Cyber Security Jobs & Careers Guide

Learn About the Different Specialty Careers and What You Need to Land the Career

According to the Bureau of Labor Statistics, the job prospects of cyber security analysts is expected to increase by 28 percent. This is much faster than for any other occupation listed in the U.S. Other occupations are projected to grow between 7 and 13 percent in the same time period.

A Growing Need for Cyber Security Professionals

Because of the ongoing development and use of the internet, connecting everything, cyber security is now one of the best tools the U.S. has to deal with future incursions of foreign governments into our affairs. Cyber security is also one of the most effective tools a private company has to keep would-be bad actors out of their systems and their private data.

When you start a degree program in cyber security, you may have one or more preferred specialties you are considering for your future career. In any specialty, your role is to identify cyber weaknesses and other problems that could affect an organization or government. You may also have to guard the organization from contractors and employees through the control of database access and by blocking malware.

Your job will be to detect point of sale attacks, trojans, ransomware, which can lock the files of an organization, and phishing attacks. Once you enter a cyber security position, your average annual salary may be around $90,000 and could rise to over $140,000.

What Cybersecurity Career Path Are You Interested In?

Chief Information Security Officer (CISO)

These executives oversee information systems and company-wide information security, as well as all departments associated with these systems.

Chief Security Officer (CSO)

These executives deal with information and physical security systems, controlling database and facility entry and all departments that deal with security and surrounding policies.

Chief Technology Officer (CTO)

This executive deals with technology development and implementation. They receive company-wide reports on the use and effectiveness of technology.

Computer Forensics Investigator

Analyze computers or web-based applications in the search for forensic evidence of a crime. This is done in support of the law after commission of a crime, or in efforts to support a company by assessing network vulnerabilities.


Cryptographers are responsible for deciphering encrypted data. They might do after the commission of a crime. They also work to create better encryption to create stronger networks and safer data storage.

Incident Responder

Incident responders work with companies or governments to respond quickly after a possible threat has been detected. They find the source of the issue, determine if it’s a real threat, and discover how the incursion occurred.

Penetration Tester

Penetration testers seek to create an incursion. By doing so, they reveal the weak points of a security system so that these points can be secured better in the future.

Risk Analyst

Risk analysts spend their time looking for systems, procedures, or malware which could cause unintended negative occurrences, such as system crashes or slowdowns. They help create procedures to fix these problems quickly if they do occur.

Security Administrator

Administrators are responsible for dealing with all security and safety issues. They may create procedures or policies in order to maintain security company-wide.

Security Analyst

Security analysts maintain company networks and fix issues that come up during normal operation. They may also identify threats and neutralizing them as quickly as possible.

Security Architect

This position requires you to choose or design security elements, whether physical parts that will become a part of the system or the virtual system that will provide access to all the company’s data.

Security Auditor

These specialists may be kept on retainer or brought in after changes are made to a system. They provide a system-wide audit to make sure there are no chinks in the armor of the network or system.

Security Consultant

Security consultants devise plans for a company should they experience an incursion or help companies that are just getting started set up their security system from the ground up.

Security Director

The director of security helps create and review all policies and procedures related to security. They also ensure compliance with local or federal laws related to security concerns, such as the safety of patient data.

Security Engineer

A security engineer is responsible for creating computing systems which increase their company’s security and they solve any issues turned up by a security audit or incursion incident.

Security Manager

These managers oversee security staff on a day-to-day basis, making sure staffing is steady and all issues are dealt with and reported to the highest-level security professional in the company.

Security Software Developer

Specializing in security software solutions, they create software for individuals to use on home computers or advanced solutions meant for multi-billion-dollar industries or even government agencies.

Security Specialist

This is an entry-level position in which a specialist may monitor or troubleshoot system or network issues. They may perform basic test procedures, reporting all activity and feedback to their manager.

Vulnerability Assessor

These specialists test systems for vulnerabilities, much in the same way penetration testers do. Instead of performing penetration testing, they look through applications or software for possible weaknesses.

Career Outlook

The demand for cyber security (information security) is projected to be high. Cyberattacks have only increased, impacting government agencies and private companies. This means that analysts who are specially educated and trained are needed to develop new solutions to stop malicious hackers from breaking into systems or stealing sensitive personal information.

All corporations will have to strengthen their information security capabilities. Not only are people in other countries attempting to intrude into U.S. companies’ IT networks, they are also working to break into state and federal computer systems. Another area of concern is electronic voting systems.

Now that companies in the U.S. are increasingly adopting cloud services, much of the information stored in the cloud is at risk. An expected increase in cyber security threats means that these companies will have to harden their systems in upcoming years.

Imagine waking up to the national news informing you that the financial or medical data of millions of people was stolen in a cyber security incursion. Even worse, think about the possibility that this theft took place months—or years—ago. As data is transferred into electronic medical records and cloud storage databases, this becomes more and more of a possibility, and cyber security professionals are needed to combat this threat.

Requirements & Skills Needed for Employment

  • Degree Level Needed for a Career
    Because the data stored online, in the cloud, and on company or government servers is so sensitive, this field is moving toward requiring those who work in any cyber security professional role to hold a degree in the field. Cyber security degrees prepare you to conceive and develop new technology and techniques to help government agencies and private businesses protect their systems. Beginning with your undergraduate degree, you learn how to investigate a company’s or a government agency’s network so you can find potential threats to their stored data.
  • Skills, Certifications, Licensing You will Need
    Depending on what position you are looking to hold, your degree, licensing, and certification requirements will vary. You can speak to a work supervisor or college advisor and find out where you can obtain any certifications you may need. You may need to earn an advanced cyber security degree if you want to hold a management position. A good employer will be able to provide the information you need to embark on continuing education so you can obtain and keep any certifications you need to move into the position you are interested in.
  • Job Responsibilities
    At any cyber security job you hold, you may be the only point of contact between the cyber security team and management. You may coordinate incident management efforts, creating a response plan and helping to carry it out. You’ll analyze large data sets and unstructured data that may help you to identify trends and any problems that indicate some form of malicious activity has been taking place. You may also forecast how effective countermeasures may be once they are put in place. You’ll also evaluate their actual effectiveness.
  • Salaries and Career Outlook
    As of 2018, the Bureau of Labor Statistics stated that median pay for 2018 was $47.28 per hour; annually, median pay was $98,000. Because the work you do is so highly sought after, government and private employers are both willing to pay a high salary to each member of their cyber security team. Someone employed in computer systems design and related services may earn up to $103,000.
  • Guide You Can Follow Step by Step for Your Career
    As you are considering the type of cyber security program you want to enter, choose one that will be holistic, offering theoretical and practical information and learning. Next, look for a program that also offers you a direct, hands-on experience. While most programs do a good job of offering hands-on work in the classroom, it would be even better if they give you the opportunity for an internship. Learning on-the-job is a completely different experience than learning in the classroom.
  • Top Places for Future Employment

    Within U.S. government agencies, you’ll be able to work at the Central Intelligence Agency (CIA), Department of Defense (DoD), Department of Homeland Security (DHS), U.S. Government Accountability Office (GAO), National Security Agency (NSA), or the Federal Bureau of Investigation (FBI).

    You can also look to financial services companies as they beef up their cyber security defenses. With more and more people handling finances online, hackers can do a tremendous amount of damage if there’s no one to stop them. The healthcare industry, with its possession of highly private health information, is another sector that relies on cyber security practices.

Specialty Career Options

Look broadly at your career options. These include security consultant, security analyst, security specialist, security engineer, security architect, security administrator, and more. Your options widen when you consider information assurance, intrusion detection specialist, security software developer, cryptographer, or computer security incident responder positions. Next, rank refines your options as well. Chief or senior in front of a job title usually denotes a higher rank within the same department.

Learn More About the Different Cyber Security Jobs

  • Chief Information Security Officer (CISO)
    A good CISO is responsible for strategic leadership of an information security program. They work with leadership to supervises formation and operation of an information security department within an organization. The CISO provides guidance and counsel to the Chief Information Officer and key members of the organization’s leadership. A candidate for CISO may expect to earn an average salary of $158,000 annually.
  • Chief Security Officer (CSO)
    A CSO is the person most responsible for their organization’s information and corporate security, including physical security and safety of employees, assets, and facilities. They are also the chief guardian of information technology and protector of data. The average income for CSO’s is $147,800.
  • Chief Technology Officer (CTO)
    The CTO offers advice on technology and science related to cyber security. At this level, they report to the CIO or the CEO. These specialists must possess exceptional communications and analytical skills. The average annual base salary for a CTO may be about $156,800.
  • Forensic Computer Analyst
    The computer forensics administrator’s job role operates much like a criminal forensics investigator’s role. This specialist tracks digital activity, connecting cyber communications and information that has been digitally stored. They may link digital information to physical evidence of criminal activity. Computer forensics investigators or forensic computer analysts should expect to earn an average of $71,300 annually.
  • Cryptographer
    A cryptographer ensures the integrity of data, meaning they make sure it will be identical to what was originally stored after it has been sent to a receiver. The cryptographer also authenticates specific parties—that the sender of information is the real person. The cryptographer may earn from $47,000 to $160,000, depending on their qualifications or experience.
  • Incident Responder
    An incident responder works as a member of a well-defined incident response team. The responder, as a member of this team, processes IT security incidents, alerts IT managers of probable threats, assesses threats to IT resources, and determines incident severity. An incident security responder may earn $57,00 in an entry level annual wage; At mid-career, they may earn $98,000 and, in their late career, $157,000.
  • Penetration Tester
    The penetration tester, called “pen-tester” for short, is responsible for monitoring their employers’ networks for security breaches. They investigate any violations, prepare reports, and conduct frequent penetration tests. They help their employer plan and carry out security policies. Upon being hired, a penetration tester may expect to earn about $90,000 annually.
  • Risk Analyst
    A risk analyst is responsible for planning, executing, and managing complex projects that related to risk management mitigation. They are also responsible for their response, system compliance, control assurance, and user awareness. A risk analyst provides expertise and assistance. A risk analyst or risk-management analyst earns $62,800 on average.
  • Security Administrator
    A security administrator is responsible for installing and managing the security systems used throughout the organization, whether it is a private company or government agency. If they are working for a smaller company, the administrator may carry out some of the tasks of the security analyst. A network security administrator earns an average annual salary of $58,300, ranging up to $92,000.
  • Security Analyst
    This may be your first cyber security role after graduation. It’s an analytical, problem-solving, detail-oriented position. Security analysts plan, implement, upgrade, and monitor security measures. They ensure that appropriate security measures are set up and respond to computer security breaches and viruses. Information security analysts can expect to earn an average of $67,400 annually.
  • Security Architect
    Security architects are responsible for planning, analyzing and, designing a computer and network security infrastructure. In addition, they configure, test, implement, maintain, and support that network. A security engineer should hold a graduate degree in this specialization to carry out their job effectively. A security architect may earn an average salary of $121,600.
  • Security Auditor
    The security auditor performs both general and application control reviews on computer systems, ranging from simple to complex. They may direct or perform reviews of internal control procedures and security for systems still under development. They may also be responsible for performing information control reviews. The average median salary of a security auditor is about $93,000.
  • Security Consultant
    If you know about Wikileaks, you’ll have an idea of what a security consultant is responsible for. They respond to breaches after they have taken place, research and prepare for new security risks, determine the best ways to protect networks from attacks by using ethical hacking, and create cost estimates for security expenses. Security consultants may earn average annual wages of $84,600.
  • Security Director
    Security directors are responsible for maintaining the security of a business or government agency. They handle the effective, quick response to a breach. They know that, for as long as a breach is open, a hacker or other bad actor has access to their information. A security director in a cyber security firm may earn an average of $140,900 annually.
  • Security Engineer
    A security engineer is responsible for security monitoring, security and data/logs analysis, and forensic analysis. Some of their job duties may include detecting security incidents and beginning an incident response for their employer. They also study new products and security processes. A security engineer may earn about $88,500 annually.
  • Security Manager
    A security manager creates, handles, or stores classified information. They carry out oversight responsibilities, plan and coordinate job roles, and safeguard classified information during emergencies. If the manager is working for a military agency, they will also protect classified information. A security manager in a cyber security function may earn an average $111,900.
  • Security Software Developer
    A security software developer is responsible for developing security software, which includes tools used in traffic analysis, monitoring, intrusion detection, anti-virus software, virus/spyware/malware detection, and other types of software. They also integrate and implement cyber security into applications software. A security software developer may earn $105,000 annually.
  • Security Specialist
    Information security specialists work with information security tools, which include security information and event management and vulnerability assessment systems. They collaborate with other IT professionals to expand the use of these tools. A security specialist can expect to earn from $82,000 to $144,000 annually.
  • Vulnerability Assessor

    Day-to-day, a vulnerability assessor has to identify issues that impact their employer’s insider threat risk - the threat that may come from the organization’s own employees. The assessor develops a strategic action plan for long-term mitigation. They design and implement tactical countermeasures.

    They identify flaws in the computer network vulnerable to a hacker attack. They also carry out security audits and scans which have been predetermined. They conduct regular vulnerability assessment programs on the computer network and operating systems. A vulnerability assessor should expect to earn around $88,000. If they live in a high-cost area such as California, their annual wage may jump to over $100,000.

Why our Career Guides can Help You with Your Education Path

You may be considering your options with a cyber security education, degree, and career. By reading our career guides, you can learn what kind of education you need for the type of work you want to do. You also learn what classes you need to take for a cyber security major, and what careers are open to you after earning your degree, as well as your potential annual salary.

Find Cyber Security Jobs

Leaders in Cyber Security Education: Find Your Career Today

Get started today on your path to advance your career!