Is cybersecurity a good career? The rapid increase of cybercrime in recent years has caused the cybersecurity industry as a whole to grow 10-fold. Whilst software and tools are improving, the need for cybersecurity engineers, analysts and managers have also risen to extraordinary numbers.
But is cybersecurity a good career option to pursue, even if you know nothing about technology? In today’s blog, we’re going to look at both the pros and cons of being in a cybersecurity position.
Is Cybersecurity a good career? (The Numbers)
Cybersecurity has only recently become a great career option for people who want a well-paid and incredibly crucial role in technology. As security for your online services and even physical security systems is forever changing, there are some great reasons to choose cybersecurity as a career path.
Although pictures speak a thousand words, numbers can be critical to help you decide if a cybersecurity career is worth pursuing. Here are some key statistics that showcase how good cybersecurity can be.
- The average salary of a Cybersecurity Expert in the US is $120,000. (UK: £62,500) Source: Talent.com
- Cybersecurity is set to be a $173 billion industry in 2023. (Statista.com)
- Cybercrime is on track to hit $11.5 trillion in damages in 2023. (Statista.com)
- There were over 760,000+ cybersecurity roles to be filled at the end of Sep 2022. (Prnewswire.com)
Whilst these numbers are somewhat scary (or exciting) – the career path for cybersecurity is continuously changing. Personally, I think if you’re able to get in the role, you will be sought-after for years to come.
Cybersecurity Career Path (Step-by-Step)
Cybersecurity careers are forever changing, and if you’re a beginner or are an established security professional already, your cybersecurity career path is likely to change too. Whilst you can start without any technological know-how, it’s usually expected that you have some experience with problem-solving and technology.
You will get to a point where after gathering the right experience and skill sets, that you’re able to specialise into a niche, and likely sought-after area of cybersecurity. These specialisms often carry their own goals, but going from the very beginning and moving up the cybersecurity career path, we’ve listed some goals you might want to take year on year to help you grow.
Initial Stages (Year 1 – Year 2)
Initially, you will want to get as much experience and knowledge under your belt. For this, we would recommend finding an apprenticeship/internship/entry level job. This training will allow you to have hands-on experience with tools and alerts.
During this stage, some basic qualifications will also look great on your resume/cv. These include;
- Microsoft Certified: Security, Compliance, and Identify Fundamentals
- Microsoft SC-200 (Microsoft Security Operations Analyst – great if you’re using Microsoft Sentinel or Defender products).
- CompTIA Security+
- GIAC GISF (GIAC Information Security Fundamentals)
- SCCP (ISC^2) Systems Security Certified Practitioner
- ISACA Cybersecurity Fundamentals
Whilst these exams may seem scary, it will look great on a resume if you can pass them. Regardless, all of these exams require quite a bit of time to learn and develop your knowledge of cybersecurity terms, and key aspects of identifying and reacting to alerts.
Regardless of a pass or fail, the education from these courses/exams will be sure to help you on your way to becoming a more advanced cybersecurity expert.
Advanced Stages (Year 2 – Year 3)
After getting between 12 and 24 months of experience and some exams/certifications under your belt, there is a good chance that you can start specialising or moving up within your organisation.
Whilst some companies can be quite tight on internal progression, with the right certifications and experience you shouldn’t have a problem. Even if this means moving to another organisation, this is often the best way.
Some certifications that you may want to start looking for include;
- CompTIA CySA+
- ISC2 CISSP (Certified Information Systems Security Professional)
- ISACA CISA (Certified Information Systems Auditor)
- ISACA CISM (Certified Information Security Manager)
At this stage, you may also want to pursue more specific certifications and experience such as reverse engineering. Other programs include threat intelligence, or incident response management. All of these have their own respective education and certification programs.
Later Stages (Year 3+)
After you’ve completed what would be considered an experience and learning period, there are several options for you to pursue. Whilst you could sit in the same role you currently are, expanding or specialising your knowledge can be key to growing yourself, your salary, and your responsibilities.
There are several career paths which you could pursue. All of these carry manager statuses that you could apply for, and have a good chance of getting, such as;
- Threat Intelligence Manager/Analyst – Collecting data and informing security teams, and your wider organization as a whole.
- Incident Response Manager – Responding and ensuring genuine threats are dealt with effectively and in compliance with regulations.
- Reverse Engineer/Hunter – Reverse engineer malware, and hunt for threats that haven’t been seen yet.
- Contractor/Consultant – Be a point of contact, consultant, or contractor for all things cybersecurity with the right experience.
After several years (roughly 5-6 years) you could also start looking to fulfil the top role in cybersecurity. These roles are typically more focused around compliance, reporting, and making company-wide decisions on security and policies. This is the CISO (or CSO/CIO) which in short, is the company’s top contact for security. This stands for chief information security officer (or chief security/information officer) and often sits within the senior leadership team.
How To Start Career In Cybersecurity (5 Key Tips)
Starting a career in cybersecurity can be scary if you’ve not had any previous experience. There are a few key tips that we can provide to you which can help set you apart in your job interviews for your first security role. Here’s how to start a career in cybersecurity.
Get Relevant Technical Experience
Believe it or not, after interviewing hundreds of candidates – only about 25% of them had any previous technical background. Whilst it isn’t necessarily a requirement to be able to know what IPs are, this is something that will set you apart for an entry-level role. We would recommend getting 1-2 years worth of experience in a support desk role, to expose yourself to IT and technology. This will also expose you to technical problem solving.
Expose yourself to Multiple Devices and Coding Languages
Another thing that can set you apart, is being exposed to multiple common tools, software, devices and coding languages. Getting this broad understanding can be crucial for a job role that requires a vast array of tech knowledge. Using sites like Code Academy can be a great way to learn to code for free.
Follow Cybersecurity News, Bulletins, and Forums
Although it might not seem like it, something I’ve noticed that can really improve your knowledge of cybersecurity is threat intelligence. This is just news, information, and analysis of what’s going on in the world. Whilst some people may know about Facebook or LinkedIn hacks – there are many smaller breaches. Not to mention software-specific hacks and issues, which will show dedication and knowledge in an interview. Plus, no harm in connecting with other security experts on forums!
Improve your Analytical Problem-Solving
Being a problem solver is half the battle in cybersecurity. Being a strong analytical thinker, and being able to solve problems that you’ve never seen before will help you prove yourself in an interview.
Know Key Cybersecurity Terms
Just like most tech jobs, cybersecurity has a LOT of acronyms and key terms that you will likely hear. This will also continue through your job role. Whilst there are many – we have written a guide which you can find below for all the key terms. However, it’s worth noting that you shouldn’t throw these terms around without knowing what they truly mean. This can look negative in an interview if you don’t know what you’re saying.
Read More: 68 Cybersecurity Key Terms you Should Know!
Cybersecurity Career Roadmap (Example)
As you can see above, the cybersecurity industry has a few roadmaps which you can pursue. Whilst these can be really in-depth, the image above is our rendition of what we believe are the basics of a cybersecurity career roadmap.
We will update this article with more roadmaps in the future and will write dedicated articles to each path you wish to view. Subscribe to our newsletter to keep an eye on this space!
Cybersecurity Analyst Career Path (6 Potential Routes)
When you first get into cybersecurity, there are typically three or four potential career paths and routes you can take to better yourself, and hopefully your salary. These are;
Lead SOC Analyst Path (Cybersecurity Analyst Career Path)
After a while, you will likely find yourself working in a SOC (Security Operations Centre). Whilst there are commonly less than 15 people in a SOC team, there is always a need for someone to lead the less-experienced analysts. This role is crucial in a SOC and bears plenty of responsibility.
Cyber Threat Intelligence Path
Threat Intelligence is the ideology of knowing what’s in the landscape. This means that over time when new threats are found, your team are in the know of all things ‘bad’. This intelligence can be sourced through other services or can be done by yourself. This path commonly leads to a CISO (Chief Information Security Officer) role too.
Read More: What is Cybersecurity Threat Intelligence?
Security Engineer and Infrastructure Technician
Although moving slightly away from cybersecurity, becoming a security engineer and infrastructure technician can be a potential route from an analyst role. An engineer will often be a point of contact for the set up of devices in a secure manner. It can also mean management and maintenance of tools such as anti-viruses, firewalls, and SIEM tools.
Incident Response Manager
Whilst you may still be reviewing analytics and alerts, an incident response manager is also in place to deal with true, real threats. An incident response manager is required for a fast and effective response to genuine threats that have been seen in an environment.
Read More: What is an Incident Response Manager?
Software Engineer (Reverse Software Engineer)
When malware and other threats are discovered, there is often a need to unpack and analyse the files and software that are compromising an environment. This software is often complex and requires advanced knowledge of common coding languages. This involves how code is run, and good analytical communication to break down a piece of malware.
Testing, Probing, and Hacking (Pentesting)
Commonly after a cybersecurity analyst has hit their peak and no longer wants to review the nitty-gritty, they turn to testing and probing. This is most commonly in a consultant position. The art of testing and probing can be crucial to businesses that are wanting to become compliant with relevant security guidelines. Pentesting is the most common role within this career path.
Whilst these are just some of the paths, there are hundreds of cybersecurity roles that you could technically pursue.
How To Start A Cybersecurity Career (Important Considerations)
To start a cybersecurity career, there are a few important considerations that you should make. Whilst these are not required, we would strongly recommend that you consider these. This will be the best start to your cybersecurity career, and how to start a cybersecurity career.
- Get relevant IT Networking, and Problem-Solving Experience
Having a strong knowledge set in IT networking and problem-solving with customers can be heavily beneficial for you. We would strongly consider if you’ve not been in tech, getting a job or an internship/apprenticeship on an IT support desk first. All of these skills will come naturally and will be all transferable to a cybersecurity role.
- Don’t get disheartened if you don’t get the job.
Whilst applying, there is a good chance you’ll have to apply to 10-15 cybersecurity jobs before you get the role. This is not because you were bad, but more so because there were other people with more experience or more desirable qualifications.
Cybersecurity in general needs new people, but many people with years of technical experience can often come in and scoop up the entry-level roles giving people who don’t have that experience less of a chance. Don’t get disheartened and keep trying to apply!
- Get an Initial Certification or Programming Language under your Belt
Cybersecurity Career Goals (Key Milestones)
Cybersecurity is a massive industry within itself, and getting to key milestones within your career will not only benefit you long-term but will give you some goals to work towards. Some key cybersecurity career goals include;
- Join a Cybersecurity Team (or Professional Organization that sells a SOC Service)
Joining a team that is filled with other cybersecurity experts that pays you a nice salary should be your first goal when beginning your career path.
- Pass one ‘Major’ and one ‘Minor’ Cybersecurity Exam per Year
Although it may be difficult, expanding your knowledge and certification repertoire will be beneficial for your organisation, and your salary. I would suggest pursuing one major (6-month course time – at your own pace) certification, and one minor (2-month course time – at your own pace) certification.
- Be Promoted within your own Team
Promotions happen all the time, but a true goal in a cybersecurity career is to progress upwards. This could be an entry-level analyst to a senior analyst, or into a more niche/specific role.
- Identify, Mitigate, and Report on a genuine threat.
Whilst to some extent, we hope this never happens to you – dealing with your first major, the genuine threat can be stressful but also rewarding. Stopping a genuine threat, or at least discovering it will make you the hero of the day – even if it doesn’t feel like it initially.
Frequently Asked Questions about Cybersecurity Careers
Is cybersecurity is a good career?
Overall, I personally believe cybersecurity is a good career if you’re wanting an important, fast-paced and ever-changing role which will be in demand for years to come. Whilst there can be stressful times, and working hours can change drastically – cybersecurity roles are commonly fun and can give you a broad range of knowledge, which is transferable to most tech jobs.
Is cybersecurity high paying?
Cybersecurity is one of the highest-paying jobs in the tech industry. Whilst other more ‘niche’ roles always vary in salary, cybersecurity is consistently reaching low 6-figures and may reach much higher when you pursue niche aspects of cybersecurity.
For reference, the average starting salary for someone with little experience in cybersecurity is between $80,000 – $95,000. For someone with a little more experience, this can reach up to $120,000.
Is cybersecurity a stressful job?
It can be! Day in and day out, the chances are that cybersecurity will not be stressful for you. Like myself, sometimes stress can come from overwhelming numbers of alerts, or seeing something that is ‘unknown’ where you have to take ownership to decide what is a real threat, and what is not.
However, from my experience – cybersecurity is not a stressful job, but in some areas and depending on your workflow, knowledge, and own mental health can sometimes be a little stressful when under pressure.
Is cyber security a difficult field?
Cybersecurity is not particularly a difficult field but does require a bit of technological know-how and extensive problem-solving skills. In most cases, alerts and threats that appear need to be problem-solved, triaged and checked to ensure there is no threat.
Whilst this can be really simple, there is plenty of skill required to be able to do this fast and effectively whilst minimising risk to an organization. Depending on the company you work for, you may be able to have top-notch on-the-job training which will not only help you with your day-to-day role but enhance your knowledge for future jobs too.
Is cyber security harder than coding?
This is quite a hard question to answer – as cybersecurity and coding, whilst having similarities are two completely different sectors. Cybersecurity is more around putting coding into practice and managing threats which may come from code.
In general, if you’re able to code and can transfer this skill into other languages, then cybersecurity should be easier for you. However, coding and most cybersecurity roles do go hand in hand.
Does cybersecurity require coding?
Not specifically! Cybersecurity is a broad topic when dealing with ‘what’s required’ from a member of staff. Whilst some tools have native UIs (User interfaces) where you can simply click buttons, sometimes you may be required to run/write scripts or queries that will require some coding knowledge.
In most cases, this won’t be advanced and will likely not be required as there are other ways to do this. Common coding languages in cybersecurity include;
- AQL (used by IBM’s QRadar SIEM tool)
- KQL (Kusto Query Language – used by Microsoft’s Security Stack i.e Microsoft Sentinel).
- Powershell (for scripting)
- Python (for scripting).
Whilst there are hundreds of coding languages, it’s usually preferred if you do have some knowledge in the common langauges. This can give you a head over other candidates for a cybersecurity analyst role. This also applies if you’re evaluating code such as malware or scripts that are being run that has appeared as a threat.
Overall, cybersecurity is a good career path for most people who like technology and want an ever-changing, ever-learning career. Whilst there are stressful times, and where you may not know what you’re looking at. With experience comes great rewards and this career can be for anyone with a passion for security.