Cyber Security Cryptographer Career Guide & Outlook

Learn What a Cryptographer Does, the Requirements Needed and Job Growth

The term cryptography might conjure up visions of wartime code-breaking or puzzles found in cereal boxes; you know, manual puzzle-solving from a bygone era. Examples include Caesar Cyphers, the British interception of Germany’s plot to help Mexico take over the US in World War I, and the Navajo Code talkers of World War II. Cryptography is the study of secret writing, a process aimed at protecting sensitive information from falling into the wrong hands. Until recently, cryptographers were responsible for writing ciphers and solving complex puzzles, relying on critical-thinking skills and relatively simple manually-run algorithms to crack codes. Today, modern cryptographers still solve puzzles, however, they now have sophisticated technology on their side.

These days, cryptography is a highly technical, in-demand career. It's become an essential piece of the cyber security landscape that aims to help businesses build trust with the public, keep government data secure, and detect weaknesses in wireless networks, email providers, and other staples of our digital lives. While this field in its current form is relatively new, it’s a promising area for cyber security experts with a strong command of computer science, math, and engineering, as well as a passion for solving puzzles with creative thinking.

What Does a Security Cryptographer Do?

As mentioned, cryptography demands competency in three core areas: computer science, applied mathematics, and engineering. Aspiring cryptographers should also be familiar with computer security, information theory, and be skilled researchers.

Day-to-day, a cryptographer develops algorithms, security systems, and ciphers to encrypt sensitive information. They’ll design code and break it to test the strength of cryptographic security systems and ensure that private information stays out of the hands of cyber-criminals. In the private sector, cryptologists work to keep the economy running smoothly and are responsible for making sure that credit card numbers, bank accounts, computer passwords, and medical records are protected.

Some cryptographers work for the government in agencies such as the NSA or FBI; others work for companies like IBM or Amazon and some work in the insurance, finance, or healthcare sectors. Those with an advanced degree may become professors, particularly if they’d prefer to research and publish their findings as opposed to helping companies secure their site’s checkout page. Ultimately, modern cryptology is relatively new and on-the-job duties range considerably based on experience, industry, and role.

What are Their Responsibilities, Common Duties, and Tasks?

Keep in mind; cryptographers can find work within a range of business settings from at-home consulting to government intelligence or a 9-5 job in the financial services sector. Day-to-day tasks will likely look much different for a junior cryptographer with a bachelor’s degree than they will for a cryptographer with a PhD. That said, generally speaking, cryptographers apply mathematical theories to problems facing their industries. They might work with law enforcement to solve cyber-crime or protect cloud-hosted patient data.

Cryptographers may analyze and decipher encryption systems as well as develop new encryption algorithms. They may develop statistical or mathematical models to analyze data, come up with methods to correct problems, and may be required to test cryptography systems for vulnerabilities.

That said, cryptographers may be tasked with the following while on the job:

  • Analyzing and deciphering encryption systems
  • Developing encryption algorithms
  • Running penetration tests to identify vulnerabilities and designing solutions to keep hackers from breaking into the system.
  • Programming experience in a variety of languages including Go, Rust, JavaScript, C, C++, Haskell, OCaml
  • Developing and testing mathematical models to secure networks, servers, and databases
  • Testing new cryptography theories and applications
  • Preventing hackers from accessing Wi-Fi networks
  • Helping government agencies, law enforcement, or the military decode cryptic messages
  • Advising companies on cyber security risks, prevention methods, and policies

Additionally, cryptographers must stay up-to-date on the latest security threats and new technologies. The cyber security sector moves at a rapid pace to stay one step ahead of sophisticated cyber-criminals that put organizations at risk. As such, cryptographers must commit to continuous learning and upskilling to remain competitive.

How to Become a Cryptographer

Becoming a cryptographer is a somewhat complicated process, as there aren’t that many cryptography programs available to prospective US college students. At a minimum, you should have a bachelor’s degree in computer science, engineering, mathematics, or a related discipline.

In some cases, employers may be willing to overlook a lack of formal education provided the candidate has work experience and training in the field. For example, the US government is often open to hiring non-traditional candidates for certain cyber security roles because they need to fill these critical roles. Keep in mind; you’ll still need to develop the skills obtained while earning a technical degree, which may prove challenging.

Additionally, if you look at the cryptographer job descriptions on private-sector job boards like Indeed, Monster, or Glassdoor; it seems that most employers want candidates with advanced degrees, and in some cases a proven history of published, peer-reviewed research.

In most cases, it’s probably your best bet to get a bachelor’s degree, earn work experience, and go for either an MS or a PhD in an area with a heavy emphasis on cryptography, cyber security, and newer concepts like machine learning and AI.

Additionally, IT and cyber security professionals that want to specialize in this area may want to consider getting certified. As it stands, the Certified Encryption Specialist (CES) credential is the only recognized option available, but it may be worth pursuing if you’re looking to broaden your job prospects.

To earn your certification, you’ll need to have one year of experience working in an information security role and pass an exam that covers encryption standards, penetration testing, best practices, and implementing encryption algorithms. The EC-Council offers preparation courses to get you ready for the exam, or you can study on your own by purchasing study materials from the organization.

Typical Requirements for Hiring

Cryptographers will likely need a bachelor’s degree at minimum to find work in this field, however, given the highly technical nature of the job, a bachelor’s degree may not be enough to impress prospective employers. As mentioned, most jobs require a graduate degree in mathematics, computer science, or engineering, along with a deep understanding of cyber security best practices, computer forensics, and the ability to develop algorithms capable of encrypting sensitive information in high-stakes situations.

Unlike more established fields, there aren’t many professional organizations that offer credentialing in cryptography. Again, the EC-Council is the only known certifying body for the CES: Certified Encryption Specialist.

Skills Needed

Cryptographers are creative problem solvers that think outside of the box, and rely on advanced mathematics, analytical skills, and advanced computing to solve problems. It’s worth noting that cryptographers must be experts in mathematics, with the ability to develop, refine, and solve algorithms, as well as feed instructions to computers using machine-learning algorithms.

They also must prove that they are trustworthy enough to deal in sensitive data—in fact, many jobs require cryptographers to pass a background check and/or obtain security clearance to qualify.

Because you will often be working with classified information, there’s a higher ethical standard that comes with the territory. Additionally, cryptographers must be able to distill complex concepts into information their colleagues and employer can understand—so oral and written communication skills are a must, too.

Given the technical nature of this field, prospective cryptographers should work to obtain the following hard skills:

  • Ability to design and build computer architecture, data structures, and algorithms
  • Experience with linear/matrix algebra and/or discrete mathematics
  • Strong command of multiple programming languages including C, C++, Python, Java and others
  • In-depth knowledge of number theory, information theory, and complexity theory
  • Expertise in both symmetric and asymmetric cryptography principles such as hash functions, asymmetric encryption, key exchange, digital signatures, message authentication, and more.
  • In some cases, training in linguistics or foreign languages may also be required for some positions.

Additionally, cryptographers should be naturally curious, the type of person who is always reading about the latest technologies and threats to the digital landscape, practicing their hacking skills, and tinkering with their algorithms to come up with the next big thing.

Salary

According to the BLS, the average salary for mathematicians, which includes cryptographers is about $104k annually, and those working for the US government earn slightly more, with an average salary of $112k.

As it stands, Payscale doesn’t have data on this position, and only a handful of working cryptographers have shared their salary info with Glassdoor. Based on Glassdoor’s small sample size, salaries can range considerably—a cryptographic linguist working for the US Air Force earns about $50k per year. In contrast, a Director of Cryptographic Research and Development can earn up to $170k.

Outlook & Jobs

While this isn’t exactly a common industry, based on BLS data, the job prospects for cryptographers appear to be strong, with a projected 28% growth rate from 2018 to 2028, which is much faster than the average growth rate for all professions.

It's worth noting that cryptographers are included under the BLS designation Mathematicians, and it's somewhat difficult to find data related to this particular area of study. That said, here are a few potential career paths for aspiring cryptographers.

  • Cryptographer:
    Cryptographers analyze and decipher encrypted information to help private companies, law enforcement, or government agencies address threats, solve crimes, and establish a line of defense against security concerns. Cryptographers offer technical support and design systems that address network vulnerabilities.
  • Cryptanalysts:
    Cryptanalysts work for a range of institutions including financial services and insurance companies, educational institutions, science and engineering firms, government agencies, and more.
    This role is similar to that of a cryptographer, though the key difference is cryptographers are primarily tasked with creating codes, while cryptanalysts aim to crack them. In today’s world, cryptanalysts assess coding systems and algorithms to ensure that networks and sensitive data are safe from bad actors.
  • IT Security Consultant:
    IT security are a vital piece of today's corporate landscape. In this role, consultants assess an organization's software, computer systems, and networks to identify vulnerabilities and risks. From there, they'll work to design and implement solutions that best meet that organization's needs. This person looks at an organization’s security systems from the point of view both victim and hacker, to gain a firsthand understanding of potential threats.
  • Financial Consultant:
    Financial consultants are now expected to help their clients stay one step ahead of online threats, which means, those consultants with a background in cryptography or cyber security bring more value to the table, educating clients on what they need to do to keep their personal information and investments safe online. Additionally, some cyber security consultants act as consultants to the company, rather than directly working with clients, helping them manage risks, handle audits, and keep client investments out of the hands of fraudsters.
  • University Professor:
    Experienced cryptographers may choose an academic career path instead of a public sector role. This path may be a good fit for cryptographers interested in developing algorithms or publishing research papers. Though landing a tenured position at a university can be difficult, chances are, institutions will seek out experts that possess this rare skill set as well as a PhD.

Cyber Security Careers and Jobs

Chief Information Security Officer (CISO)

These executives oversee information systems and company-wide information security, as well as all departments associated with these systems.

Chief Security Officer (CSO)

These executives deal with information and physical security systems, controlling database and facility entry and all departments that deal with security and surrounding policies.

Chief Technology Officer (CTO)

This executive deals with technology development and implementation. They receive company-wide reports on the use and effectiveness of technology.

Computer Forensics Investigator

Analyze computers or web-based applications in the search for forensic evidence of a crime. This is done in support of the law after commission of a crime, or in efforts to support a company by assessing network vulnerabilities.

Cryptographer

Cryptographers are responsible for deciphering encrypted data. They might do after the commission of a crime. They also work to create better encryption to create stronger networks and safer data storage.

Incident Responder

Incident responders work with companies or governments to respond quickly after a possible threat has been detected. They find the source of the issue, determine if it’s a real threat, and discover how the incursion occurred.

Penetration Tester

Penetration testers seek to create an incursion. By doing so, they reveal the weak points of a security system so that these points can be secured better in the future.

Risk Analyst

Risk analysts spend their time looking for systems, procedures, or malware which could cause unintended negative occurrences, such as system crashes or slowdowns. They help create procedures to fix these problems quickly if they do occur.

Security Administrator

Administrators are responsible for dealing with all security and safety issues. They may create procedures or policies in order to maintain security company-wide.

Security Analyst

Security analysts maintain company networks and fix issues that come up during normal operation. They may also identify threats and neutralizing them as quickly as possible.

Security Architect

This position requires you to choose or design security elements, whether physical parts that will become a part of the system or the virtual system that will provide access to all the company’s data.

Security Auditor

These specialists may be kept on retainer or brought in after changes are made to a system. They provide a system-wide audit to make sure there are no chinks in the armor of the network or system.

Security Consultant

Security consultants devise plans for a company should they experience an incursion or help companies that are just getting started set up their security system from the ground up.

Security Director

The director of security helps create and review all policies and procedures related to security. They also ensure compliance with local or federal laws related to security concerns, such as the safety of patient data.

Security Engineer

A security engineer is responsible for creating computing systems which increase their company’s security and they solve any issues turned up by a security audit or incursion incident.

Security Manager

These managers oversee security staff on a day-to-day basis, making sure staffing is steady and all issues are dealt with and reported to the highest-level security professional in the company.

Security Software Developer

Specializing in security software solutions, they create software for individuals to use on home computers or advanced solutions meant for multi-billion-dollar industries or even government agencies.

Security Specialist

This is an entry-level position in which a specialist may monitor or troubleshoot system or network issues. They may perform basic test procedures, reporting all activity and feedback to their manager.

Vulnerability Assessor

These specialists test systems for vulnerabilities, much in the same way penetration testers do. Instead of performing penetration testing, they look through applications or software for possible weaknesses.

Leaders in Cyber Security Education: Find Your Career Today

Get started today on your path to advance your career!