If you’re technically and analytically minded, and have experience or qualifications in IT, organisations are always looking for cyber security (or information security) specialists. By its definition, cyber security encompasses a very broad range of areas, and as a result there is a wide variety of opportunities available.
This career path is currently in high demand from employers, so if you are interested, then this is the essential guide on how to become involved.
1. Research the Profession
As with all careers, you should conduct thorough and independent research before you make a decision.
In a nutshell, a cyber security specialist is a subject matter expert employed by an organisation to protect their data. They do this through a variety of techniques, such as probing for weaknesses, monitoring systems and networks for attempted breaches, and then dealing with any that are found. This includes repairing and then strengthening the areas where an attack may have occurred.
Cyber/Information Security Analyst
Cyber security analysts are the front-line defence of networks, looking for and analyzing potential security risks. They put firewalls and encryption in place to protect against breaches, and constantly monitor and audit systems for any abnormal activities. They detail their findings in technical reports.
Ethical hackers usually hold a CEH certificate, and are given license by their employers to try and penetrate the security of their system. The idea is that they use the same techniques as malicious black hat hackers to test existing security protocols; if they are successful, upgrades can then be developed and implemented.
Computer Forensics Analysts
Forensics analysts focus on cyber-crime, an ever-growing phenomenon. They work with law enforcement agencies in both public and private sector organisations and are asked to undertake a wide variety of tasks, including:
- Recovering deleted files
- Interpreting data linked to crime
- Analysing mobile phone records
- Pursuing data trails
Computer forensic analysts need to keep highly detailed records of their investigations, and often provide evidence in court.
Due to the differing structures of various networks, your expertise could be employed in one or several areas, such as in cloud computing, laptops, mobile phones and app technologies, as well as the Payment Card Industry (PCI).
The responsibilities of the role depends on the specialism, but broadly speaking they are as follows:
- Working with other computer security professionals to implement built-in security measures, often during the development stages of software systems, networks and data centres
- Probing for vulnerabilities and security risks in the organisation’s hardware and software assets
- Figuring out the best way to secure the overall IT infrastructure of an organisation
- Building firewalls into network infrastructures
- Constantly monitoring for attacks and intrusions
- Eliminating the vulnerability in a network or system if/when a potential breach is found
- Identifying the perpetrator and liaising with law enforcement agencies if necessary
Essential Skills and Qualities
- A strong interest and skill base in IT, including knowledge of hardware, software and networks
- Meticulous attention to detail, an analytical aptitude and the ability to recognize trends in data
- Creativity and patience
- An inquisitive nature
- A proactive approach with the confidence to make decisions
- The ability to work under pressure and meet deadlines
- Effective communication skills, and the ability to interact effectively with a range of people
- Understanding of the need for confidentiality, and the law relating to it
- Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems
- An understanding of how hackers work and the ability to keep up with developments in the criminal cyber-underworld
Working Hours and Conditions
Most cyber security roles are office based and you will likely work typical office hours of 35-40 hours a week. Most organisations demand 24/7 cover though, so be aware that you will be placed on a rota should an incident or attempted breach take place requiring immediate attention.
Most UK organisations offer graduate starting salaries of around £25,000, which increases quickly to around £35,000 as you gain experience. As you begin to move into more senior management and consultant roles, you can expect to earn anything between £45,000 and £80,000.
In the US, the average starting salary for an Information Security Analyst is around $40,000, with the potential to go as high as around $105,000.
2. Get the Qualifications
Although it is technically possible to enter this profession without formal qualifications (such as progressing from a help-desk role, or possessing black hat hacking skills), most cyber security specialists are graduates with an education in an IT or computer science field.
Degrees that are applicable include:
- Computer Science
- Forensic Computing
- Mathematics, Physics or any other STEM degree
- Network Engineering
- Networks and Security
Some organisations, such as the UK’s Government Communications Headquarters (GCHQ), offer schemes where they will accept graduates of any discipline, even it is not related to computers at all. Additionally, if you are changing career, you can undertake a postgraduate qualification in cyber security, or a related field.
In the US, entry requirements are similar. You would typically need a bachelor’s degree in an IT-related field, while professional industry certification would greatly increase your chances of employment.
3. Land Your First Job
As mentioned previously, cyber security specialists are highly sought after. This is because there is such a wide variety of organisations requiring their services; any company, business or governmental organisation that possesses some form of database is vulnerable to attack. As data becomes increasingly digital, this will only increase.
As a result, you could find yourself working in any industry, but particularly those that are more likely to be targeted such as:
- Banks and financial services institutions
- Government departments
- Intelligence agencies
- IT companies
- Security consultancy services
- Network providers
Keep an eye on the following sites for cyber security specific roles:
4. Develop Your Career
Due to constantly evolving technologies – as well as increasingly sophisticated black hat tactics – cyber security specialists are advised to keep up to date with developments by enrolling on continual training courses. There are many industry standard qualifications that can aid in a specialist’s professional development, including the following:
- Systems Security Certified Practitioner (SSCP) – an entry level certificate aimed at those with little experience
- CompTIA Security+ – suitable for those with more than 2 years of experience
- Certified Information Systems Security Professional (CISSP) – A common qualification undertaken after around 4 years that is seen as a prerequisite for serious career development
- Certified Information Systems Auditor (CISA) – Aimed at those with 5+ years of experience
- Certified Information Systems Manager (CISM) – Similar to the CISA certificate
- Cisco Certified Network Associate (CCNA) – A more general qualification, usually held by people in network management roles
- Certified Ethical Hacker (CEH) – Held by specialists in penetration testing or security analytists
Career prospects are very good for cyber security specialists. As companies put increasing strategic importance in managing and analyzing their data, the need for competent and skilled people to protect it will only grow.
This is backed up in a recent survey by Indeed, which found that only Israel and the Republic of Ireland have a higher demand for cyber security specialists than the UK, while a 2016 report by Tech Cities observed that employer demand in the industry is growing healthily year on year.
In the US, it is a similar story. The Bureau of Labor Statistics puts job growth estimates at 28 per cent over the next 10 years for cyber security personnel, making it one of the highest predicted growth rates for any job.
All this suggest that now is the perfect time to get involved in this fascinating and highly interesting industry. Your skills will be in high demand, and there is a lot of scope to progress and specialize in the areas you find most interesting.
What do you think? Do you work in this industry? Let us know in the comments section below...