It’s no secret that the cybersecurity industry is a job seeker’s market. This article explores half a dozen of the most popular cyber security career paths to see what opportunities exist and what these roles entail
Editor’s Note: This is a guest blog contribution from Michelle Moore, Academic Director and Professor of Practice for the University of San Diego’s Master of Science in Cyber Security Operations and Leadership program. Moore shares her perspective on six of the most popular careers in the cybersecurity industry.
It seems like not a week goes by without an unfortunate cybersecurity-related incident making headlines. In 2021 alone, more than 40 million patients’ records were compromised in data breaches. The victims of 2021’s biggest data breaches included:
- Major energy companies like Colonial Pipeline
- Social media platforms like Facebook, Instagram and LinkedIn, and
- Major manufacturers like Volkswagen and Audi.
Data breaches now cost companies an average of $4.24 million per incident and, as recent cyber crime statistics show, the cost of cyber crime seems to have nowhere to go but up. Amid this highly active cyber crime climate, it is easy to see why there is such strong demand for skilled and knowledgeable cybersecurity professionals. And the need for talent cuts across a range of different cybersecurity careers. The ideal one for you will depend on your experience, skills, education, and career goals.
But what are some of the major cyber security career paths? And what are some of the skills and certificates you might be expected to have to land these careers?
Let’s hash it out.
First, let’s discuss the half-dozen main cybersecurity career path “feeder” categories outlined by Cyber Seek:
As the category indicates, these types of positions work closely with all types of networks and computer systems. Responsibilities typically include overseeing and maintaining networks — managing wide area networks (WAN) and local area networks (LAN) — and other types of communication systems. The top skills requested include knowledge and experience with Linux, Cisco, network engineering, WAN, LAN and routers.
- Java Developer,
- Software Developer,
- Software Engineer,
- Net Developer, and
- Senior Software Engineer.
At a high level, professionals in these types of positions focus on managing complicated systems. This could include managing software, developing and maintaining new products, working on new security systems, and aiding other engineers involved in the process.
Cybercrime threatens any company’s financial stability and health, which is why it’s important to employ skilled professionals who have the business acumen to help mitigate risk and protect a company’s financial interests. Accounting, financial analysis, budgeting, risk management, financial reporting and project management are among the skills typically needed for these types of positions.
The world of cybersecurity requires constant vigilance, and a large part of that includes gathering and monitoring security intelligence. In these types of positions, professionals gather relevant information, data and intel that will help a company prepare for or avoid a cyber attack. Security intelligence is used for everything from carrying out hypothetical or real-life training/preparation to modifying a company’s overall cyber strategy or business goals.
6. IT Support
If you’re a people person, roles in this category may be of interest to you. IT support covers a wealth of roles that often interact directly with customers and other end-users. Examples of some of the roles that fall under this umbrella include technical support specialists, help desk technicians, and IT support specialists.
6 Cyber Security Career Paths to Consider
Want some good news about cybersecurity careers? You can choose from a variety of positions (depending on your interests and career goals), salaries are high, and the job market is booming. In fact, a recent LinkedIn search for “cybersecurity” positions in the United States yielded more than 100,000 results for top companies such as:
- Fidelity Investments,
- Morgan Stanley,
- U.S. Department of Homeland Security,
- Microsoft and
And since cybersecurity touches practically every industry, you could find yourself working at Bath & Body Works, Target, Duke University, the NBA, or NASCAR — all companies that were recently looking to hire skilled cybersecurity professionals.
Now let’s explore some of the top positions, including required skills and certifications and average salary. One note: Salary estimates are listed below, but they often vary as they are updated in real time.
First up on our list of cyber security career paths is an Information Security Analyst. This professional is on the front lines, generating and implementing strategies to prevent cyber attacks. They may also create policies and work to ensure employees are complying with certain requirements and regulations. U.S. News & World Report ranks this role as No. 4 among Best Technology Jobs, No. 10 in Best STEM Jobs, and No. 15 overall.
- Requirements: Entry-level ISA roles frequently require a bachelor’s degree in an information-related field (e.g., programming or computer science). More advanced positions usually require more education, experience, and certifications.
- Key skills/knowledge to succeed: Information security, information systems, Linux, network security, threat analysis, security operations, vulnerability assessment, project management and intrusion detection
- Common certifications: Some positions may require certifications, and CompTIA’s Network+, CompTIA’s Security+ and CompTIA Cybersecurity Analyst are some of the most common.Others include:
- Certified Information Systems Security Professional (CISSP)
- EC-Council Certified Ethical Hacker (CEH) Certification
- GIAC Information Security Fundamentals
- GIAC Security Essentials Certification
- Certified Security Analyst Training
- CompTIA Advanced Security Practitioner
- CompTIA Security Analytics Expert certification
- Salary: Median annual salary of $102,600, according to the U.S. Bureau of Labor Statistics
A Cybersecurity Architect is typically responsible for everything related to a company or organization’s computer and network security infrastructure. This includes designing, testing, and maintenance.
- Requirements: These types of positions typically require at least five years of experience, notably in information security.
- Key skills/knowledge to succeed: Excellent communication and critical thinking skills. These professionals should have in-depth experience and knowledge of Windows, Linux and UNIX systems. Understanding of virtual local area network (VLAN) security, wireless security and relevant standards and regulations.
- Common certifications: It will depend on the position, but many cybersecurity architects opt to become a CISSPor a different concentration, Certified Information Systems Security Professional – Information Systems Security Architecture Professional (CISSP-ISSAP). Additional relevant certifications include:
- GIAC Defensible Security Architecture (GDSA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Salary: According to Talent,the average salary is $150,000 with top positions paying in the range of $185,000.
You may also find this position listed as an IT or information security specialist or simply security specialist. Responsibilities typically include testing and implementing security measures, working to secure sensitive or classified information or assets, and identifying vulnerability risks in various systems.
- Requirements: Many entry-level cybersecurity jobs require at least some experience — anywhere from 3-5 years, depending on the company. Mid-level positions may require 5-8 years of experience.
- Key skills/knowledge to succeed: Risk analysis and mitigation, problem-solving and critical-thinking skills, programming, and intrusion detection.
- Common certifications: Many cybersecurity specialists have one or more of the following certifications: Certified Information Security Manager (CISM), CompTIA Security+, CISSP, Certified Information Systems Auditor (CISA), SANS/GIAC Certification or Certified Information Security Manager (CISM).
- Salary: ZipRecruiter puts the national average annual salary for this position at $111,052.
A high-ranking Chief Information Security Officer who oversees the development and implementation of security processes for a business or organization. The goal is to provide and maintain protection from different types of risks and cyber threats.
- Requirements: Since this is a senior-level position, practical experience and education are typically required. In most cases, companies are looking for a bachelor’s degree in a related field, such as computer science, and experience in management. Though it’s not always required, many CISOs have a master’s degree.
- Key skills/knowledge to succeed: Security information and event management, technical and functionality competencies in security, management and leadership experience, understanding of risk and compliance.
- Common certifications: Similar to the previously listed positions, common certifications for a CISO include CISA, CISM, CISSP and/or a Certification in Risk and Information Systems Control (CRISC).
- Salary: According to Glassdoor, the average salary for a CISO is $204,828.
The goal of a Penetration Tester is just as the name indicates — to test how difficult it is to penetrate a company or organization’s software, network, and other systems. This also includes conducting tests to gather specific information about vulnerabilities so that they can be hardened before bad guys exploit them.
- Requirements: This will depend on the position, but a minimum of a bachelor’s degree is typically required; hands-on experience is often also emphasized. Some high-level positions may require an advanced degree.
- Key skills/knowledge to succeed:
- Coding language knowledge and skills (e.g., Linux, Python, and Java)
- Knowledge of computer security
- Insight into how hackers gain unauthorized access to secure systems
- Understanding of how computer security breaches can disrupt businesses
- Strong communication skills
- Common certifications: There are multiple certificates that would be particularly useful for this position (listed alphabetically):
- Certified Ethical Hacker (CEH)
- Certified Expert Penetration Tester (CEPT)
- Certified Penetration Tester (CPT)
- GIAC Certified Penetration Tester (GPEN)
- Licensed Penetration Tester (LPT)
- Offensive Security Certified Professional (OSCP)
- Certified Mobile and Web, Application Penetration Tester (CMWAPT)
- Salary: Average salary for a penetration and vulnerability tester is $101,231
A Network Administrator oversees networks within a company, organization or government agency to ensure they’re running as they should be. This includes managing and monitoring Local Area Networks (LANs), Wide Area Networks (WANs) and other systems, testing equipment, troubleshooting, and providing maintenance.
- Requirements: In most cases, having either a two- or four-year degree in a related field (such as IT or computer science) is often necessary to land one of these roles.
- Key skills/knowledge to succeed: Many positions require at least a few years of technical or troubleshooting experience. Experience with WAN, LAN and virtual private networks (VPNs) may also be required.
- Common certifications: Network Administrators may have one or more of the following certifications:
- Salary: According to ZipRecruiter, the national average for this position is $69,182.
Other Career Opportunities Within Cyber Security
This article, by no means, is an exhaustive list. Here are some other popular cybersecurity career paths:
- Security Auditors look at every facet of a company’s online security system and analyze what works and what doesn’t. In many cases, these types of auditors work for an outside company.
- Cybersecurity Consultants are highly paid professionals typically contracted by businesses and organizations to offer their cybersecurity skills, insights, and knowledge. The exact responsibilities will differ depending on the position and the company or organization they work for.
- Cybersecurity Engineers identify threats, risks, and potential problems that could result in cyber attacks or data breaches. They then take that information and develop and implement solutions to create appropriate, effective solutions and measures of protection. These types of professionals are also frequently called information security engineers.
- Systems Administrators are similar to Network Administrators, but they focus on computer systems and servers as opposed to networks. Their responsibilities include installing software, troubleshooting and solving problems, working on related IT research and keeping up with the needs of the department.
- Cybersecurity Managers typically oversee a security department, program or system. They may be involved in budget work, the development of security policies, fixing security breaches, employee training, and other related functions.
- Risk Managers typically assess a company or organization’s level of risk, as well as processes, procedures, and compliance. There are different types of risk management, such as strategic, legal, and financial. Risk Managers and Cybersecurity Risk Managers may be the same, depending on the company.
How to Get Started on Your Cyber Security Career Path
There are many ways to position yourself for a successful career in cybersecurity. Here are some of the most popular ones:
- Cybersecurity certifications. Industry certifications are an increasingly important part of the cybersecurity profession and, depending on the position, they may be required.
- Advanced education. Master’s degrees may not be required for the majority of cybersecurity positions, but they are a great way to obtain comprehensive hands-on experience and knowledge from industry experts. Plus, an advanced degree will give you an edge over other job applicants.
- Internships. This is a great way to build experience and make industry connections. Search “cybersecurity internship” on LinkedIn and Indeed, and you’ll see postings in a wide variety of industries, including health care, insurance, nonprofits and sports.
- Networking. You probably know someone who works in cybersecurity, but you may not realize it. Tell your family and friends that you’re interested in this line of work. Look at your connections on LinkedIn and see if you have any connections who may be able to offer career insight or advice.
- Informational interviews. If you do find someone who works in cybersecurity, politely ask for an informational interview. This is a low-stakes, no-pressure situation in which you will have a conversation with someone who works in your desired field. It doesn’t have to be very lengthy (30 minutes is a good start), but it’s your chance to ask questions and find out more information — and in some cases, it may even lead to a potential interview or job offer down the road.
From finance and engineering to software development and risk analysis, there is a wide variety of cyber security career paths for those interested in pursuing or advancing a meaningful career in cybersecurity.
Check out this related article for some additional cyber security career job-related tips.