Until just a few years ago, many companies believed cybersecurity could be handled without a dedicated cybersecurity position, but large-scale breaches exposing customer data have proved network surveillance and vulnerability audits should never be placed on the backburner.
In turn, the need for dedicated, specialized cybersecurity professionals has exploded—outpacing demand for other information technology (IT) occupations threefold, based on recent figures from Burning Glass Technologies. Government agencies and defense contractors are fueling the bulk of the growth, but healthcare, manufacturing, retail, and finance industries are also acknowledging the risks of leaving customer and client information exposed. All in all, few businesses these days can afford to face multiple lawsuits or deal with a tarnished reputation.
According to the Bureau of Labor Statistics, the number of computer and information technology occupations is expected to grow 12% by 2028. However, this figure is a holistic look at an expansive and varied field. In extracting cybersecurity-specific data, business needs will drive 32% more positions over this time, including for information security analysts and similar roles.
Demand is predicted to be so great that, by 2021, the global marketplace may have 3.5 million unfilled cybersecurity positions, based on a study by Cybersecurity Ventures. Although certificates and associate degrees help many computer science and IT professionals make the transition into a network security-focused role, most current openings require a bachelor’s degree in cybersecurity.
If you’re aspiring to enter into a cybersecurity career—either as a current student or a computer science professional looking to make the switch—what paths can you take once you’ve earned your degree?
Start Building Up Your Credentials
ISACA’s State of Cybersecurity 2019 report found that the field already has a shortage of qualified professionals. Based on many job descriptions, someone looking to break into cybersecurity needs to equip themselves with:
A Bachelor’s Degree
Until recently, the typical route into cybersecurity involved earning a computer science degree, perhaps with an IT or cybersecurity concentration, and studying for additional professional certifications. In responding to employment trends, colleges and universities have started offering specific bachelor’s degrees in cybersecurity that reduce the typical math and science core and spend more time on programming, risk management, and network security topics.
Norwich University’s own online Bachelor of Science in Cybersecurity program is structured similarly. Beyond general education requirements, foundational courses go over programming languages, information security, network administration, cybercrime, and risk assessment subjects before students select a concentration in computer forensics and vulnerability management or information warfare and security management.
A bachelor’s degree in cybersecurity streamlines the skills and information needed to break into the field and gets students ready to pass the multiple certification exams employers require. Job descriptions tend to request a combination of the following:
- CompTIA Security+: For many entry- to mid-level cybersecurity jobs, this ISO 17024–compliant and Department of Defense–approved exam is the baseline certification, covering key aspects of network security and risk management. Passing it shows employers you have a general understanding of network security best practices and troubleshooting skills.
- Certified Ethical Hacker (CEH): Another entry-level certification, CEH indicates a candidate’s readiness to identify, address, and prevent vulnerabilities in and around a network.
- Certified Information Systems Security Professional (CISSP): Professionals who already have a number of years in cybersecurity under their belt may want to pursue CISSP certification. The baseline for advanced cybersecurity roles, this lengthy test covers technical, project management skills, and key ethical and legal standards.
- Certified Information Security Manager (CISM): CISM builds upon entry-level certifications, indicating a job candidate has an advanced understanding of risk management and network security compliance protocols.
- Global Information Assurance Certification (GIAC): Another technical-leaning certification, GIAC shows a candidate has solid knowledge of intrusion detection and network forensics topics.
- Certified Information Systems Auditor (CISA): CISA offers a boost to many entry-level cybersecurity professionals. Helping employees advance into a mid-level role, this certification tests and verifies knowledge of vulnerability auditing, monitoring, assessing, and controlling.
In favor of computer science professionals looking to change careers, cybersecurity jobs may require a combination of the following hard and soft skills:
- knowledge of computer architecture, hardware, software, algorithms, backup methods, and archiving technology;
- some understanding of algebraic and discrete mathematics concepts, probability, number theory, and information theory;
- a thorough understanding of standard and modern programming languages, like C, C++, C#, Java, PHP, and Python;
- understanding of cryptography techniques;
- knowledge of Windows, UNIX, and Linus operating systems, including installation, configuration, and patching;
- knowledge of network communications, application security, cloud computing, and security architecture involving DNS, authentication, VPN, routing, firewalls, and DDOS migration;
- how to use eDiscovery, forensic, and network monitoring tools;
- familiarity with ISO 27001/27002, ITIL, COBIT, PCI, HIPAA, NIST, GLBA, and SOX standards;
- knowledge of auditing, risk assessment, threat modeling, and ethical hacking techniques; and
- strong analytical, problem-solving, organizational, communication, negotiation, and team-management skills.
Entry-Level Cybersecurity Jobs
After earning a bachelor’s in cybersecurity and passing a few certification exams, many students enter the field as security, systems, or network administrators or through a lower-level, coding-heavy technical role, like an ethical hacker. Possible cybersecurity job titles include:
Penetration Tester or Ethical Hacker
As the job title implies, penetration testers employ ethical hacking techniques to identify network vulnerabilities—spanning from the operating systems and applications to configuration issues—and the potential ways cybercriminals could exploit them. Afterward, penetration testers record their methods and vulnerabilities and work with higher-level cybersecurity professionals to repair and strengthen these weaker areas.
Security Systems Administrator
An operations-type role, security, network, or systems administrators do all the tasks that keep a network up and running, including implementing security systems, troubleshooting computer and network issues, backing up data, and maintaining user accounts.
This auditing-based role partially overlaps with penetration testing responsibilities but focuses more on identifying, testing, and compiling records than it does ethical hacking. Vulnerability assessors regularly probe the network for easily exploited flaws and maintain a database of known issues. Identification isn’t always manual, and instead, these professionals need to know how to use automated tools and develop scripts for assessing networks, operating systems, and applications.
Mid-Career Cybersecurity Jobs
After spending a few years in an entry-level role, all while gaining more experience and certifications in the process, many cybersecurity professionals are ready for more responsibilities. Professionals at this point in their career diverge along two possible paths: analysis-heavy roles or advanced network engineering careers. Potential mid-career cybersecurity outcomes may include:
Forensic Computer Analyst
After a breach, these professionals act like detectives to find the source. A more technical role, forensic analysts comb through records, examine hard drives and storage devices, use various software programs to identify exploited vulnerabilities or recover data, and put together logs of their findings for future reference or potential litigation. Professionals at this stage are further expected to be familiar with general network security and specific industry standards for protecting customer, client, and company information.
Information Security Analyst
Information security analysts holistically approach a company’s network security solution. Professionals plan and implement security measures to block both third-party attacks and interior breaches, factoring in data encryption, firewalls, and various network vulnerabilities and all the ways these aspects could be exploited.
IT Security Engineer
How are security systems created and updated? IT security engineers have more of an architectural role that uses more traditional computer science skills compared to other cybersecurity jobs, including math, science, and engineering. These professionals have a hand in designing, implementing, and updating network security systems in relation to existing vulnerabilities and current threats. Responsibilities may further cover vulnerability assessment, including updating logs and using this information to revise the existing network security architecture.
IT Security Consultant
Not every cybersecurity job is an in-house role. Especially after working this way for a few years, some cybersecurity professionals may decide to go off on their own, working as consultants for multiple businesses. Expected to be generally familiar with all aspects of cybersecurity, IT security consultants examine each company’s security structure, discuss objectives, and come up with a solution relative to costs and industry best practices.
Cryptographer or Cryptanalyst
A coding-heavy role, cryptographers examine privacy from another perspective: keeping sensitive data protected and secure from outside parties’ interception. As such, these professionals focus on creating encryption strategies through algorithms and security systems, evaluate all the ways encryption could be broken, and utilize these vulnerabilities to strengthen the data protection offered.
The first responders of the cybersecurity field, incident responders and forensic experts work together to quickly tackle security breaches, identifying how the incident happened, who did it, and what data was exploited, and use this information to prevent future intrusions. Forensic experts, however, focus primarily on analysis and investigation, while incident responders take on more technical responsibilities, including penetration testing, reverse engineering, intrusion detection, vulnerability auditing, and network assessments.
Security Software Developer
Cybersecurity professionals utilize specific tools to assess networks, operating systems, and applications and identify vulnerabilities, and security software developers have a clear hand in conceptualizing these programs. Utilizing cybersecurity-specific knowledge, these professionals develop new tools and updates for malware, virus, spyware, and intrusion detection, often factoring in the latest industry developments; help implement these solutions; and identify which programs a company needs to strengthen its cybersecurity strategy.
Senior-Level Cybersecurity Jobs
After several years taking on more responsibilities, acquiring additional certifications, and developing specializations in the workplace, cybersecurity professionals may be ready for a director-type role, in which they lead a team, make big-picture decisions, or oversee a company’s entire network security strategy. Requiring either a bachelor’s degree with several years of experience or a master’s degree, common higher-level cybersecurity job titles include:
Security architects often serve as a company’s network security authority. These professionals may be responsible for establishing network security protocol, examining and repairing threats, developing hardware and software, and educating company-wide staff about the latest network security issues.
Security Director or Manager
Security directors and managers have the final say across all aspects of organizational security, from software and procedures to hiring and training programs to response efforts in the event of a breach. Although advanced technical know-how makes up the role’s backbone, security directors maintain a significant level of organizational, project management, and supervisory responsibilities, typically overseeing an entire security department, compliance programs, and investigations and ensuring all department-level and company-wide security goals are achieved. Within organizational structures, a security director or manager may be the most senior-level cybersecurity role, or they may report to the Chief Information Security Officer.
Chief Information Security Officer
A specialized executive role, the Chief Information Security Officer (CISO) supervises a company’s comprehensive security strategy and facilitates communication between upper management and security personnel to communicate objectives and direction. In the process, the CISO identifies and fleshes out strategies to improve the organization’s unique security needs and puts plans into place to ensure this structure is realized and achieved. Professionals aspiring to be a CISO usually need to have a solid technical background and management experience and may want to additionally pursue a master’s degree in cybersecurity.
Take the first step toward a rewarding career assessing vulnerabilities, using programming knowledge, and fortifying networks against outside attacks with an online Bachelor of Science in Cybersecurity from Norwich. To see if the program is a good fit for your career goals, start by filling out a request for information form.