Cybersecurity Careers: Your Options
Exploring the paths you can take in your infosec career
So, what are the jobs that you get in the field of cybersecurity?
Getting into a cybersecurity position is not straightforward. While some people land security roles straight out of college, most start out in other sectors of IT and transition into cybersecurity careers. For more stories on how people got into their careers, check out #MyWeirdPathToInfoSec on Twitter!
The latest Tweets on #myweirdpathtoinfosec. Read what people are saying and join the conversation.
Most people seem to associate the field with ethical hackers, who are professionals who hack into computer systems legally. But the infosec industry is made up of people with many different talents and abilities, and certainly, not everyone is an ethical hacker! Let’s take a look at what else you can do in this exciting industry!
The “Gateway” Jobs
Since jobs in security often require specialized knowledge and industry experience, a lot of people start their careers in other IT roles, and transition into security roles later on. Here are some of the “gateway” jobs that make it easier to land a job in infosec.
Sysadmins are people who make sure that an organization’s systems operate reliably. They are usually in charged of tasks like onboarding users, installing and upgrading software, enforcing security policies, and troubleshooting computer issues. Being a sysadmin is a good segway into infosec positions because it provides training on maintaining large network systems and what their potential weak points might be.
Database admins are responsible for the design and upkeep of an organization’s datastores. They also optimize database performance according to organizational standards. A top priority for them is to maintain database integrity. This means that the database admin will ensure that data is secure from unauthorized access but is reliably available to users.
Software engineers build software. This gives them a deep understanding of the software development process, common programming pitfalls, and the features of different programming technologies. Since you often need to know how to build things to know how to break them, this provides a good foundation for a wide variety of infosec roles.
A network engineer is someone who plans, designs and supports an organization’s computer networks. Responsibilities range from authoring the technical specifications of company infrastructure to the day-to-day maintenance of said infrastructure. Network engineering is a deeply specialized field that provides a comprehensive understanding of an organization’s essential networking infrastructure.
The Security Jobs
Now that we have an understanding of related positions and the typical “feeder roles” of cybersecurity positions, let’s dive into the variety of jobs that the infosec industry offers!
Working as an ethical hacker involves testing systems to identify vulnerabilities and to simulate cyber attacks. Ethical hackers will then submit reports on their findings and present them to organizations. This will allow organizations to fix vulnerabilities before they get exploited, and formulate security strategies to strengthen their systems.
Security software engineer
Security software engineers are the “security-focused” software engineers. They have strong backgrounds in software engineering as well as secure designs. They integrate security into the design and development phases of software development to achieve maximum security of applications they are working on.
These are the people that handle day-to-day security operations. They perform the technical tasks involved in keeping an organization safe: they install firewalls and antivirus software, and they also enforce security policies set forth by the organization.
Security architects make sure that system designs and configurations are secure. They review network, application and architecture designs and provide recommendations to strengthen the system’s security. This role requires more experience and is a common next step after working as an ethical hacker or security engineer.
Chief Information Security Officer (CISO)
These are the bosses in charge of an organization’s security, and the top of an organization’s hierarchy of security professionals. They oversee the company’s security strategies and manage its team of experts. CISO is a senior role that requires both security knowledge as well as good management skills, as they manage things from a high level and are often required to make impactful decisions.
Incident responder/ Forensic Analyst
The field of incident response involves many different job titles. They all work with an organization after a security incident (ie, data breach) and help with remediation. An incident responder focuses on monitoring and detecting threats and ensuring operational recovery after an incident. While a forensic analyst investigates the networks and systems of the organization after the attack, discovers the root cause of the attack, and provides evidence to build legal cases.
A malware analyst works to understand the nature of malware such as viruses and ransomware. They conducting both dynamic and static analysis of malware to create methods of detection that can indicate its presence. In doing so, they prevent the spread of malware and help organizations detect and defend against them.
Thanks for reading! Did I miss something? Is there another position that you would like to learn more about? Feel free to reach out and let me know on Twitter: https://twitter.com/vickieli7.