After we published February’s article, The Good, Bad and Ugly of the Cybersecurity Workforce Shortage, we received lots of questions about what types of cybersecurity jobs are available and if it is possible to break into the industry with little-to-no experience.
The answer is there are several pathways to take. And yes, with the right plan and innate skills, you can land a job in cybersecurity with limited or no experience.
Being these are two topics that require a bit of explaining, we are going to focus on the different career paths you can pursue along with income expectations this month. Then, in April, we will follow up with some tips on how to break into the industry.
Cybersecurity occupations vary widely from those who prefer to perform deep technical testing, conducting research, consulting with companies to help them manage cybersecurity programs, or working on the frontlines to help prevent attacks. The following are some of the most popular positions to consider.
IT Governance, Risk and Compliance (IT-GRC) Management
Most industries have at least one compliance framework they must be in compliance with or they risk losing clients, damaging their brand and/or being hit with civil fines and penalties. More recently, global frameworks and laws such as EU-GDPR are putting pressure on all industries to implement robust data privacy protection. Larger organizations have full-time compliance officers who deal strictly with compliance issues and ensure the company meets its regulatory obligations. There is a massive shortage of these types of consultants.
Average annual salary is $70,000 for Data Governance Managers and $77,000 for Compliance Officers and typically requires passing the Certified Risk and Information Systems Control (CRISC) or Certification in Risk Management Assurance (CRMA) exam. There are several other types of certifications that can be attained to enter this field.
A Security Auditor is responsible for probing the safety and effectiveness of computer systems and their related security components. They perform routine security audits and issue detailed reports that outline the effectiveness of the system, explains any security issues and suggests changes and improvements.
Average annual salary is $65,000 and typically requires passing the Certified Information Systems Auditor (CISA) exam.
Penetration Testing (Ethical Hacking)
Penetration Testing involves testing an organization’s network for vulnerabilities and then manually exploiting those vulnerabilities to see if you can gain access to sensitive data.
Penetration testers are analytical-minded, but they work best when they understand the business and how the business operates. Good communication skills are a must for penetration testers, as they are required to create reports on their findings and sometimes are responsible to communicate the results to non-technical audiences.
Average annual salary is $80,000 and typically requires passing the Certified Ethical Hacker (CEH) exam.
Security Architects work at the technical design level, designing the essential architecture of your organization’s systems. Their primary responsibility is to ensure that the technical specifications of the architecture are secure.
Average annual salary is $150,000 and typically requires passing the Information Systems Security Architecture Professional (CISSP-ISSAP) or the Certified Information Security Manager (CISM).
Chief Information Security Officer (CISO)
A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.
Average annual salary is $204,000 and typically requires Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Cisco Certified Network Professional: Security (CCNP Security) and Certified Information Systems Security Professional (CISSP).
Do You Really Have What it Takes?
There are many other career paths within the Information Security and Compliance industry to consider. We have highlighted what is believed to be the ones that are in the highest demand and in the shortest supply of talent. As in every industry, there are downsides. We suggest reading last month’s article to get a full perspective on the stress and pressures that cybersecurity professionals live with on a daily basis. It is certainly not for the faint of heart. If you think you have what it takes, we’d love to have you join us in our quest to help keep the world safe in cyberspace as we dive deeper and deeper into the digital age.