A career in cybersecurity can go in many directions. Learn about five popular career paths.
Pursuing a career in cybersecurity means joining a booming industry where available jobs outnumber qualified candidates. According to the US Bureau of Labor Statistics, the number of cybersecurity jobs is expected to increase by 35 percent between 2021 and 2031 [1]. The COVID-19 pandemic has only accelerated this demand.
As cybersecurity continues to grow in importance, more specialized roles are emerging. Starting as a cybersecurity analyst creates opportunities to follow your interests within the world of information security and create a career path that’s right for you. Learn about five common career paths within this high-demand field.
If you’re new to cybersecurity, you may start out in an entry-level IT role, such as a help desk technician, network administrator, or software developer. Many cybersecurity professionals enter the field as a junior information security analyst after gaining some experience in IT.
Before you apply for your first cybersecurity role, take some time to develop core IT skills, including programming, networks and systems administration, and cloud computing. While you don’t necessarily need a degree to get a job in cybersecurity, having some form of structured training might accelerate your path toward a job.
The IBM Cybersecurity Analyst Professional Certificate on Coursera teaches the job-ready skills you need for a job as an information security analyst. Learn from top industry experts as you gain hands-on experience working with real security tools in a virtual lab space.
professional certificate
Get ready to launch your career in cybersecurity. Build job-ready skills for an in-demand role in the field, no degree or prior experience required.
4.6
(8,824 ratings)
114,201 already enrolled
BEGINNER level
Average time: 3 month(s)
Learn at your own pace
Skills you'll build:
information security analyst, IT security analyst, security analyst, Junior cybersecurity analyst, Information Security (INFOSEC), IBM New Collar, Malware, Cybersecurity, Cyber Attacks, database vulnerabilities, Network Security, Sql Injection, networking basics, scripting, forensics, Penetration Test, Computer Security Incident Management, Application Security, threat intelligence, network defensive tactics, cyber attack, Breach (Security Exploit), professional certificate, cybersecurity analyst
Read more: Cybersecurity Degrees and Alternatives
As a cybersecurity analyst, you can decide to take your career in a few different directions, depending on your interests and goals.
If you enjoy planning and building, you may choose to pursue security engineering and architecture. Maybe you enjoy the thrill of incident response, or perhaps you’d prefer to hone your hacking skills to stay one step ahead of bad actors.
Let’s take a closer look at five ways you could specialize within security as you advance through your career.
As a security engineer, you’ll use your knowledge of threats and vulnerabilities to build and implement defense systems against a range of security concerns. You may advance to become a security architect, responsible for your organization's entire security infrastructure.
Security engineering and architecture could be a good fit if you enjoy tinkering with technology and like to take a big picture approach to cybersecurity.
Skills to develop:
Critical thinking
IT networking
System administration
Risk assessment
Common certifications: CompTIA Security+, Systems Security Certified Practitioner (SSCP), Certified Information Systems Security Professional (CISSP), Google Professional Cloud Security Engineer
Read more: What Is a Security Engineer?
Despite a company’s best security efforts, security incidents still happen. The field of incident response involves the next steps after a security incident. As an incident responder, you’ll monitor your company’s network and work to fix vulnerabilities and minimize loss when breaches occur.
Another area of incident response involves digital forensics and cybercrime. Digital forensic investigators work with law enforcement to retrieve data from digital devices and investigate cybercrimes.
Incident response could be a good fit if you work well under pressure and love a good mystery.
Skills to develop:
Attention to detail
Technical writing and documentation
Intrusion detection tools
Forensics software
Common certifications: GIAC Certified Incident Handler (GCIH), EC-Council Certified Incident Handler (ECIH), Certified Computer Examiner (CCE), Certified Computer Forensics Examiner (CCFE)
As you gain experience in cybersecurity, you may choose to advance toward a leadership position within your organization. Cybersecurity managers oversee an organization’s network and computer security systems. In this role, you might manage security teams, coordinate between teams, and ensure security compliance. Typically, the highest security role in an organization is that of chief information security officer (CISO). Working in security at the executive level often means managing operations, policies, and budgets across the company’s security infrastructure.
Management and administration could be a good fit if you’re organized, an excellent communicator, and enjoy working with people.
Skills to develop:
Project management
Risk management
Leadership
Collaboration
Common certifications: Certified Information Security Manager (CISM), GIAC Certified Project Manager (GCPM), CISSP (Certified Information Systems Security Professional)
Companies hire security consultants to test their computer and network systems for any vulnerabilities or security risks. In this role, you get to practice cybersecurity offense and defense by testing systems for vulnerabilities and making recommendations on how to strengthen those systems.
Consulting could be a good fit if you enjoy variety and want to make an impact by helping others manage their security.
Skills to develop:
Penetration and vulnerability testing
Threat management
Operating systems
Encryption
Common certifications: CompTIA Security+, Offensive Security Certified Professional (OSCP), Systems Security Certified Practitioner (SSCP), Certified Security Consultant (CSC)
This field of cybersecurity goes by many names, offensive security, red team, white hat hacking, and ethical hacking among them. If you work in offensive security, you’ll take a proactive approach to cybersecurity. You’ll do this by playing the part of the intruder, trying to find vulnerabilities before the bad guys do.
As a penetration tester, you’ll seek to identify and exploit system weaknesses to help companies build more secure systems. As an ethical hacker, you can try out even more attack vectors (like social engineering) to reveal security weaknesses.
Testing and hacking could be a good fit if you want to outsmart the bad guys and get paid to (legally) hack into networks and computer systems.
Skills to develop:
Cryptography
Penetration testing
Computer networking
Scripting
Common certifications: Certified Ethical Hacker (CEH), CompTIA PenTest+, GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP)
Read more: How to Become a Penetration Tester
Cybersecurity professionals tend to get paid well for their skills, even at the entry level. As you gain experience and move into more advanced roles, salaries often go up as well. To give you an idea of what’s possible, here’s a look at the average salary of several cybersecurity jobs in the US in October 2022, according to Glassdoor.
Intrusion detection specialist: $59,450
Junior cybersecurity analyst: $81,170
Digital forensic examiner: $91,212
IT security administrator: $89,708
Incident response analyst: $70,149
Cybersecurity consultant: $90,200
Information security analyst: $89,654
Ethical hacker: $105,611
Penetration tester: $97,474
Security engineer: $129,311
Cybersecurity manager: $105,050
Security architect: $172,543
Chief information security officer: $254,510
Take the next step toward an in-demand career in information security by enrolling in the IBM Cybersecurity Analyst Professional Certificate. Start learning the job-ready skills you’ll need at your own pace.
professional certificate
Get ready to launch your career in cybersecurity. Build job-ready skills for an in-demand role in the field, no degree or prior experience required.
4.6
(8,824 ratings)
114,201 already enrolled
BEGINNER level
Average time: 3 month(s)
Learn at your own pace
Skills you'll build:
information security analyst, IT security analyst, security analyst, Junior cybersecurity analyst, Information Security (INFOSEC), IBM New Collar, Malware, Cybersecurity, Cyber Attacks, database vulnerabilities, Network Security, Sql Injection, networking basics, scripting, forensics, Penetration Test, Computer Security Incident Management, Application Security, threat intelligence, network defensive tactics, cyber attack, Breach (Security Exploit), professional certificate, cybersecurity analyst
US Bureau of Labor Statistics. "Information Security Analysts, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm." Accessed October 20, 2022.
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.