually in about three years. These recruiting videos for the FBI and NSA provide an excellent view of what’s involved in the career and how these skills are employed in law enforcement. Given the three-year time frame for comprehensive training, it’s clear that cryptanalysis is a highly-involved, demanding, and technical skill.
Cryptanalysts by nature work with sensitive information. Many employers, therefore, will require either an existing security clearance or will likely be subject to a security investigation, possibly even a polygraph test, before being hired.
Here are some other probable requirements for new cryptanalyst hires.
- Advanced command of mathematics
- Broad knowledge of computer sciences, particularly network and systems analysis
- Knowledge of multiple programming languages such as C++, C, Java, Python
- Knowledge of homomorphic encryption and other known encryption techniques
- Algorithm resource requirements analysis
Some of the soft skills often desired include:
- Strong written and oral communications skills
- Passionate and driven
What do cryptanalysts do?
Cybersecurity as a whole represents a multi-pronged approach to prevent outside forces from entering, obtaining, and utilizing sensitive digital information. Cryptography is one prong of that defense system. When secret or proprietary data is securely encrypted, even if network or system attacks are successful, the data will not be of any use to whoever obtains it. It is essentially a garbled, nonsensical mess.
But technologies and hackers are constantly advancing, so an absolutely essential component of a cryptographer’s job is to remain at the cutting-edge of all technical capabilities possessed. Computer programming, advanced mathematics, network system software and hardware, and communication protocols must all be in a cryptographer’s wheelhouse.
Developing new methods for cryptographic protection of data, and continually evaluating those methods in place is a constant challenge. Cryptographic solutions must consider the current architecture and operating environment, as well as future functionality and enhancements.
Cryptanalyst job description
Law enforcement, military, espionage agencies, and other government agencies all have different targets for their cryptanalysts to decipher, but the goal is basically the same. Crack the encryption codes to turn encrypted data back into plain data. Below are some of the more common job functions associated with a specialist in cryptography.
Outlook for cryptanalysts
The worldwide staffing shortage in the cybersecurity industry is well documented, and cryptoanalysis is no different. There is a certain spy world attraction to being a cryptanalyst that constantly brings new mathematicians and computer scientists into the field. But the constant evolution and advancement in computer sciences, the rapid expansion of digital techniques used in law enforcement and espionage is creating new demand for cryptanalysts. And this is likely to continue for the foreseeable future.
Doing a simple job opening search for cryptanalysts will not yield any results. That’s mainly because cryptanalysts in the private sector are often employed under alternate job titles. Cryptanalyst functions are primarily done by cryptographers as part of their duties. Public sector cryptanalyst job openings, meaning those employed by various government agencies, are usually not published on the usual job boards. This is because nearly all cryptanalyst jobs in government require high-level security clearances. One website that posts job openings that require a security clearance is clearancejobs.com. However, you have to have a security clearance to even log onto the website. Probably the best bet for breaking into cryptanalysis is to apply directly to government agencies like the FBI, CIA, DHS, NSA and the like.
How much do cryptanalysts make?
It’s difficult to research earning data on cryptanalysts for the above-mentioned reasons. But federalpay.org publishes some unclassified government employment data. According to that site, the FBI employed 18 cryptanalysts in 2018 at an average annual salary of over $125,000. SalaryExpert.com calculates the average annual salary of cryptanalysts to be about $75,000.