There is a severe shortage of qualified cybersecurity professionals. The demand for employees at every level is high, and every indication is that this need will continue to grow.

Knowledge of how your skills, interests, experiences, and aptitudes align with those needed for success in cybersecurity can help figure out the best way to get started in the industry. Finding that perfect career is, at best, tricky.

Cybersecurity is a technical field and one that at its core, requires strong quantitative skills. This guide is all about how math is used in cybersecurity and the best way to prepare for a math-driven cybersecurity career.

## Cybersecurity as a science

The nearly global ubiquitous use of computers in every aspect of life makes understanding the behind-the-screens technology at once easy to ignore and difficult to understand. In the main, if the desktop, laptop, tablet, or mobile device does what we expect it to do, we give little thought to the bits and bytes that scurry behind the screen to make it operate. On the occasion that we find ourselves contemplating what magic makes these devices so incredibly powerful, we, of necessity, metaphorically throw our hands up in exclamation that there is just too much technology crammed into our electronics for any one person to grasp.

If that is how you feel, you are not alone, and you are not wrong. There is too much technology in our computing and communication devices for any one person to understand it all. It takes teams of experts in many fields, working in concert to conceptualize, design, manufacture, program, configure, protect, and deploy each piece of technology that we take for granted. The common denominator for these experts is that they each must be proficient in the core academic disciplines of science, technology, engineering, and math (STEM).

While all STEM disciplines require a good deal of math, this guide will focus on math as it is needed to be successful in the general field of computer science and, more specifically, cybersecurity. Cybersecurity is a sub-discipline of computer science, and many cybersecurity jobs require less STEM education than does becoming a computer scientist.

Often people paint themselves and others with too broad a brush and declare they are either creative or logical. Mathematical aptitude is generally attributed to logical or methodical thinkers. While this is often true, the ability to apply reason consistently does not preclude the ability to be creative.

The creative mind can express itself using mathematical equations in a most decidedly artful form. Rather than letting either of these labels deter you from pursuing STEM fields, consider your relationship with numbers instead. How you feel about using numbers may be a better barometer of how well you will adapt to STEM fields.

Ask yourself if you enjoy working with numbers and using them to convey concepts and ideas. If you do, and you can think analytically with a focus on details, you may have the natural inclination for a career that uses numbers.

If you enjoy numbers, you are likely well suited for fields that require an understanding of math. If you also enjoy complex puzzles and helping others, you are probably well suited for work in the field of cybersecurity.

## People that enjoy working with numbers

Math plays an essential role in many careers. From science, to finance, to communications, many knowledge-based professions require excellence and aptitude in mathematics and quantitative reasoning. These careers also emphasize logical problem solving, critical thinking, and decision making. These are skills honed through the study of math. To gain a general understanding of your relationship with numbers, consider the following traits, skills, and abilities.

### Traits, skills, and abilities of “lovers of numbers” include:

- An ability to achieve goals by constructing a path of reason back from the desired result to the current state of an issue — or to reverse engineer a problem to find a solution
- An ability to quickly visualize abstract concepts, quantitative relationships, and spatial connections
- An ability to understand, communicate, and model using symbols and numbers
- An ability to think analytically and offer or receive criticism of ideas and concepts without involving feelings and emotions
- An ability to identify and categorize patterns and relationships
- An ability to use numbers as justifications to confidently take risks
- An ability to track and follow details and work with precision
- An ability to display patience as large complex problems are worked out

It is not necessary to be a “lover of numbers” to be successful in cybersecurity, but the higher the number traits, skills, and abilities listed above that you can claim as yours, the more likely you are to enjoy a numbers-based job.

## How math is used in cybersecurity

Cybersecurity is not generally considered to be a math-intensive profession. That is not to say, however, that familiarity and comfort with math will not be hugely beneficial for success in cybersecurity. On the contrary, to advance beyond an entry-level cybersecurity position, a candidate should be comfortable with high school level math, at least.

Whether expressed as (threat x vulnerability) or (probability x loss) or in some other more sophisticated fashion, determining risk is a mathematical exercise. At some level, all security professionals are in the risk calculation business. For many security workers, this calculation is performed almost subconsciously many times each day in the execution of their duties. Knowing what is essential and where to spend time and resources for the most significant result is the essence of the ability to understand risk.

If on the front lines of a Security Operations Center (SOC), a security specialist can be flooded with security alerts. They must analyze these alerts and make a quick risk assessment to know what they can handle now and what must be escalated for further investigation. This can be overwhelming at times and requires an ability to calculate risk very quickly.

A security code auditor will find herself examining code written by other coders. While many analytical tools are available to assist, she must be able, at a glance, to recognize weaknesses and vulnerabilities in the code. Writing and understanding computer software code requires mathematical skills.

**Binary math** is how computer operations are computed. It is used in everything from establishing IP addresses to network routing. The word binary means composed of, or involving two things. A binary number is made up of bits, each having a value of 0 or 1. A bit (short for binary digit) is the smallest unit of data in a computer. Computers generally store data and execute instructions in bit multiples called bytes. In most computer systems, there are eight bits in a byte.

Every number in your computer is an electrical signal, and when these machines were initially designed, electrical signals were difficult to precisely measure and control. It made more sense to only distinguish between an “on” state — represented by negative charge — and an “off” state — represented by a positive charge. Thus today, binary math is at the heart of all computer machine language and software.

Another math-based concept used in cybersecurity is **hexadecimal math**. Rather than having only two options, as in binary math, hexadecimal math is based on the idea that you can count up to any one of 16 different options. You count these options from 0 to 15, providing sixteen total choices. Since one-digit numbers only range from 0 to a 9 (10 takes up two digits), you have to represent everything from 10 up to 15 as something else, in this case, using the letters A through F.

Entry-level cybersecurity jobs will require at least some understanding of **computer coding** or programming. Computer code is written with math as its foundation. Coders need to understand programming concepts like constraints, variables, and programming logic. For example, you would be required to understand a basic computer code like this elementary if-else statement:

var x = 1; if (x === 1) { window.alert(“The expression is true!”); } else { window.alert(“The expression is false!”); }

The above is a simple example of a computer code. Still, from this, you can see that you’ll need to have an understanding of mathematical logic and how a computer will interpret information.

**Boolean algebra** has been fundamental in the development of digital electronics. Although first introduced by George Boole in his book *The Mathematical Analysis* *of Logic* in 1847, Boolean algebra is applied in modern programming languages. Whereas in elementary algebra, expressions indicate mainly numbers, in Boolean algebra, they signify the values false and true. It deals with operations on logical values and incorporates binary variables of 0 and 1.

**Cryptography **is the science of codes and encryption and is based on mathematical theory. Cryptographic techniques are at the very heart of information security and data confidentiality. The math used in cryptography can range from the very basic to highly advanced. Cryptographic algorithms are composed around computational hardness assumptions. A computational hardness assumption is a hypothesis that a particular problem cannot be solved efficiently, making such algorithms hard to break in practice by any adversary. They are also used by cyber-adversaries and are integral to ransomware. Cryptovirology is a domain that considers how to use cryptography to design robust malicious software.

In mathematics and computer science, an **algorithm **is a calculable pattern of clear, computer-implementable directions. They are used to solve problems or to complete computations. Algorithms are crucial to computer science and cybersecurity. They are used as blueprints for executing calculations, data processing, automated reasoning, and other tasks.

## Math requirements for education in cybersecurity

Probably the most effective way to compare your math aptitude against the requirements for a career in cybersecurity is to examine the math requirements for various degree and certification programs in the field. If you have taken and passed these courses, or if you feel confident that you could complete them successfully, it would be an excellent indication that your interests and skills are a good match for a career in cybersecurity.

The requirements to use math in cybersecurity work are not so compelling that a degree in math would be suitable for any but the most technical cybersecurity research positions. These plum jobs exist, but a degree or certificate in a security-related field will be, in most cases, preferable to a degree in math.

As you scan the below cybersecurity-related certification and degree program course descriptions, look for the underlined words to guide your understanding of where math skills may be required. It is not practicable to list all the math requirements for all the prerequisite courses, but these samples will provide a reasonable understanding of what is generally needed.

Whether or not you decide to pursue a formal security-related degree program, a professional cybersecurity certification will go a long way toward advancing your career. While there are many applicable certifications to choose from, people that have taken the CompTIA exams report that:

- The Security+ exam requires only arithmetic and calculating the risk formula
- The Security+ exam requires math for IP/MAC addressing
- The Network+ exam requires math for figuring out subnet information
- The A+ 220-801 exam requires you to remember and use the equation for calculating the transfer rate of different memory types

Many cybersecurity associate degree programs do not list any math-related classes in the list of required courses. Presumably, then, high school graduation would be the only prerequisite needed to qualify for entry-level security positions requiring an associate degree.

Gaining expertise and preparing for cybersecurity industry certifications are precisely the two areas where cybersecurity associate degree programs shine. Whether stand-alone programs designed to quickly train students for the digital workforce or as a step toward more cybersecurity education, such as a bachelor’s degree in cybersecurity or a cybersecurity master’s or Ph.D., associate degree programs play an essential role in cybersecurity education.

As an example of the math required for a bachelor of engineering degree, consider a BSE degree from Arizona State University. They list as prerequisites for their junior year concentration in computer system security the following courses:

- Computer Sci BS or Computer Systems Engr BSE major
- CSE 310 – Data Structures and Algorithms. Advanced data structures and algorithms, including stacks, queues, trees (B, B+, AVL), and graphs. Searching for graphs, hashing, external sorting.
- CSE 365 – Information Assurance. Concepts of information assurance (IA); basic IA techniques, policies, risk management, administration, legal, and ethics issues.
- SER 222 – Design and Analysis of Data Structures and Algorithms. Data structures and related algorithms for their specification, complexity analysis, implementation, and application. Sorting and searching, as well as professional responsibilities that are part of program development, documentation, and testing.

The level of math required for success in these courses is consistent with other engineering degrees. A student should be confident to enter a BSE program with a good understanding of high school level algebra, geometry, and calculus.

As you would expect, the math requirements for a master of science degree are more stringent and demanding. To meet what they see as a burgeoning demand, Boston University offers its MS students the opportunity to specialize in cybersecurity. This specialization encompasses courses that focus on technical issues related to safe software, languages, and architectures, as well as broader societal issues of privacy and legal ramifications.

An eight-course program trains students in a range of topics, including:

- Cryptographic methods
- Data and information security
- Fault-tolerant computing
- Network security
- Privacy and anonymity
- Software safety
- System security

Cryptographic techniques are math-intensive, but students having completed a BSE degree should have confidence they can be successful in this course of study.

The Ph.D. is the highest degree awarded by universities in the United States and represents the pinnacle of academic achievement. The University of Colorado, Colorado Springs (UCCS) offers a security specialty in their Ph.D. Security degree program. This new multidisciplinary specialty offers the security curriculum for students to study and conduct multidisciplinary research in areas of cybersecurity, physical security, and homeland security, which have become critical and increasingly urgent in today’s personal, business, and government operations.

Validated by the NSA’s Information Assurance Courseware Evaluation (IACE) Program, UCCS’s Ph.D. program includes:

- CS3910 – System Administration and Security. Covers the installation and configuration of mainstream operating systems, important network services, disaster recovery procedures, and techniques for ensuring the security of the system.
- CS4200-5200 – Computer Architecture. Computer architecture is the science and art of selecting and interconnecting hardware components to create a computer that meets functional, performance, and cost goals. In this course, you learn how to completely design a correct single processor computer, including processor datapath, processor control, pipelining optimization, instruction-level parallelism and multi-core, memory/cache systems, and I/O. You will see that no magic is required to design a computer. You will learn how to quantitatively measure and evaluate the performance of designs.
- CS5220 – Computer Communications. The subject of transmitting information between processors is described in detail. The student is expected to have maturity with hardware and/or real-time concepts. Communication systems, from simple to asynchronous point-to-point links, to those based on complex network architectures, will be studied. The material will be oriented toward the computer scientist as a user, designer, and evaluator of such systems. Terminology and concepts will be emphasized rather than detailed electronic or physical theory.
- CS5920 – Applied Cryptography. Basic security issues in computer communication, classical cryptographic algorithms, symmetric-key cryptography, public-key cryptography, authentication, and digital signatures.
- CS6910 – Advanced System Security Design. Advanced topics in network and system security, including firewall design, network intrusion detection, tracking and prevention, virus detection, programming language, and OS support for security and wireless network security.

Without a fondness for numbers, you are likely to find a Ph.D. program in cybersecurity difficult; however, there are many high level, even C-Suite, jobs in cybersecurity that do not require a Ph.D.

## Conclusion

Technology increases at break-neck speed. Year after year, computer-based technological advances have shaped and revolutionized how we interact with the world, a world that was inconceivable a few short decades ago. For many people, trying to find where they fit into this high-tech world can be a challenge. Attempting to match their interests and aptitudes to a future career can be confusing.

Many careers in technical fields require the use of math. The quickly growing field of cybersecurity is no exception. Entry-level careers require at least high-school level math and algebra, and highly technical security jobs require even more advanced math. There are, however, few security-centric positions that require math at a level above what is expected of a student to achieve a Master of Science degree.

There are, nevertheless, many career branches in cybersecurity that are not technical. Like any business, cybersecurity companies and departments need all types of staff. From administrative to supervisory, non-technical people make up a large portion of any organization.

Don’t let the labels of “creative person” or “analytical person” close doors unnecessarily. A love for drawing and art can be indicative of an ability to conceptualize complex ideas — a handy skill in computer science. Many successful people have learned to express their creativity in science.

While math is vital for some cybersecurity careers, there are other more essential skills and characteristics, such as:

- A value system that holds helping and protecting others in high esteem
- An ability to work in a high-stress environment
- A willingness to work as part of a team
- An ability to grasp new and complex ideas quickly

If you can write and understand computer code, you likely already possess the math skills needed for all but the most technical cybersecurity roles. If you are a candidate for these highly specialized roles, you undoubtedly have already tested your aptitude and talent for math in real-world experiences.

The best measure of how your math skills and aptitude align with technical security jobs is to look at the professional certifications and degrees that cater to the security industry. This guide has presented some examples of each. Review these examples and ask yourself if there is anything in your education, work history, or general interests that would qualify or exclude you from these programs. Truth be told, the security industry needs you and will, in all likelihood, be happy to find a place for you.