If you're an IT professional, you probably know that advancing your career means being proactive about developing new skills. You need to keep up with the latest trends, new technologies, and changing best practices to remain employed. And part of keeping pace with change can include making the switch to cyber security - a move that can mean increased job security and more take-home pay. Cyber security has moved from a niche specialization into the mainstream as healthcare, finance, manufacturing, retail, and countless other industries seek professional help safeguarding valuable data. In today's data-driven world, cyber security professionals are in higher demand than ever before.
According to the US Bureau of Labor Statistics (BLS), demand is expected to grow by 28% through 2026, and according to a 2018 study by the (ISC)2, there's a global cyber security skills shortage of about 3 million qualified professionals. The skills gap isn't exactly new, but these numbers suggest that IT professionals that develop the right skills stand to have their pick of employment options and an exciting, stable career path ahead. In this article, we'll go over some ways you can bridge the skills gap and advance your career.
Benefits of a Career in Cyber Security
Cyber security is a relatively new career path, with demand currently much higher than supply. Part of the reason for this shortage is that technology is advancing at a rapid pace, and colleges, universities, and skills training programs haven't been able to keep up.
As such, most cyber security professionals begin their careers in IT, computer programming, web development, or computer engineering but must develop cyber security skills on their own through certification programs or returning to school for an advanced degree.
It's a job hunter's market right now, which means that cyber security careers come with the following benefits:
- High salaries
- Wide range of opportunities
- Remote work is an option
- Potential for self-employment
- Continuous learning, lots of variety
Easy Careers to Transition into Cyber Security
According to Cyberseek.org, the following job titles represent the areas where there's the most demand for qualified pros.
- Cyber Security Consultant
- Systems Engineer
- Cyber Security Engineer
- Cyber Security Analyst
- Network Architect
- Cyber Security Manager
- Software Developer
- Systems Administrator
- Penetration Tester
Some roles are more technical than others. If you're new to IT or looking to gain work experience while learning cyber security best practices on the job, the following job titles may be the easiest points of entry.
- Network Administrator:
A natural transition for veterans of the IT world, network administrators keep networks secure by serving as a gatekeeper. Administrators are responsible for providing access to an organization's network and monitoring systems for potential threats. In this role, you'll learn the ins and outs of an organization's network, a skill that you can build on by earning cyber security certifications.
- SOC Analyst:
SOC analysts work for government agencies, running vulnerability analyses and reporting on cyber incidents that threaten sensitive information. In this role, you'll make recommendations to help the organization reduce the risk of incoming threats.
- Cyber-policy Analyst:
In this role, you'll develop new security strategies, procedures, and guidelines designed to help organizations protect their digital assets. Cyber-policy analysts can work for government agencies, as well as private sector companies and may also help implement the plans they design.
- Vulnerability Analyst:
Vulnerability analysts use security tools to identify critical flaws in systems, networks, and applications. This role involves mitigating risks and running damage control in the event of a breach or potential threat. This person must also make sure that they stay on top of the latest malware attacks and vulnerabilities.
Roles for More Advanced Professionals
On the flip side, technical cyber security jobs require in-depth knowledge that spans coding, networks, engineering, and more. While many of these skills can be learned either on the job or at home, it's worth looking at what employers expect from new hires. As you'll realize, there's a difference between the required skills and desired skills.
For those with a more advanced technological background, you'll have a wider range of job prospects to choose from, including the following roles:
- Security Engineer:
Security engineers test networks for vulnerabilities, monitor for incoming threats, and develop strategies to keep an organization's data secure. Additionally, security engineers are responsible for responding to security breaches and limiting the impact of an attack.
Cryptographers analyze, decipher, and develop encryption algorithms that aim to keep systems, networks, and data sets secure. With the right encryption in place, even if hackers successfully steal data, they won't be able to read it without cracking the code.
- Penetration tester:
Penetration testers work as ethical hackers, breaking into systems to find potential vulnerabilities before malicious hackers can exploit these weaknesses. Keep in mind, becoming a penetration tester means you'll need to document every action you take on the job, and probably pass an extensive background check before you start work.
Skills That Help You Transition
Given the diverse range of cyber security jobs that exist across all sectors, the right combination of skills depends on what kind of career you're planning on pursuing. We've broken out the most desirable skills into a few different sections ranging from the interpersonal to the highly technical. Let's have a look:
Often taken for granted in highly-technical roles, soft skills are essential for cyber security professionals, who must communicate policy changes with key stakeholders, as well as collaborate with colleagues to implement new solutions.
- Willingness to learn on a continuous basis
- Passion for learning and problem-solving
- A flexible mindset that examines problems from multiple angles
- Active listening skills
- Ability to communicate complex concepts effectively, both verbally and in writing
- Exceptional analytical skills
- An understanding of common vulnerabilities and the latest malware attacks
- Updated knowledge and awareness of security standards, tools, and best practices
It's hard to distill the technical requirements into a simple list, as there are many disciplines within the cyber security field; however, it's worth noting that you'll need to have some advanced technical skills to be successful in any specialization. Cyber security pros should have an understanding of the architecture, administration, and management of a variety of operating systems such as Linux, Windows, or Mac OS as well as a background in networking, hardware, and virtualization.
IT professionals well-versed in the world of VPNs, programming languages, firewalls, and analytics skills should find it relatively easy to grasp new cyber security concepts by building on a solid foundation. But, beyond IT basics, here are some additional skills that bring value to prospective employers:
Data Science and Analytics
Big data has shaken up the entire business world from marketing and sales to the restaurant industry. Whether you're pursuing cyber security or not, the ability to understand how to pull insights out of huge mountains of data is essential. If you're interested in becoming a cyber security analyst, auditor, or consultant, that ability to interpret complex information will serve you well.
If you're an experienced IT professional, you likely have some familiarity with one or more programming languages, with coding skills to boot.
That said, employers often require that cyber security personnel have experience with the following:
- Java, C, C++, and C#
- Ruby, Python, PHP, Perl
- Regular Expression
- Knowledge of software development models (i.e., Waterfall, Agile)
- Linux/MAC Bash shell scripting
- System and network configuration
- TCP/IP, computer networking, routing, and switching
- VPNs and firewalls
- Threat detection and monitoring practices
Where to Start
As mentioned, cyber security professionals come from a wide range of backgrounds; from the IT analyst to the hacker to the tech-savvy leader. While you don't necessarily need to have a specific background to become a cyber security professional, in most cases you will need a bachelor's degree at minimum, though in some cases, experience and skill trump formal education.
If you're already working in an IT role, you should talk to your employer about potential opportunities to train on the job. We'll mention this in more detail later, but there are several options out there for earning cyber security certifications, but you'll likely need to enroll in a preparatory course to gain the knowledge required to succeed in earning these credentials.
Because this skillset is high in demand, many employers may be willing to invest in up-skilling their existing workforce. As such, you'll want to find out if your company offers reimbursement for cyber security training courses or earning a master's degree in cyber security.
Gain Hands-on Experience
Programmers, engineers, and web developers will have a relatively easy transition into the world of cyber security due to their technical background. However, it might be difficult to identify where to gain hands-on experience if you're looking to specialize in this field.
You may want to enroll in a preparation course for the entry-level CompTIA Security+ certification, which will provide a foundation you can build on. SANS recommends getting started at home by learning skills through resources like Code Academy or Khan Academy or building a test lab using Microsoft Azure or Amazon Web Services. Or, you might try participating in bug bounties sponsored by companies like Google and Amazon or fine-tuning your hacking skills through free online platforms like Hack.me, Try2Hack, Hack the Box, or Hacking-Lab.
Organizations like the ISACA and (ISC)² also offer training programs to help you prepare for their myriad certification options, though choosing which one makes sense for you depends on your career goals. Search for options near you through the NICCS Education and Training Catalog, which offers a searchable, centralized hub for reputable cyber security courses across the US. Ultimately, your approach depends on your existing skillset; if you don't have a ton of technical experience, an in-person class or training program is probably your best bet.
Focus on Your Interests
Are you business-oriented or more of a tech wiz? Do you have a mind for data? Love programming? Prefer communicating with others over sitting at a computer all day? If you're considering a career in cyber security, your best bet is to find a specialization that connects with your unique interests. Cyber security jobs span a variety of interests and specialties from coding, development, and ethical hacking to operations or management roles.
Here are some of the focus areas you might look into as you consider this career path:
Analyst roles involve, well, analyzing data or information from multiple sources. Specialists must have an understanding of networks, hardware, and architectures, knowledge of cyber-attack stages, and the ability to interpret large data sets to identify threats, make recommendations, and develop assessment plans.
- Systems Analyst
- Financial Analyst
- All-Source Analyst
- Mission Assessment Specialist
- Threat/Warning Analyst
These roles involve investigating cyber-crimes or data breaches using a variety of tools, tactics, and procedures. Investigators collect and analyze digital evidence and must be able to decrypt complex data, understand hacking methodologies, computer networks, physical computer components, legal governance, and more.
- Cyber Defense Forensics Analyst
- Cybercrime Investigator
- Program and Project Management
This specialty area involves developing and maintaining strategic plans as they relate to IT programs and projects. These roles involve everything that an organization does to protect networks and information systems from cyber-attacks, malware infections, and other types of data breaches.
- IT Investment Manager
- Product Support Manager
Developers write, code, and maintain software applications, computer programs, and specialized utilities with security in mind. Cyber security developers must be able to integrate cyber security practices into applications that meet organizational requirements. Examples include GDPR compliance, HIPAA requirements, and PCI security standards.
Developers may design encryption programs, firewalls, and antivirus programs that aim to protect organizations from unauthorized access into specific programs. Or, they might work to modify existing programs if a vulnerability is detected.
- Software Developer
- Security Developer
- Security Engineer
- Systems Administration
Network security professionals work to safeguard internal networks from unauthorized access by building the infrastructure and monitoring tools to keep bad actors from breaking in. While this role has long fallen to traditional IT pros, security teams are increasingly adopting newer technologies like machine-learning algorithms that flag abnormal traffic and send automated alerts for fast action. Systems administrators implement policies and procedures to prevent unauthorized access, modification, and exploitation and run penetration tests to ensure that they find any weak spots before hackers do.
- System Administrator
- Network Administrator
Choose an Appropriate Cyber Security Certification
One of the best ways to transition into a cyber security career is to work on building up your resume by earning certifications that help you deepen your expertise and learn new skills. That said, you need to do your due diligence before signing up for a career training program. If you run a quick Google search, you may find it's hard to separate the legitimate educational options from the predatory. There are a ton of colleges, universities, boot camps, and private companies that promise to help you land the perfect career if you invest $$$ in their education courses. As such, you'll want to make sure that you select a certification that aligns with your career goals and is administered through a reputable professional organization.
While there are countless options available through organizations like ISACA, GIAC, and (ISC)²; here are a few legitimate options that cater to IT pros with varying experience levels:
- CompTIA Security+
One of the more popular certifications available, the CompTIA Security+ certification is designed to validate users' foundational IT skills and establish a baseline understanding of core cyber security concepts. This certification is a great starting point for IT pros looking to transition into a cyber security role, and during the preparation process, you'll cover everything from cryptography and systems architecture to penetration testing, tools, and technologies.
Jobs that use CompTIA Security+:
- Network Administrator
- Junior IT Auditor
- Penetration Tester
- Security Engineer
- Systems Administrator
- Security Specialist
- Security Consultant
- CEH: Certified Ethical Hacker
Certified ethical hackers have an understanding of how to assess weaknesses in target systems, using the same knowledge as cyber-criminals to help organizations keep systems secure. The CEH was initially designed for United States Government agencies; however, organizations of all types seek professionals with ethical hacking skills to protect sensitive information from the next security breach. Security pros that enroll in a training program will learn advanced hacking techniques, how to use the latest hacking tools, and how to hack into the latest attack vectors: AI, cloud, machine learning, and more.
Jobs that use CEH:
- Site Administrators
- Security Professionals
- GSEC: SANS GIAC Security Essentials
GSEC is an IS certification that covers technical and practical skills, proving certified pros are qualified to work in a hands-on cyber security role. This certification is ideal for anyone new to the information security field, and preparing for the exam will help you learn more about the full range of cybersecurity practice areas from active defense and cryptography to security policy, risk management, and cloud security.
Jobs that use GSEC:
- Security Managers
- Operations Personnel
- Penetration Testers
- Forensic Analysts
- IT Engineers
Certified Information Systems Security Professional: The CISSP is designed for experienced security professionals and is best for advanced IT professionals looking to prove their skills in designing, implementing, and managing top-tier cyber security programs. Keep in mind, this certification is only accessible to experienced security professionals with at least five years' experience, but seasoned IT pros benefit from earning a CISSP, as it unlocks access to networking opportunities, and is particularly attractive to government agencies.
Jobs that use CISSP:
- Chief Information Security Officer
- IT Director
- Security Analyst
- Security Manager
- Security Auditor
- Chief Information Officer
- CISM: Certified Information Security Manager
The CISM certification is a globally-recognized professional certification administered by the ISACA. This certification is for cyber security professionals looking to advance their skills and marketability as security leaders. CISM-certified professionals typically work as IT managers, helping organizations align security programs with a broader set of goals, and can develop, implement, and manage an information security program.
Jobs that use CISM:
- Information Systems Security Officer
- Privacy Risk Consultant
- Information Security Manager
- Security Auditor
- Security Designer
- Business Analyst
- Systems Developer
- IT Engineer
MS in Cyber Security
Earning an MS in cyber security will help you further develop your risk management skills and gain experience in hash functions, signature schemes, data analysis, encryption, and assessing security risks that impact hardware, software, and networks. Students will gain an understanding of how to build a security policy for organizations with complex data management requirements and learn the high-level decision-making required to enforce compliance.
Though requirements vary by organization, you'll need to have some programming knowledge in Java or C++ and meet prerequisites, including a course in data structures, calculus, and some advanced mathematics courses such as linear algebra or discrete mathematics.
Career options include:
- Homeland Security
- Computer Engineering
- Computer Software Engineering
- Information Security
- Computer Systems
- Software Development
- Computer Architecture
- Network Administration
- Intelligence Analysis