Find a cybersecurity role that fits your interests.
Cybersecurity professionals are in demand. According to a study by the cybersecurity professional organization (ISC)², there are some 3.1 million unfilled positions worldwide . Cybersecurity jobs take an average of 20 percent longer to fill than other IT jobs. They also pay 16 percent more on average, according to data from Burning Glass Technologies .
Working in the cybersecurity field also gives you the chance to work in a fast-paced environment where you get to continually learn and grow. Whether you’re already in the world of information technology (IT) or looking to make a career switch, cybersecurity might be worth considering.
In this article, we’ll take a look at some of the many roles available to cybersecurity professionals. We’ll also discuss how to get started in cybersecurity and what your career path might look like.
All salary data represents average annual salaries in the US, as of July 2021.
In the context of cybersecurity, “entry-level” can be a bit of a misnomer. For some roles, the National Security Agency (NSA) defines entry-level as requiring a bachelor’s degree plus up to three years of relevant experience—less with higher-level degrees. With a high school diploma or GED, you’ll likely need between four and seven years of relevant experience on your resume.
Most cybersecurity professionals enter the field after gaining experience in an entry-level IT role. Here are a few of the most common entry-level jobs within the bigger world of cybersecurity.
Average salary: $99,190 (Glassdoor)
Feeder role: Network or systems administrator
As an information security analyst, you help protect an organization’s computer networks and systems by:
Monitoring networks for security breaches
Investigating, documenting, and reporting security breaches
Researching IT security trends
Helping computer users with security products and procedures
Developing strategies to help their organization remain secure
This is among the most common roles on a cybersecurity team and an excellent entry point into the world of information security.
Common certifications: CompTIA Security+, GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH)
Related job titles: Cybersecurity analyst, IT security analyst
Start building the job-ready skills you need for an entry-level role as an information security analyst with the IBM Cybersecurity Analyst Professional Certificate. Learn from top cybersecurity professionals at IBM, and earn a credential for your resume in less than six months.
Average salary: $85,174 (Glassdoor)
Feeder role: Networking, IT support, systems engineering
In this role, you’re the point person for security at your company by ensuring that data remains secure against unauthorized access and cyberattacks. Responsibilities for security specialists vary from organization to organization but may include:
Testing and maintaining firewalls and antivirus software
Implementing security training
Researching new security risks
Suggesting improvements for security weaknesses
Common certifications: CompTIA Security+, Systems Security Certified Practitioner (SSCP), GIAC Security Essentials (GSEC)
Related job titles: Cybersecurity specialist, information security specialist
Average salary: $84,823 (Glassdoor)
Feeder role: IT support, risk analyst
If you enjoy seeking clues to solve a puzzle, this role might be for you. Digital forensic investigators retrieve information from computers and other digital devices to discover how an unauthorized person accessed a system or to gather evidence for legal purposes. Day to day tasks might include:
Collecting, preserving, and analyzing digital evidence
Recovering data from erased or damaged hard drives
Documenting the data retrieval process and maintaining chain of custody
Assisting law enforcement in criminal investigations
Providing expert testimony in court proceedings
Common certifications: GIAC Certified Forensic Analyst, EnCase Certified Examiner (EnCE), AccessData Certified Examiner (ACE)
Related job titles: Computer forensic specialist, cyber forensic specialist, digital forensics analyst
Average salary: $78,603 (Glassdoor)
Feeder role: Network administrator, risk analyst, IT support
As an IT auditor, you’ll assess your organization’s technology for potential issues with security, efficiency, and compliance. Some of your regular tasks might include:
Planning and performing audits
Documenting and presenting audit findings
Providing guidance on recommended and mandatory security measures
Designing plans to fix any security risks
Identifying opportunities for better efficiency
Common certifications: Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA)
Related job titles: Internal IT auditor, security auditor
As you gain experience in cybersecurity, several paths can open up for advancement into more specialized roles. These are just a few of the many options for mid-level and advanced cybersecurity professionals.
Average salary: $105,000 (CyberSeek)
Feeder role: Systems administrator, information security analyst
In this role, you’re typically put in charge of the day-to-day operations of an organization’s cybersecurity systems. Your responsibilities might include:
Monitoring systems and running regular backups
Managing individual user accounts
Developing and documenting security procedures for the organization
Collaborating with security teams to respond to unwanted intrusions
Participating in company-wide security audits
Common certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
Related job titles: Security administrator, cybersecurity administrator, information security officer
Average salary: $103,262 (Glassdoor)
Feeder role: Information security analyst, incident responder
As a penetration tester (pen tester for short), you’ll help businesses identify their security weaknesses before malicious hackers can do the same. You do this by attempting to breach computer networks, with the permission of the company. Tasks might include:
Planning, designing, and carrying out penetration tests
Creating reports on test results and offering recommendations to security decision makers
Developing scripts to automate parts of the testing process
Conducting social engineering exercises (attempting to get company employees to disclose confidential information)
Providing technical support during incident handling
Common certifications: Certified Ethical Hacker (CEH), CompTIA PenTest+, GIAC Certified Penetration Tester (GPEN)
Related job titles: White hat hacker, ethical hacker, vulnerability assessor
Average salary: $109,809 (Glassdoor)
Feeder role: Information security analyst, penetration tester
In this role, you design the systems to keep a company’s computers, networks, and data safe from everything from cyber attacks to natural disasters. These security systems might include elements like firewalls and intrusion detection systems. Day-to-day tasks might include:
Developing security standards and best practices
Recommending security enhancements to management
Ensuring new security systems are installed and configured correctly
Testing security solutions
Leading incident response teams
Develop programs to automate vulnerability detection
Common certifications: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP)
Related job titles: Cybersecurity engineer, network security engineer, information security engineer
Average salary: $152,708 (Glassdoor)
Feeder role: Security engineer, information security analyst
As a security architect, you set the vision for a company’s security systems. This role combines programming, threat research, and policy development to keep an organization a step ahead of threats. Your responsibilities might include:
Building and maintaining security networks and systems
Preparing budgets and overseeing security expenses
Coordinating security operations across IT and engineering departments
Improving systems in response to security incidents or vulnerabilities
Conducting breach of security drills
Common certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CSA Certificate of Cloud Security Knowledge (CCSK)
Related job titles: Cybersecurity architect, information security architect
Average salary: $145,356 (ZipRecruiter)
Feeder role: Computer programmer, information security analyst, systems administrator
Working in cryptography involves securing data for communication and information exchange. Cryptologists create encryption algorithms, cyphers, and other security protocols in order to encrypt data. Cryptanalysts decrypt information that has been coded. Common tasks in this role include:
Developing new cryptographic algorithms
Analyzing existing algorithms for vulnerabilities
Implementing encryption solutions
Testing new encryption techniques and tools
Common certifications: EC-Council Certified Encryption Specialist (ECES)
Related job titles: Cryptologist, cryptanalyst, cryptography engineer
Average salary: $119,705 (Glassdoor)
Feeder role: Information security analyst, security administrator
In this cybersecurity leadership position, you’re responsible for overseeing the security infrastructure at your organization. This might include:
Managing human and technological resources
Tracking changes to internal and external security policy
Ensuring compliance with security rules and regulations
Sourcing cybersecurity tools for the organization
Leading risk mitigation efforts
Common certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
Related job titles: Information security manager
While requirements for cybersecurity jobs vary widely from company to company, you might notice some common trends. Let’s take a closer look at some of the requirements, and how you can go about meeting them to get your first cybersecurity job.
Many jobs in security list a bachelor’s degree in computer science, information technology, or a related field as a requirement. While degrees are common among professionals in the cybersecurity industry, they’re not always required. An (ISC)² survey of 1,024 cybersecurity professionals in the US and Canada found that more than half felt that an education in cybersecurity is “nice to have” but not “critical.'' About 20 percent of those surveyed with less than three years of experience had only an associate or technical degree .
Having a bachelor’s or master’s degree can often create more job opportunities, make you a more competitive candidate in the cybersecurity job market, or help you advance in your career. Some degree programs, like the Online Master of Computer Science from Arizona State University (available on Coursera), let you concentrate your studies in cybersecurity.
More than half of all cybersecurity job postings request at least one certification, at least according to a study on cybersecurity hiring by Burning Glass Technologies . You’ll find more than 300 different certifications out there, and the quality isn’t always the same.
If you’re new to cybersecurity, consider starting with a more foundational certification, like the CompTIA Security+. From there, you can start gaining the necessary work experience to earn more advanced certifications.
With so many cybersecurity positions to fill, having the right skills can go a long way toward securing you a job. To prepare for a role in cybersecurity, start to build your technical and workplace skills through online courses, bootcamps, or self study. These skills are a good place to start:
Programming (especially scripting) languages
More than half of the security professionals surveyed by (ISC)² got their start in cybersecurity through an entry-level role in IT. Getting started as an IT support technician or network administrator allows you to establish yourself within an organization and build up your technical skills before taking on the added responsibilities of a security role.
The National Security Agency (NSA) also offers Development Programs in Cybersecurity Operations and Cybersecurity Engineering. These three-year, full-time, paid roles are designed to help participants build their skills or switch to a new career.
When you’re ready to start looking for jobs in cybersecurity, expand your search beyond the usual job sites (LinkedIn, Indeed, ZipRecruiter, etc). You’ll find a couple of sites specialize in cybersecurity and tech job postings, including:
If you’re interested in a high-demand career in cybersecurity, start building the skills you need with the IBM Cybersecurity Analyst Professional Certificate on Coursera. Get hands-on experience through virtual labs and real-world case studies. Learn from industry experts, and earn a credential for your resume in less than six months.
Demand for cybersecurity professionals has been consistently high in recent years, according to an analysis from Cybersecurity Ventures, and because of a lack of qualified candidates, the number of cybersecurity job openings remains high . This is good news for qualified cybersecurity job seekers, as it means that getting a job in their chosen field might not be as difficult as it might be for someone facing a job market with fewer openings than qualified job seekers.
However, while there are millions of career opportunities for qualified cybersecurity professionals , gaining the necessary job skills can be challenging. About 89 percent of cybersecurity jobs require a bachelor’s or graduate degree in addition to a few years of relevant experience. Many cybersecurity professionals gain entry into the field by working in an entry-level IT position and elevating their credentials with certifications. You can also consider a professional certificate, such as the IBM Cybersecurity Analyst Professional Certificate, available on Coursera, designed to help learners become job-ready.
Cybersecurity is a concern for any company that utilizes computer systems, so there are opportunities for cybersecurity professionals to find jobs across a wide range of industries. One major employer of cybersecurity specialists is the government. Every federal agency in the US employs cybersecurity professionals, including and especially the Cybersecurity & Infrastructure Security Agency (CISA).
Outside of the government, cybersecurity professionals might look for jobs at technology companies such as Apple and Intel; software companies such as Cisco; banks such as the Federal Reserve Bank of New York and Capital One; and health centers such as Patient First; manufacturers such as Lockheed Martin and General Motors.
Remote work is becoming more common, and cybersecurity roles are well positioned for it. Most job descriptions will state whether remote work is an option.
If working from home is a priority for you, you can find listings on Dice and NinjaJobs. Dice refers to this option as “remote,” while NinjaJobs uses “telework” and “telecommute.” Both terms have the same meaning.
While you may be able to enter the field of cybersecurity without knowledge of programming languages, it is considered a valuable skill set, particularly as you seek to advance your career. Research shows that Python is among the key skills needed for a career in cybersecurity .
Browse job descriptions to determine whether programming will be necessary to obtain your desired role. If you are able to secure an entry-level position without programming skills, you may want to consider gaining that knowledge over time.
1. (ISC)². "A Roadmap to Building Resilient Cybersecurity Teams, https://www.isc2.org/Research/CareerPursuers." Accessed October 12, 2021.
2. Burning Glass Technologies. "Recruiting Watchers for the Virtual Walls: The State of Cybersecurity Hiring, https://www.burning-glass.com/research-project/cybersecurity/." Accessed October 12, 2021.
3. Cybersecurity Ventures. "Cybersecurity Talent Crunch To Create 3.5 Million Unfilled Jobs Globally By 2021, https://cybersecurityventures.com/jobs/." Accessed October 12, 2021.
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.