How to become a Cyber Security Expert
The cyber security job market is severely lacking in qualified applicants. Our mission is to help fill this skills-gap with quality cyber security training for recognized certifications as well as up-to-date threats and defense techniques. It is clear, however, that certifications are not enough and applicants really need experience and understanding of the industry’s landscape.
This post is a compilation of a nine-part series illustrating high-level descriptions and requirements of nine different cyber security jobs. My hopes for this series is that it will help guide cyber security students towards the education and experience they will need to successfully enter the job market. Each role is linked to its full post with more detailed information about suggested certifications and pointers on how to get started. Listed salaries are as found on Payscale, but are typically much lower than what an experienced cyber security professional makes/would be offered.
Median Salary: $65,726
Description: The Network Security Administrator (or Systems Administrator) is a jack-of-all-trades in the security sector. Ultimately, it’s the Network Security Administrator’s job to keep an organization’s network safe, up-to-date and running smoothly. This entails a strong technical background, but can also require a strong understanding of policy, as it is often the Network Security Administrator’s responsibility to form and deploy effective security policies.
With many companies running multiple computers and software platforms, a Network Security Admin has a lot of opportunities within a single organization to work with cyber security needs across a network.
Required Experience: Across the board, a bachelor’s degree in computer science, engineering or related field is a required qualification for most Network Security Administrator roles.
I also noticed that this is one of the few job titles which many employers actually require particular certifications, most frequently CompTIA’s Security+ and Network+ along with CISSP. While some job listings have a required minimum Network Admin experience requirement, many just require experience with specific hardware, software, environments and tools.
Median Salary: $68,671
Description: A Forensic Computer Analyst (or Forensic Computer Investigator) works with law enforcement and private entities to identify systems and networks which have been compromised from criminal breaches and exploits. The Forensic Computer Analyst is expected to have a vast knowledge of hardware, several programming languages, networking and encryption methodology in order to gather and analyze criminal activity information.
Required Experience: While I did come across one listing that only called for two years of experience, most listings asked for a BS in computer science or a minimum of 5 years of Digital Forensic experience along with a laundry list of other required experience. Some such required experience includes experience with:
• digital forensics tools
• Forensic Analysis of compromised systems
• technical report writing
Suggested: CHFI [Computer Hacking Forensic Investigator Certification]
Median Salary: $70,400
Description: An information Security Analyst is typically an organization’s first line of defense against cyber-attacks and vulnerabilities, working with a team to manage access control and reporting to Compliance Officers and Technical Solutions Directors.
Required Experience: A BS in computer science, technical security or a related field is often suggested to make you a competitive applicant, but experience can supplement this requirement.
It seems the absolute minimum requirement for an applicant is to have at least three years of experience in the cyber security field, though some ask for more specific experience. Most job listings also detail environments, scripting languages and tools they would like applicants to be familiar with. Some of these typically include: Windows, Mac, Linux familiarity and intimate knowledge of Python scripting language among others.
Also, this is one of the cyber security career paths which require applicants to have obtained critical certifications such as CISSP and CEH, as well as the willingness to continue their education throughout their career to ensure applicants are up-to-date on the most current tools, techniques and methodologies.
Median Salary: $73,418
Description: An Incident Responder is responsible for responding to threats and security events. Sounds simple enough, but these are highly-skilled cybersecurity experts who have mastered everything from reverse engineering to penetration testing and more. Incident Responders discover, mitigate and investigate security problems, recording and reporting each problem as it arises. Many Incident Respondents have prior experience in computer forensics and security analysis.
Required Experience: To be a competitive applicant for this role, one must have a BS in Computer Science, Computer Forensics or related field; have 3+ years of experience in the field; and hold at least one relevant certification. Moreover, one must have strong programming language knowledge and experience; working knowledge of Windows, Linux, Cisco and a multitude of environments; advanced analytical skills; strong communication skills; and more specified, technical knowledge.
Median Salary: $80,238
Description: At the heart of it, a Penetration Tester is someone who performs penetration tests on an organization’s networks, systems, apps, etc. to find vulnerabilities for the organization to patch. However, depending on the organization’s size and other factors, you may also have to make pivots, write reports, and work with other departments and teams within an organization.
Required Experience: Most job listings require a bachelor’s degree in a technical field and 1-5 years of relevant experience. The experience required varies greatly between companies, and educational experience becomes more flexible with increased, relevant, industry experience. Some companies will want you to have experience specific to certain environments while others will appreciate a broader understanding.
Median Salary: $80,400
Description: Examining malicious software, the malware analyst often works closely with Incident Responders, and perhaps even Computer Forensic Investigators. In addition to malicious software, a Malware Analyst also often conducts analysis of suspicious code and develops tools to help protect against malicious software and suspicious code. A deep understanding of reverse engineering, software development and types of threats is crucial for a successful Malware Analyst.
Required Experience: Specific experience with specific environments will be required, so a well-rounded background will be important for a successful Malware Analyst. At least 2 years of experience with malware analysis is often required. In-depth knowledge of APT attacks is also almost always listed. Experience with Linux tools and familiarity with Windows systems is another frequent ask.
Good problem solving skills and ability to communicate with various audiences are a given. Reverse engineering experience and technical mentoring are also often included. CND based analytical frameworks experience is also often specifically asked for, along with experience with commercial and open source security tools. There are many other organization specific experience required, but this covers most of the basics.
Median Salary: $85,177
Description: As with most cyber security jobs, a Security Engineer job description ranges from company to company. At its core, security engineering focuses on the tools and methods required of designing and testing secure systems, as well as adapting existing systems to evolving environments.
The four predominant concerns of a security engineer are policy, mechanism, assurance and incentive. Security engineers require a well-rounded, cross-disciplinary understanding of security. Anything from developing security related applications to employee awareness programs.
Required Experience: Most Security Engineer listings will want you to have a bachelor’s degree in Cyber Security or a related field as well as anywhere from 1 to 10 years of experience in information security. However, experience and certifications can often make up for a lack of formal education. Aside from this, the experience required will vary widely from organization to organization. Some will require certifications; some will require specific experience with public cloud or other environments. It’s best to have as well-rounded an understanding and experience level as possible for this position.
Median Salary: $118,898
Description: A Security Architect’s main objective is to develop and test security tools and infrastructure in order to protect an organization’s network and systems. Security Architects need to be able to understand vulnerabilities and threats both from a hacker’s perspective and a security perspective. For this reason, many believe that ex-hackers make the best Security Architects. Designing and maintaining security solutions are the top priorities for a Security Architect and thus, need to be able to produce an end-to-end defense, with as much transparency as possible, for an organization.
Required Experience: Security Architects need to be specialists in their space, and therefore require a more comprehensive educational and experiential background than other cyber security career paths. A Bachelor’s degree in Computer Science, Engineering, Cybersecurity or related field is a must for this role. Industry specific certifications are highly encouraged among job listings, especially CISSP and CEH. Also, a higher level of experience is required for this role with the lowest I found falling in the 5-year minimum category, with others going as far as a 12-year minimum category. It’s safe to say, that a competitive applicant would have at least 7 years of Security Architecture experience.
Median Salary: $163,147
Description: The CISO is part of a company’s C-suite, or senior-level executive board. CISOs are expected to focus on the maturity level of the security team and its infrastructure, raise awareness and communicate to both the team level and the executive level. Needless to say, Chief Information Security Officers need both an in-depth understanding of information security and an organization’s environments, as well as the soft-skills required to be an effective communicator and make business cases for better security protocols. They’re also responsible for strategizing and leading protocols, incident response plans and security related initiatives.
Required Experience: This is yet another role where there are variations in what companies expect. Many of the listings I viewed called for a Bachelors in computer science, information security or a related field, while others simply called for experience and CISSP certification. Experience and soft-skills are much more important when applying for this role.
For the first time, in this series, ALL listings agree that a CISO applicant must have 10+ years of information security experience, 5+ years of risk management experience and at least some leadership/management experience. Some listings called for experience in leading multiple teams or departments. A competitive applicant will need to have sufficient knowledge of the given company’s IT environments.
All listings call for “strong intrapersonal skills” with an emphasis on written and verbal communication skills and the willingness and ability to learn. Some listings require previous CISO experience as well.
Don’t wait to get your cyber security career path started. The cyber security workforce needs you. Start your FREE trial today, and start working towards your new career!
CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand LMS platform has white-label capabilities ideal for internal training purposes.