What Cyber Security Professionals Do
There are many different types of cyber security professions, each dedicated to helping organizations and individuals avoid and manage online threats. Because the industry is still emerging, it lacks the linear career path structure and easily-identifiable job-specific skill requirements which most other fields have.
Organizations like Institute of Electrical and Electronics Engineers (IEEE) are working to standardize this across the industry, but the lack of clarity remains. For this reason, this page will focus more on the pathway to becoming a cyber security engineer, as well as opportunities beyond the role, and will touch on several careers which are sometimes part of the career path.
Cyber security engineers use computer programming knowledge and various tools to gather and analyze data relating to potential security threats an organization faces. Because risk can never be wholly eliminated, these individuals often perform risk/ benefit analysis to determine if extra security measures are worthwhile to implement. They communicate these findings to their team as well as to upper management, and come up with improvements or engineering solutions that will mitigate risks. Some cyber security engineers also work on crisis/ incident response teams, in which they’re called in to damage control and/or halt a security breach in progress.
Who would enjoy a career in Cyber Security?
Livelihoods, reputations, and corporate viability can all hinge on cyber security professionals being effective as well as cool under fire. People who do well in the field are analytic, strategic, and are not easily riled, regardless of what’s happening around them. Being comfortable with various forms of technology, understanding human behavior, and having a knack for predicting which methods a hacker or malicious person might use are all beneficial in the field.
Moreover, new threats are always emerging, so cyber security professionals must be committed to following the latest developments and learning new approaches. Continuing education, belonging to industry organizations to draw on the experience and expertise of other cyber security professionals, and ability to work well in teams are important components too, as it’s rarely a single individual who solves a problem, particularly on crisis/ incident response teams.
Who mightn't like the career?
While there’s sometimes a “lone wolf” mentality among programmers, this attitude doesn’t bode well in cyber security. Teams often work together to find vulnerabilities and then find solutions to fortify together as well. While there are solo “ethical hackers” who are hired to find vulnerabilities, those who work in the field full-time serve many other functions.
The career might also not be a good fit for someone who doesn’t handle stress well or who cannot be flexible with their hours. As issues arise, cyber security engineers may be called into work and be expected to stay in place until the threat is mitigated. In serious occasions, such as when a major platform or retailer has been hacked, their engineering teams have stayed on site for several days.
It’s also worth noting that managerial approaches to handling crisis vary. Some managers and executives lash out at the security team, while others are more strategic and focus on getting the team the resources necessary to solve an issue. Those getting into the field should be prepared for either scenario and should know that a single error or overlooked issue could cost them their job.
A bachelor’s degree in a computer-related field is almost always necessary, with some candidates making themselves more appealing by obtaining cyber security-specific certifications.
Cyber security interviews tend to focus quite a bit on ensuring the candidate understands various frameworks, processes and best practices. Interviewers will also likely ask questions to test how quickly the candidate can think on his or her feet, as well as what solutions the individual can come up with while under pressure.
- Cyber Security Engineer Interview Questions
- How to Get an Information Security Analyst Job: Interview Questions, Answers & Advice
- 200 IT Security Interview Questions
Moving into Cyber Security from another career
Most people who move into cyber security careers come through other technology jobs. However, there are some courses geared toward fast-paced learning which may provide enough background for an individual to move from any background into an entry-level cyber security role in less than a year. For further reading, see “How to Get a Job in InfoSec: 4 Pieces of Practical Advice.”
Cyber Security Technician
Role: Those getting into the field often begin as cyber security/ computer/ network specialists or technicians. In this role, individuals mostly handle monitoring and gathering data for senior employees and may carry out individual tasks as assigned by those above them. Other entry-level positions which may feed into a career as a cyber security engineer career include cyber crime analyst/ investigator, incident analyst/ responder, and IT auditor.
Cyber Security Analyst
Role: Cyber security analysts are entrusted with more sensitive projects and may be involved in brainstorming solutions. They monitor and analyze data, respond to emergency situations, and are involved in reporting incidents/ concerns. As an alternative mid-level role, individuals may also opt to be a penetration and vulnerability tester. These individuals are focused on finding weak areas in programs before someone with nefarious intent does.
Cyber Security Engineer
Role: Cyber security engineers are the primary problem-solvers. They come up with new ways to solve security issues, develop fresh tech, evaluate current and potential protective measures, configure new security measures, and run tests. They also run reports and follow up on incidents to identify what happened and if the response was adequate and collaborate with other professionals to ensure the best methods and practices are being implemented. Individuals may also work as a cyber security architect. It’s often considered a linear role to engineering because people may move back and forth between the two, though architects design and implement complex computer and network security structures and ensure they’re operating properly.
Cyber Security Engineering Manager/ Administrator
Role: The move into management requires a different set of skills. Although understanding what engineers, analysts, and technicians do is still important, cyber security managers oversee the people and ensure all tasks are being carried out efficiently, properly, and to regulatory standards. They’re also responsible for communicating needs, challenges, and the achievements of their teams to upper management. They may devise and implement strategies to improve the efficiency or effectiveness of their teams as well.
Cyber Security Engineering Director
Role: Directors set the tone for the IT security department, establish policies, create and manage budgets, oversee staffing, and ensure incident response is being handled correctly. They’re keen strategists who are the main go-between for the IT security department and executive team. In smaller companies, the director may also fulfil the role of Chief Information Security Officer (CISO), but larger corporations separate the executive position apart as the next level up.
Travel for the job, itself, is generally minimal, though professionals many attend conferences, lectures, and niche-specific events to stay abreast of events and trends, as well as to improve their skills. The skills cyber security professionals have are in demand all over the world, which also offers the opportunity to work almost anywhere.
Cyber Security Technician: According to PayScale, the average salary of a cyber security technician is about USD$36,000 in America, £19,000 in the UK, CAD$40,000 in Canada, AU$52,000 in Australia.
Cyber Security Analyst: USD$75,000, ₤36,000, CAD$65,000, AU$76,000
Cyber Security Engineer: USD$96,000, ₤36,000, CAD$80,000, AU$89,000
Cyber Security Engineering Manager: USD$106,000, ₤51,000, CAD$101,000, AU$127,000
Cyber Security Engineering Director: USD$118,000, ₤76,000, CAD$109,000, AU$135,000
The greatest increase in salary comes from experience, which may nearly double pay in some cases. Bonuses, profit sharing, and commission may add a few thousand dollars to the take-home pay of entry-level cyber security professionals, but approach the six-figure mark in senior leadership roles.
Why Cyber Security Professionals move on
Due to the rapid growth in the sector, cyber security presently has a 0% unemployment rate, and there’s expected to be a shortage of professionals for the next several years. Because of this, most cyber security professionals are enjoying the perks of the job and don’t leave the field altogether, though they may switch companies or sectors to increase pay, improve working conditions, or advance in the field.
However, for those who find the industry too stressful on the whole, the skills readily transfer to many other careers.