You figured how to get into cyber security: you learned the technical skills, landed the job, did the work and proved yourself.Now it’s time to chart your career path.
When it comes to climbing the cyber security career ladder, with the right skills, credentials and contacts, “the sky is the limit,” according to Dr. Dennis Backherms, an IT professional and adjunct faculty member at Southern New Hampshire University (SNHU).
This is true, in part, because of technology’s ubiquity in our lives. “Nowadays, everything is done with computers and involves data,” said Rodney Royster, an adjunct faculty member at SNHU with more than three decades of experience in the cyber security sphere. “And that means everything is vulnerable to attack from bad actors.”
Cyber security is important because it protects vulnerable information from these "bad actors" including hackers and other cyber criminals who try to access valuable data and information. Valuable information cyber criminals desire includes: intellectual property, government secrets, credit card numbers, account passwords or electronic medical records. Meanwhile, professionals working in different types of cyber security roles, from entry-level analysts to top-level executives, protect and defend against these continually evolving threats and attacks.
What Types of Cyber Security are in Demand?
Cyber security professionals work in nearly every sector and industry – public and private, for-profit and nonprofit – and at businesses and organizations large and small, including:
- Banking and finance
- Health care
- Law enforcement
“Cyber security is an industry-agnostic field,” according to Brandon Champion, an adjunct faculty member at SNHU. “But the industry dictates which risks you have to worry about.”
Champion knows this first-hand. In his role as chief information security officer (CISO) within the global power and engineering industry, he might focus his team’s efforts on protecting the company from ransomware, malicious software that locks out the system’s users until a ransom is paid. Meanwhile, in his other role as senior information systems officer for the Army National Guard, he works to prevent security breaches by nation state actors, including foreign governments with political agendas.
“The threat landscape continues to change on a daily basis and requires a more agile workforce to maintain comprehensively protected networks,” according to Backherms. As a result, the 2020–2030 job outlook for cyber security roles such as information security analysts and computer and information systems managers is expected to grow faster than the average for other occupations (by 33% and 11%, respectively), according to the U.S. Bureau of Labor Statistics (BLS).
“There’s a shortage of people in this field, which makes finding qualified cyber talent very difficult,” said Dr. Trebor Evans, a certified CISO and SNHU adjunct faculty member.
What Are People in the Cyber Security Industry Called?
Cyber security professionals go by many names, but the job titles or descriptions will “normally have ‘information security,’ ‘cyber security,’ or related terms in them,” said Backherms. Examples include:
- Cyber security specialists
- Cyber security technical architects
- Information security, cyber security or vulnerability analysts
- Penetration testers
- Security or cyber security administrators, engineers, principles and technicians
“You’ll often also see the words ‘entry,’ ‘associate’ or ‘senior’ accompanying these titles,” Backherms said. “Once you get to the executive level, cyber roles tend to be categorized by manager, director or officer (for example, chief information officer) title types.”
Meanwhile, on the government side, cyber security roles might be designated as “level I,” “level II” or “level III” based on the minimum level of knowledge, experience or certification required, according to Royster.
In other words, you’ll find cyber security career opportunities at all levels – from the day-to-day operations and management, up through the senior executive level and even on the board.
“Keep in mind, though, that these job titles change,” said Royster. “I was looking at a job posting the other day for a CISO, but it was for a chief innovation security officer.”
What Are the Different Roles in Cyber Security?
“Organizations are still working hard to accurately define the expectations of cyber security roles and how those roles fit into the bigger organizational picture,” said Backherms.
The specific job responsibilities for any given cyber security role can also depend on the size and resources of the employer. “At a smaller or mid-size firm, you might end up being a ‘jack of all trades,’ while at a larger firm you’re more likely to have specialists,” said Champion.
Cyber security professionals can benefit from starting as generalists and then specializing in an area of interest or strength, according to Champion. These areas can include:
- Application security
- Data loss prevention
- Incident response
- Network security
- Security architecture
- Threat intelligence
- Vulnerability management
Take the Next Step in Your Cyber Security Career
Whether you’re a generalist or a specialist, you’ll need to keep up with cyber security’s ever-changing technical requirements, latest legal regulations and best practices as well as the emerging trends in the industry in order to achieve your career goals. To that end, consider:
- Completing a cyber internship
- Joining a professional organization or association, such as ISACA, Information Systems Security Association (ISSA), (ISC)² or the SANS Institute
- Networking or finding a mentor to help you outline and achieve your short- and long-term career goals
- Taking coursework toward a degree (such as a bachelor’s or master’s in cyber security) or certification that aligns with your career aspirations
- Upskilling in virtual labs to practice industry applications and technologies
Such opportunities are available to current college students, newly minted graduates and seasoned career-changers alike, said Champion.
Evans, for example, earned his undergraduate degree in information technology, worked in various IT roles (server administrator, database administrator, desktop support) and then earned his MBA before transitioning to a dedicated cyber security role.
“I didn’t necessarily count myself as a security individual, but I’ve always been security-minded,” he said. When the right cyber security career opportunity presented itself through his professional networks, Evans was upfront with the hiring managers about the training he would need to be successful in the role. “The company gave me a trial run and said, ‘You should probably get your CISO certification within a year.’ I finished it within two months.” He’s now senior vice president and CISO at a large, full-service, regional bank and recently got certified as a data privacy solutions engineer.
As you continue to gain experience and expertise during your career, you might set your sights on pursuing cyber security positions or opportunities in:
- Consulting: According to Royster, the best cyber security consultants have not only the technical chops, but also considerable experience with recognized organizations across multiple industries – in addition to the presentation and interpersonal skills needed to engage with IT-savvy clients. “You need to be able to talk the talk. So, find your niche, master those skills, and then see if consulting is the right fit for you,” he said.
- Education: Cyber security professionals can also explore opportunities teaching or mentoring, both formally and informally. “Teaching, for me, is a way to provide back to the field,” said Champion. “It’s still a fairly small community and – perhaps selfishly – I want the next generation of people potentially working for me to keep moving our field in the right direction.”
- Leadership: Senior- or executive-level roles typically require solving higher-order problems, making strategic decisions, building teams and processes while collaborating across business divisions. “Every day is different for a CISO,” said Evans. “Sometimes it’s a high-stress situation and everyone looks to you for direction and answers. That means you have to think fast and your decisions can have significant consequences.”
If getting an education in this field interests you, consider learning more about what a cyber security degree is.
Level Up in Cyber Security Through Learning
“My best advice, after years in the industry, is to find an area that piques your interest and develop the sharpest skillset possible in that area,” said Backherms. “The more honed a skillset in an area, the better chance someone has of securing better-paying jobs.”
Certifications can be useful in this regard. “Professionals already working in a cyber position should achieve relevant certifications based on their areas of interest and the needs of their organization,” Backherms said. Some colleges will consider your certifications as transfer credits you can use toward a degree program, saving you time and money if you're looking to go back to school.
Meanwhile, it’s worth exploring your interests or staying current with industry standards by upskilling. According to Royster, useful resources include:
Another way to ensure you are positioning yourself for the best cyber security education possible is to find a school that participates in the National Cyber League (NCL) competitions. Recently, SNHU placed ninth in the nation for the spring 2022 rankings. If you are considering a certificate or advanced degree in cyber security, looking for a school that offers experiential learning opportunities such as NCL competitions could be beneficial.
Finally, if your cyber security career goals include stepping up the ladder toward an executive-level title, then an advanced degree might be the right investment. According to Backherms, “An advanced degree can help you learn the foundational and conceptual ideas concerning cyber strategies while developing the soft skills – such as communication, teamwork or leadership – that you’ll need to succeed.”
An advanced degree signals your commitment to learning, which is an important quality in any cyber security professional, according to Evans. Plus, the credential can help set you apart from other candidates and move your resume to the top of the hiring manager’s pile. “As CISO for a $9 billion financial institution, I am constantly seeking to hire qualified cyber talent and prefer those with a master’s degree,” Evans said.
“There’s always something new to learn in cyber security, whether you’re an analyst, engineer, architect, all the way up to CISO,” he said. “My advice? Don’t be afraid to try anything and everything, even if it’s outside of your scope. If you stay in your comfort zone, you’ll never grow.”
Discover more about SNHU's cyber security degree online: Find out what courses you'll take, skills you'll learn and how to request information about the program.
Sofia Tokar is a freelance copywriter and editor in higher education. Follow her on Twitter @stokar or connect on LinkedIn.