The article below discusses the most important aspects of a cyber security career. You will learn what cyber security professionals do, where they are employed, job duties, how to become one, common career paths, and more.
What We Do
Cyber security professionals are computer professionals who specialize in technologies, processes and practices that are intended to protect computer networks, computers, programs and data from attack or unauthorized access.
Cyber security workers ensure such security through highly complex and coordinated efforts in an information system. The common aspects of cyber security that these professionals focus on are:
- Application security
- Information security
- Network security
- Disaster recovery
- Operational security
- End user education
Cyber security professionals spend a high amount of resources on quickly and efficiently understanding the forever evolving nature of cyber security risks. Routinely undertaking risk management protocols to evaluate the level of cyber security threat to various systems is among these workers’ most important roles.
Cyber security professionals also may be called information security analysts, who have the following roles:
- Monitor network security to check for breachers and investigate any violations that transpire
- Install cyber security software, including firewalls and data encryption, to provide protection for sensitive company information
- Prepare documentation that lists any security breaches and how much damage was caused in terms of corrupted or compromised data
- Do penetration tests, which is where the analyst will simulate an attack to find vulnerabilities in the systems
- Conduct research on the latest IT security threats
- Plan for how the company will handle cyber security
- Provide recommendations to higher management for security enhancements
- Assist computer users who need to learn about new security threats and systems
Generally, cyber security professionals must stay one step ahead of cyber criminals. They need to stay current on the very latest techniques that criminals use to break into computer systems. They need to conduct ongoing research into new types of security technology to determine which products will provide the best level of protection against cyber crimes.
Cyber security workers are involved in disaster recovery plans for companies. These are IT system plans to follow in case of a catastrophic data loss or breach.
Where We Work
Cyber security professionals such as information security analysts held 82,900 jobs in 2014. The industries that use the highest numbers of these professionals are:
- Computer systems design: 26%
- Information system companies: 10%
- Management of companies and related enterprises: 8%
- Depository credit intermediation: 7%
- Technical, management and scientific consulting companies: 5%
Monster.com reports that the following industries that need greater numbers of cyber security experts:
- Technology companies: Tech companies often work entirely online, so security is absolutely vital. Technology is always changing, and there are new areas for breaches to occur all the time. Attackers are learning how to hack through firewalls no matter how new the new systems are.
- Government: The Washington DC area is a very hot area for various cyber security professionals due to all of the federal government and defense jobs there. The Department of Homeland Security is always hiring more cyber security experts.
- Banking and finance: Identity theft is terrifying for most people because the vast majority keep their money and investments in banking and finance institutions that are online. Banks are spending billions per year on fraud protection.
- Retail: Retail companies have massive amounts of personal payment information online, so this is another sector that employs huge numbers of cyber security professionals.
- Media: Any proprietary information that media companies have can be revealed if it exists online and hackers get their hands on it.
How to Become
Most cyber security professionals have a bachelor’s degree in a computer science related field, such as programming. You also may want to get a bachelor’s degree in computer science with a specialty in information security.
An MBA in information systems can be very useful if you are interested in senior level positions.
The general job outlook for cyber security professionals is outstanding. The Bureau of Labor Statistics states that the demand for this field will soar by 18% by 2024. This is a much faster than average growth rate.
Cyberattacks are more common today because technology is getting more sophisticated, and more companies are storing valuable information online. The market for stealing critical information, such as proprietary secrets and consumer personal and financial data, is massive and growing.
Cyberattacks are getting more and more sophisticated, and cyber attack professionals will be needed to devise new solutions to stop hackers from stealing valuable information.
More job growth is expected in the federal government as it will be using more cyber security professionals to protect the important IT systems of the nation. Healthcare organizations also are expanding the use of electronic medical records that can easily transfer patient data from one provider to another. It is critical to ensure the privacy of patient data so healthcare providers are bringing in more cyber security experts.
Because cyber security is so important today, the median annual wage for these workers is high – $90,100, with the top 10% earning more than $143,000 per year.
In addition to the role of information security analyst highlighted above, the 10 best career options below also are often closely related to cyber security work at least in part:
- Cybersecurity analyst: Provide cybersecurity to support to managers of information security and various project managers. Provide risk management framework assessment and support through various stages of acquisition, systems engineering and maintenance processes.
- Cyber risk threat analyst: Manage operational risks across a companies product lines, business’s and regions. Responsible for the evaluation, development and publication and briefing of analytical reports to introduce viewpoints on threat issues impacting the company or organization as a whole.
- Computer and information systems managers: Often referred to as IT managers or IT project managers. They are responsible for planning, coordinating and directing most of the computer based activities for a They determine what the information technology goals are for the firm and implement computer and security systems to meet those goals.
- Computer programmers: Write and test computer code that make computer applications and software programs function the way they are designed. They transform the program designs that software developers and engineers create and turn them into computer code that computers and other devices can follow.
- Computer systems analysts: Study the current computer and security systems and procedures, and then design information systems that help companies to operate in a more efficient manner. They are responsible for bringing together business and IT to better understand the needs and limitation of each. They also must work with cyber security experts to ensure that the systems and procedures designed are safe from hackers.
- Software developers: These are the creative minds that design computer programs. Some will develop the applications that allow consumers to do tasks on a computer or mobile device. Others will develop the underlying systems that control the devices and/or networks. It also is important to design software that is safe from cyber attacks.
- Web developers: These computer and Internet professionals design and create websites. They are the ones who design the front end look and feel of the website, and are responsible for its technical aspects, including performance, capacity and how many users it can handle at once. Both back end and front end web developers need to have cyber and information security skills to ensure they can design websites that are safe from hackers.
- Network and computer systems administrators: Systems and network administrators handle the day to day operations of computer networks. They are in charge of organizing, installing and supporting the computer systems for an organization. These include LANs, WANs, network segments and intranets. All of these networks must be designed and maintained in such a way to be secure from cyber attacks.
- Database administrators: Use specialized software to organize and store data, including customer address and shipping records, as well as financial data. They also must ensure that data is available to authorized users and is secure from any unauthorized users. DBAs can be either in charge of the physical and technical parts of the database or the applications of the database.
- Computer and information research scientists: Responsible for inventing and designing new ways of using computer technology and to discover new ways to use current technology. They must create and improve software which involves working with algorithms. In their research, they must design products and software in such a way that they cannot be damaged by cyber attacks.
- Computer support specialists: These computer professionals provide customer support to computer users and organizations. They may support either computer networks or assistance directly to computer and software users. All computer support specialists must be skilled in information and cyber security protocols.
- Computer network architects: Responsible for building and designing data communication networks, such as LANs, WANs and Intranets. These networks can be small connections between a few offices or a large cloud infrastructure that serves multiple companies or campuses. Network architects need to have broad knowledge of the company’s business plan and be skilled in information security protocols to protect vital data and systems from cyber attacks.
Cyber security professionals need to have a bachelor’s degree in computer science, possibly with a specialization in cyber security or information security. Expect to take courses in computer forensics and advanced computer security matters.
Earning a master’s degree in business administration may be needed to work in senior managerial positions focused more on the business side of the company or department. Or, more technically minded professionals may opt for a master’s degree in computer science, if the managerial position is more technical in nature.
Depending upon your interests in cyber security and the type of company you work for, you may focus more on some types of cyber security attacks and areas than others. Some of the most common types of cyber security problems you will deal with in this career include:
- SQL injection attack: This type of attack targets SQL servers, which are commonly used by large websites to manage their data. This type of attack uses malicious code to make the server provide information that it should not. This is a common attack that large retail companies see, as they usually have large amounts of consumer financial data stored, such as credit card numbers, usernames and passwords.
- Denial of service: Flooding a website with more traffic than it is designed to handle, which overloads the website servers, making it impossible for customers to access information. Very commonly used on many types of large websites in various industries.
- Session hijacking: Internet users connect with servers around the world to connect onto various websites. Those web servers provide you with access to the information you seek. Each session is given a session ID, which should stay private. But hackers can hijack these sessions and pose as the computer making the request. This can allow the hacker to gain unauthorized access.
Training and Certifications
One of the most popular certifications for cyber security professionals today is the Certified Information Systems Security Professional designation or CISSP. This is recognized as one of the best credentials for computer security professionals whose primary job is to manage their company’s or department’s overall information security program and protect it from cyber attacks.
More than 50,000 US jobs were posted in 2015 by employers who wanted a cyber security professional with a CISSP designation. The total number of such workers in the US at the time was 65,000. Thus, there is a great need for CISSP-credentialed cyber security professionals.
To earn the CISSP designation, you must pass a 250 question test that takes up to six hours. It features both multiple choice and long answer questions. This test will gauge your skill and knowledge in these areas:
- Security and risk management
- Asset security
- Security engineering
- Communications and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
To qualify to sit for this exam, you must prove that you have at least five years of full time, paid work experience in one of the above areas. If you choose to pay for a study course for the exam, you can expect to pay up to $2500 for online courses, and more for in person classes.
If you are just getting started in a cyber security career and lack that kind of work experience, you may want to get entry level A+, Network+ and Security+ certifications from CompTIA. With this as a solid foundation, you can then attempt to attain a security-related job and get vital hands on work experience in cyber security.
- O’Hara, K. 5 Industries for IT Security Job Seekers. (n.d.). Retrieved https://www.monster.com/career-advice/article/5-industries-for-it-security-job-seekers
- CISSP Designation. (n.d.). Retrieved from https://www.isc2.org/cissp/default.aspx
- Information Security Analysts. (2015, Dec. 17). Retrieved from https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm#tab-3