Cybersecurity is an exciting and fast-paced field that is perfect for anyone who loves a challenge and the thrill of problem-solving. As technology becomes more and more intertwined with everyone’s day to day lives, the need for experienced cybersecurity professionals increases. The field of cybersecurity has seen rapid growth over the past several years, and there is a shortage of well-qualified security experts.
Due to the lack of trained professionals, those who pursue a career in cybersecurity can expect plenty of opportunities, high paying salaries, and great benefits.
An entry-level security professional may find themselves working as a security analyst in a SOC (security operations center). As their career progresses they may become a senior security analyst or work on an incident response (IR) team.
Those interested in programming and software design can pursue a career as a security software developer.
Individuals interested in pairing passions of law enforcement and technology may find a good fit in a computer forensics career. Computer forensics analysts work directly with both law enforcement and private firms to investigate cases.
Executive management roles for cybersecurity professionals include chief security officer (CSO) and chief information security officer (CISO).
The outlook for cybersecurity careers is extremely positive, making it a great option for anyone looking to enter the field. According to ISC2.org there are approximately 2.93 million cybersecurity positions open around the globe.
In the same document released by ISC2, the top needed areas of cybersecurity expertise included security awareness, risk assessment, security administration, network monitoring, incident investigation and response, intrusion detection, cloud computing security, and security engineering.
As with any career, education is a key element of entering the workforce. There are many different educational paths that individuals can take to learn the tools of the trade.
Pursuing an associate’s or bachelor’s degree in cybersecurity is an excellent place to start. Many universities will have specialized programs for cybersecurity, but any degree in computer science will also be beneficial.
For individuals looking to make their way into management roles, it would be beneficial to obtain a graduate degree in computer science.
While there is no substitute for a traditional degree, certifications and experience will also play a major role in landing a job within the cybersecurity field.
Several well-respected cybersecurity certifications include EC-Council’s Certified Ethical Hacker (CEH), CompTIA’s Security+, CompTIA’s Cybersecurity Analyst (CySA+), ISC2 Certified Information Systems Security Professional (CISSP), ISACA’s Certified Information Security Manager (CISM), SANS’ GIAC Security Essentials (GSEC), and the Offensive Security Certified Professional (OSCP) administered by Offensive Security.
Be sure to check out our related guides
- Cybersecurity 101: This guide provides the nuts and bolts for getting started with a cybersecurity career. Learn more
- Small business guide: All small business owners should be taking cybersecurity seriously. This guide will help get started. Learn more
- Certification guide: Getting industry-specific certifications is critical to career advancement in cybersecurity. This guide provides a good backgrounder on what the certifications are all about. Learn more
- COVID-19 guide: This guide covers all of the cybersecurity issues related to COVID-19. Learn more
Free online learning resources
Free (or inexpensive) online learning resources are a great way to begin your cybersecurity journey.
Before deciding whether or not to spend money on formal education, these online classes can introduce students to the basics of the cybersecurity field. They can also be beneficial after landing that first job in cybersecurity.
Free cybersecurity resources include:
Budget-friendly cybersecurity resources:
Finding entry-level cybersecurity jobs
While some jobs will require a graduate degree within computer science, it’s possible to land an entry-level position within the field of cybersecurity. Entry-level security professionals can expect to handle lower-level security matters such as log monitoring, maintaining backups, and managing updates.
One entry-level job option is to become an information security analyst. According to the Bureau of Labor Statistics, professionals usually have a bachelor’s degree before obtaining an entry-level job as an information security analyst. The median wage of information security analysts in 2018 was $98,350 with the lowest ten percent earning less than $56,000. Some of the duties listed by the Bureau of the Labor Statistics for an information security analyst include:
- Research the latest information technology (IT) security trends
- Prepare reports that document security breaches and the extent of the damage caused by the breaches
- Monitor their organization’s networks for security breaches and investigate a violation when one occurs
- Install and use software, such as firewalls and data encryption programs, to protect sensitive information.
For professionals more interested in offensive security rather than defensive security, a role a junior penetration tester may be more fitting. Penetration testers are hired by an organization to test out their security controls.
A penetration tester will take an offensive approach and attempt to break into an organization’s network. According to Payscale.com, the average salary for a junior penetration tester is $70,000.
Defensive vs offensive security
As mentioned in the above section, careers within cybersecurity can be offensive, defensive, or a mixture of both. The terms used to describe these are red team, blue team, and the more recently added purple team.
Professionals who practice offensive security, such as ethical hackers and penetration testers, are often referred to as “The Red Team.” Red team engineers will attempt to attack an organization’s defenses (with permission) in order to challenge the controls that are put in place.
The team tasked with defending the organization from both real-world attackers and red team engineers are called “The Blue Team.” Blue team engineers will implement many different techniques in hopes of preventing attackers’ advances.
As one would most likely expect, purple teams are a combination of both the red team, and blue team. SecureAuth defines Purple Teams as a single group of people who do both red and blue testing and securing of a company. More and more organizations are looking for engineers who have the knowledge to perform both offensive and defensive activities.
For professionals seeking a strictly offensive role, certifications such as the Offensive Security Certified Professional (OSCP) and the EC-Council Certified Ethical Hacker (CEH) may help in jump-starting an offensive security career.
For professionals seeking a strictly defensive role, the CompTIA Security+, CompTIA CySA+, and the ISC2 Certified Information Systems Security Professional (CISSP) are all excellent options.
Individuals interested in a combined offensive and defensive role could benefit from all of the previously mentioned certifications.
Cybersecurity job requirements
Each organization or company will have its own unique requirements when hiring information security professionals.
There are plenty of openings within government agencies such as the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA) and many more for well-qualified professionals. Government organizations like these will often require security clearances. Clearances allow troops, employees, and contractors access to sensitive information and are only granted when absolutely necessary. Clearances for civilians working within the federal government include:
- Top Secret
Whether a security professional is planning to work for the federal government or simply looking to land a job in the private sector, a criminal background check and drug test will most likely be required. If there is something on a professional’s record, it’s always best to be upfront with the potential employer rather than have it come out during the background check.
Certain companies will require specific certifications, while others will list them as a plus. As a rule of thumb, there is no such thing as too many certifications.
Listed below are some of the requirements of several real jobs that are currently listed on Indeed.com.
IT security analyst
- The selected candidate must have knowledge of network and cloud-based security and familiarity with virtualization and VMware.
- The candidate must also possess the ability to analyze assets and identify and remediate vulnerabilities.
- This individual must have the flexibility to perform a variety of different tasks concurrently, by using self-motivation and sound planning, organization, and scheduling skills.
- They must also be able to communicate clearly orally and in writing and work well both individually and within a team environment.
- View the complete IT security analyst job description.
Malware analyst II
- Strong knowledge of operating system internals, assembly language, and reverse engineering techniques.
- Thorough working understanding of the security industry and knowledge in identifying credible, malware analysis techniques relative to current and emerging threats.
- Strong communication (written and verbal) with the ability to brief/communicate information in a concise, effective manner to a wide range of audiences with minimal oversight.
- Ability to use static and dynamic methods to analyze a file using a debugger disassembler and other tools in a Virtual Machine (VM).
- Read the complete Malware analyst II job description
Digital data forensic examiner
- Work effectively as a team contributor and independently with minimal supervision or direction.
- Strong verbal and written communication skills.
- Proficiency in forensic techniques and tools (e.g., X-Ways, EnCase, FTK Suite, Cellebrite).
- Experience with scripting languages to automate investigative and routine functions.
- Experience with Microsoft, Apple, and Linux-based operating systems.
- Experience with server, workstation and mobile device hardware and software.
- Familiarity with network infrastructure components, as well as virtual and cloud environments.
- Available for occasional travel.
- Current forensic certification (e.g., CCE, GCFE, GCFA, EnCE, CFE).
- Read the complete Digital data forensic examiner job description.
Check out the careers section for more detailed guides on cybersecurity jobs.
Remote cybersecurity jobs
Many people dream of having the ability to work from the comfort of their home. Or perhaps, some just want the ability to travel without having their job hold them back. Fortunately for those in cybersecurity careers, it’s possible to find a job that is either completely or partially remote.
The great thing about the internet is that it has granted many people the freedom from being tied to their desks in an office.
On the other hand, an individual tasked with reverse engineering a piece of malware may be able to do so from anywhere in the world.
There are plenty of tools ranging from remote access software to virtual private networks, that allow professionals to be on their organization’s network without physically being in the same geographical location.
Some job sites, such as Indeed, will allow job seekers to type the word “remote” into the location search. This will typically product job postings that are not locked into a specific location. In addition, there are some job searching websites that allow individuals to search through a database of strictly remote positions.
Another option for remote work is freelancing. Working for an organization permanently is not a good fit for everyone. Having the freedom to choose which projects you work on and having the ability to create your own schedule is certainly appealing.
Freelancing is a popular option for cybersecurity professionals who want these benefits. Websites such as Upwork and Freelancer are two popular websites which can help professionals get started freelancing.
Cybersecurity jobs near me
It’s safe to say that wherever technology exists, there is a need for cybersecurity. However, much like with any major industry there will be certain locations, or “hubs” where jobs in that field are more prevalent or higher-paying.
Not surprisingly, Washington D.C. has one of the highest concentrations of cybersecurity job openings according to analytics done by Indeed and CyberSeek. This is likely due to the number of government agencies in that area. While these government agencies have their own job openings, you’ll also find companies who contract for the government, such as Booz Allen Hamilton, close by as well.
Another major hub includes New York City. With New York City also being the financial capital of the US, it makes sense that cybersecurity is a big business in that area. Somebody needs to protect that data!
Indeed.com also lists Dallas-Fort Worth, TX, Baltimore, MD, and Chicago, IL in their top 5 cybersecurity cities.
Now, just because a city has a lot of cybersecurity jobs, doesn’t mean it will pay the highest. San Francisco ranks the highest in cybersecurity salaries at around $148,621. However, that number isn’t adjusted for the pricey cost of living in San Francisco, so that’s one more thing to keep in mind.
According to TheSoftwareReport.com, Symantec which is based in Mountain View, California was ranked the leading provider of cybersecurity software and services. FireEye, another California based company was ranked in second place.
Best Value Schools ranks Kaspersky Labs, FireEye, McAfee, TrustWave and Avast as some of the best cybersecurity companies to work for. In order to find local cybersecurity jobs in your area, you can use the location-based search feature on sites such as Monster, ZipRecruiter, Indeed, LinkedIn, and CareerBuilder.
Cybersecurity government jobs
Due to the benefits, salary, and excitement, government jobs can be a very appealing option for cybersecurity job seekers.
Cybersecurity openings exist within many branches of the federal government including, but not limited to, Department of Homeland Security, Department of Defense, Center for Disease Control and Prevention, Federal Bureau of Investigation, National Security Agency, Central Intelligence Agency, and Department of Energy.
Many — but not all — government cybersecurity jobs require security clearances
Here is an excerpt taken from a job posting for a Lead IT cybersecurity specialist at the Department of Health and Human Services.
As a Lead IT Cybersecurity Specialist (Direct Hire), you will:
- Ensure that the organization’s strategic plan, mission, vision, and values are communicated to the team and integrated into the team’s strategies, goals, objectives, work plans and work products and services.
- Lead the team in identifying, distributing and balancing workload and tasks among employees in accordance with established workflow, skill level and/or occupational specialization.
- Serve as a principal contact for coordination, implementation, and/or enforcement of information security policies.
- Implement higher-level security requirements and integrate security programs across disciplines.
- Assess new systems design methodologies in order to improve software quality.
- Develop long-range plans for IT security systems and review new systems, networks, and software designs for potential security risks.
- Resolve integration issues related to the implementation of new systems with the existing infrastructure.
- Initiate, develop, implement, and evaluate the security programs of an organization.
- Lead and coordinate the implementation of security programs across platforms and establish vulnerability reporting criteria.
- Make recommendations for operational policies, procedures, and criteria for interfacing with program systems resources, and coordinate with other staff within the agency on the development of information security systems and application policies.
There are a number of different ways to locate cybersecurity jobs opening in the federal government.
- Find jobs listed on your typical job posting websites such as Monster, Indeed, CareerBuilder and ZipRecruiter.
- Federal jobs are always listed on gov.
- If you have a specific federal organization online you can check that organization’s career’s page on their website.
The salaries of different cybersecurity jobs will vary depending on many factors such as the location, industry, whether or not the job is private or government, and job title and description.
For reference, Glassdoor lists the average base salary for someone working cybersecurity as $91,468 annually.
Cyber Security Education lists a very similar estimate at around $92,000 annually.
ZipRecruiter estimates the average salary to be a little bit higher at $100,432 annually.
According to Mondo below are the six highest paying job titles in cybersecurity.
Application Security Engineer | $100,000 – $210,000
Network Security Analyst | $90,000 – $150,000
IS Security Manager | $120,000 – $180,000
Cybersecurity Analyst | $90,000 – $185,000
Penetration Tester | $80,000 – $130,000
IS Security Engineer | $90,000 – $150,000
Although these numbers are appealing, it’s important to note that these are averages and an entry-level professional will most likely make substantially less.