Open in app

Sign in

Write

Sign in

SecureSet Career Series: Security Consultant

Advisor and Guide

SecureSet
Command Line

--

“Wax on, wax off.” This was the most confusing, yet life-altering piece of advice that Daniel LaRusso would receive in the 1984 classic, The Karate Kid. Daniel, a bullied teen, asks kung fu master, Mr. Miyagi to teach him how to fight off the Cobra Kai kids, who keep kicking his butt with aggressive karate. Miyagi’s first lesson: how to properly wax a car.

Daniel nearly gives up on his self-defense dreams, until one day, Mr. Miyagi shows him that through his chores, he has been learning karate the entire time. Giving away the end of the movie would be like a one-legged-crane-kick-to-the-face, so we won’t do that. All we’ll say is that Mr. Miyagi’s expert guidance played a big role in the story of The Karate Kid.

In cybersecurity, there are always problems to be solved; these problems often require informed guidance to reveal the path to a solution. A Security Consultant is a Mr. Miyagi, who is not only skilled at giving advice to clients, but who can also excel at evaluating unique cybersecurity situations. They won’t teach you how to wax a car or block a roundhouse kick, but their advice can prove invaluable to organizations that are facing cyber-challenges.*

*It should be noted that entry-level security consultants won’t be cybersecurity experts from the get-go, but over time they can work their way up from an informed guide to a bonafide cybersecurity karate master.

What does a security consultant do?

A security consultant’s goal is to protect their client’s networks through situational assessment and suggestions for new security measures. More specifically, they specialize in developing protocols, policies and security plans to help clients protect their assets. Security consultants can either work in-house (commonly as sales engineers) or within a consulting firm. One thing is for sure, this is a role that comes with many faces.

Aside from the obvious of clientele, there is another factor that creates a wide variance in what it means to be a security consultant. This variance comes from the unique details of the job description. One security consultant may apply their technical skills on the job, using security tools and even engineering or pen testing to help with their assessments. Another security consultant may focus more on the analytical and/or customer service side of the job, effectively translating their findings so that clients can understand them with perfect clarity.

Because of the different levels of technical and analytical skills required for the security consultant role, we classify this position as a career path that’s achievable through both our CORE and HUNT programs. The specific type of security consultant role that you will end up in will be dependent on your technical/analytical skills as well as your work environment preferences.

Skills you’ll need to guide

Arguably the most important skill you’ll need to be an effective security consultant is an aptitude for researching and understanding cybersecurity. Your knowledge base will directly correlate with how well you can guide your clients. That being said, you’re not expected to be an omniscient cybersecurity guru, especially in an entry-level consulting role. Mr. Miyagi put it best:

Trust [the] quality of what you know, not [the] quantity.—Mr. Miyagi

Another essential skill you’ll need as a consultant is the ability to communicate with those who may or may not share your understanding of cybersecurity. Working for a consulting firm, you may find yourself working side-by-side with a new security team or even building one from the ground up. Working in-house, you’ll need to be able to explain complex cybersecurity product logistics to the sales team. Regardless of the level of expertise in the crowd, you’ll need to be prepared to translate and share your findings with all walks of life within the industry. Clear communication is imperative.

A third useful skill for security consultants is the ability to remain level headed. A high degree of ambiguity is a natural occurrence for this job. The answers to security problems aren’t always straightforward, and consultants will have to adapt to a variety of situations in preventing or recovering from a cyberattack. Add the difficulties of explaining product logistics or security assessments to less cyber-savvy individuals and you can find yourself in a challenging environment. An even keeled demeanor goes a long way for security consultants.

It should also be noted that while not exactly a skill, a passion for guiding and assisting others through challenges is highly recommended for this role. As a security consultant, you will have the opportunity to help a lot of people through tough security situations. You’ll also be coaching them through the sense of dread that comes from being hacked. If you like to help others, this role is a great fit for you.

Heroes reap many rewards.

Getting an informed opinion on cybersecurity measures is crucial for many companies to keep their networks protected, thus, security consultants are regularly in high demand. According to PayScale, the average annual salary for an entry-level security consultant is just under $72,000 per year. There is slight variance on this entry level salary, based on the specific skill set of the consultant. According to PayScale, geographic location plays the largest role in determining the salary for the security consultant position. Experienced security consultants can find their salaries well into the six figure range, so once you’re done with that education be sure to put the time in and your efforts will be rewarded Daniel-san.

The many faces of the security consultant role

We mentioned earlier that security consultants typically work either in-house or as part of a consulting firm. You may be asking yourself “what’s the difference between the two types of consultancies and how do I know which type of work is for me?” Let’s shed some light on the many sub-categories in this role by taking a closer look.

Working in-house

A common in-house position is a sales engineer, as part of the cybersecurity product sales team. Security engineers spend their time on one end of the sales spectrum building and working directly with the product (deep implementation), but they don’t interact with customers on a regular basis. On the opposite end, sales representatives directly communicate with customers, but they tend to have minimal technical knowledge of the product being sold. So what happens if the customer has a technical question or concern that needs the be addressed? This is where the sales engineer can come in to play.

The sales engineer serves as the middle ground within product sales. Their technical knowledge allows them to understand the complexities of the product better than regular sales employees, and it also gives them the ability to offer minor technical adjustments (light implementation) for the customer. These types of consultants also tend to be more experienced in customer service than security engineers, so they can communicate directly with customers or sales reps and answer the hard questions. Solutions architect, product consultant and project manager are other names for this role.

While it’s less common to see entry-level consultants working in-house, as opposed to at a consultancy firm, it’s certainly a realistic possibility. This form of consultancy is ideal for those who enjoy working in the realm of sales and/or possess great customer service skills.

Working for a consulting firm

Consultancy firms help other companies strengthen their security measures by assisting them with setting up their security teams or by filling in their gaps with outsourced employees. When filling in the gaps of a company’s Security Operation Center (SOC), there is no one-size-fits-all solution. One company may need a pen tester, while another may call for two analysts and an engineer. Because of this reality, security consultants from firms can come with a wide variety of titles and skill sets.

A pen tester, security engineer, SOC analyst and data scientist are all common cybersecurity professional titles with completely different roles, but they can all exist under the umbrella of “security consultant.” While they may have very different skills and responsibilities, each role can serve as a solution to another party’s cybersecurity problems. If you like the idea of working in a traditional SOC role, but you also want to help others reach cybersecurity solutions, a consultancy firm role may be an ideal fit for you.

Here’s How You Get Started

SecureSet Academy provides the most complete, immersive and compressed cybersecurity programs out there. Our HUNT and CORE Programs teach the technical and analytical skills necessary to be an effective security consultant. Our programs are a balance of classroom theory and hands-on lab time. This ensures that our students graduate with the level of skill and confidence needed to leave our academy job-ready. A majority of our students are hired within a few months of graduation (many before getting their diploma). The evolution from general IT to cybersecurity analyst can take three to seven years. SecureSet Academy programs can get you there in mere months.

If you’re feeling overwhelmed and lack technical experience, we’ve got you covered. We offer a six-week preparatory workshop called SecureSet PREP. You’ll get the introduction that you’ll need, to Systems, Networking and Python, to be a rockstar in our Programs. Passing PREP with a score of 60% or better will pre-qualify you for our HUNT program, with the ability to deduct your costs from your Program tuition. PREP is a great opportunity for you to establish a sturdy foundation for your cybersecurity career.

Are you ready to guide others?

Whether the name of the game is beating the bad guys in an epic karate showdown or figuring out how to implement effective cybersecurity solutions, everyone can benefit from a little informed guidance. The security consultant role is no doubt a challenging one, but with the challenges comes the reward of being able to help others others.

Although the consultant role may seem intimidating, several entry-level cybersecurity jobs can put you in a position to be an excellent cybersecurity guide. If you’ve already made it through one of our immersive programs, then you’ve probably already realized that you’re more of a cybersecurity expert than you first thought. If you have a passion for learning and a desire to help others, there’s a good chance that you’ll become someone’s cybersecurity kung fu master one day.

Learn more about how our HUNT and CORE programs can help you launch your career in cybersecurity. You can also learn about all of our programs at secureset.com.

We’ll be talking about the Compliance Analyst position in our next Career Series blog. Check out other entries in our ongoing career series: Security Hunt Analyst, Security Pen Tester, Security Engineer, Threat Intel Analyst.

Cybersecurity
Education
Careers
Consulting
Hacking

--

--

SecureSet
Command Line

Written by SecureSet

222 Followers
Editor for

The #cybersecurity bootcamp with campuses in #Denver and #CoSprings. A @flatironschool. Educating the next generation of cybersecurity professionals.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams