Our dependency on computer networks, systems and databases to run a business has skyrocketed in recent years and is only set to rise further. Even the smallest firms find themselves storing essential information on the computer and online.
With the number of hackers climbing, this has opened a pressing demand for cyber security professionals, a need which is quickly growing out of hand. Companies can’t afford to suffer a cyber-attack: just one trade secret leak can be the difference between a company thriving and failing, as well as cyber defence organisations often invest in cyber insurance.
Experts predict that there will be close to 1.8 million unfilled cyber security positions by 2022. Thus, the demand for cyber security professionals is staggering, with job opportunities for information security analysts alone predicted to soar by a staggering 32 percent by 2028 compared to 2018, according to the US Bureau of Labor Statistics.
So cyber security professionals are high in-demand, and there’s a tremendous shortage of technical workers in the field.
So, what exactly does a career in cyber security look like, and how do you get there? This guide will help you answer those questions, taking you through the following sections:
- What is cyber security?
- Why do we need cyber security?
- Can I get into cyber security?
- What skills does a cyber security professional need?
- What cyber security jobs are out there?
- Career pathways into cyber security: with a non-technical and technical background
- Final tips and thoughts.
What exactly is cyber security?
Broadly, cyber security is the process of securing computers, servers, systems, networks and data against malicious attacks. Cyber security professionals work to safeguard an organisation against cyber-attacks. They prevent hackers from accessing, altering or destroying sensitive information, which can lead to considerable losses in revenue, reputation damage and exploitation of personal data.
When most people think of cyber security, they typically picture the role of a penetration tester, somebody who applies the hacking methods used by criminal hackers to test how robust an organisation’s cyber defence is. But cyber security can cover a whole host of jobs spanning a variety of domains, explored in detail later.
Why is cyber security so important?
Cyber security attacks can completely ruin a business. If client data gets leaked, companies can be liable to pay hefty compensation pay-outs. If competitors get wind of a company’s trade secrets, companies can lose their competitive advantage and suffer substantial losses.
Already in 2020, there have been some high-profile cyber-attack cases. For instance, Tesco was obliged to reissue Clubcards following a credential-stuffing attack on their loyalty cards in March, followed by Boots, who reported that cybercriminals had hacked their Advantage Card database just a few days later.
In addition thanks the introduction of GDPR, all companies are now legally required to communicate data breaches to customers and clients, appoint a data protection officer and request client consent to process their personal information.
In the age of GDPR, companies are more concerned than ever about preventing cyber security breaches, not only to protect their data and reputation but avoid paying hefty ICO can issue against companies whose inadequate cyber security systems lead to data breach.
Why get into cyber security?
The cyber security industry has seen unprecedented growth in the last decade, and it doesn’t show any signs of stopping. Demand is massively outpacing supply: job opportunities are opening far faster than we’re able to churn out qualified personnel to fill the positions. With so much availability, there’s never been a better time to become a cyber security professional.
Job availability is one thing. The next is job security – with so much competition among employers to find information security professionals, once you’re in, if your competent your job is typically reasonably safe. Worker shortages mean that you are a valuable asset to your company, and they’re more likely to train you in-house or support your professional development to keep you within the firm. What this means is that on top of increased job security, there is an excellent opportunity for career development.
Another obvious benefit is competitive pay. Cyber security professionals boast impressive salaries and even more notable salary progression. Statistics vary, but one recent survey indicates that the average annual salary for cyber security professionals in the UK is £52,500, excluding wages in London, which we can assume are even higher. Accredited professionals can access top positions, with salaries exceeding £100,000 a year.
Can I get into cyber security?
With so many perks, you may be wondering whether you can get into cyber security. There’s a common misconception that you need a technical background to get into the cyber security industry, or a computer science degree. This is absolutely not the case. There are multiple career paths into the cyber security sector, and a considerable amount of jobs offer on the job training. So, what do you need to be a cyber security professional, and how can you get there?
What skills does a cyber security professional need?
Successful cyber security workers have a range of soft and hard skills. When jobseeking, too many people focus on the hard skills, or their lack thereof, and underestimate their soft skills. Job adverts differentiate between desired skills and required skills, and more often than not, hard skills are only a bonus.
A recent job listing from April 2020, for an entry-level position as an Information Technology Consultant, listed their must-haves as:
- A genuine passion for technology
- Enthusiasm and willingness to learn
- A can-do attitude
- A level/Level 3/BTEC qualifications.
As you can see, there’s no need for a degree and no need for any prior IT experience. The starting salary for this position is listed at £26,500, showing that keen interest and a go-getter attitude can go a long way to securing a well-paid entry-level job in cyber security. Other soft skills useful for a career in the information security sector include:
- Attention to detail
- Creative problem solving
- Strong work ethic
- Analytical thinking
- Clear communication.
Information security personnel need to have a keen eye for detail, such as being able to spot minor gaps in code. Hackers are innovative, and cyber-threats are getting smarter by the second, so cyber security professionals need to be able to think analytically and solve problems creatively.
Finally, there’s no good coming up with a fool-proof cyber security strategy, if you can’t communicate the goal to the rest of your team. You need to be able to break down a solution in layman’s terms to communicate with non-technical departments and management to be successful.
A lot of these soft skills are transferable. You don’t need to have worked in IT to be good at thinking outside the box. You don’t need to be fluent in coding languages to be able to explain ideas and concepts clearly. Draw on the experience you do have, whether that’s from education or other jobs, and sell your transferable expertise to employers.
While by no means mandatory, hard skills can often appear as a desirable or required skills on a job listing. Hard skills might include experience in:
- Operating systems
- Programming and coding, such as C, C++, Python
- Systems administration
- Network configuration
- Specialist skills: cloud computing, Cisco networks.
These sorts of skills can impress an employer and provide access to higher-paid specialist positions. If you want to maximise your hiring potential, you can consider gathering a basic knowledge in one of the areas above. There are hundreds of free resources on the internet that you can use to learn the basics in programming. Try a blog such as Coding Horror or Code Wall, which offer helpful articles and tutorials.
What cyber security jobs are out there?
If you’re hoping to pursue a career in cyber security, it’s a good idea to think long-term. Figure out what your end goal is, as the skills you need will depend on the job you’re going for. Software engineers, for example, are more likely to need fluency in coding languages like C and C++, whereas cryptographers may rely more heavily on languages like Python.
What position would you like to occupy in five years’ time? Set an end-goal and work backwards to find out the best route to get there. Find out some of the jobs you can do in the cyber sector below, and what you need to get there.
Cyber security engineer
Security engineers test networks for vulnerabilities, monitor systems for any breaches and develop security strategies and company-wide policies. In the event of a breach, security engineers are the first to respond. They’re essential for planning and preparing for security threats and protecting a company’s systems accordingly. The responsibilities of a security engineer can vary from company to company, but may include influencing security policy within a company or conducting penetration testing.
Security engineers are senior professionals, and many of these roles require five to ten years’ experience. If this is your end goal, it’s a good idea to achieve a bachelor’s degree. After this, experience in ethical hacking or network administration is a good way in. Certifications such as the Certified Ethical Hacker (CEH) and the Certified Information Systems Security Professional (CISSP) can help fast-track you into your dream role.
Information security analyst
As an information security analyst, you’re responsible for protecting an organisation’s computer networks and systems. It’s up to you to plan and implement protection programmes, whether that’s coming up with ways to mitigate network breaches within a company or, more practically, installing and using firewalls and software for data encryption. Information security analysts are also the ones who prepare response procedures and recovery plans in the event of a cyber-attack.
A degree isn’t necessary to gain an entry-level position as a security analyst. With a bit of industry experience, a real passion for technology and perhaps a certification, it’s possible to secure an analyst role without attending university.
Cryptographers deal with encryption algorithms to secure sensitive or private data. Encryption means that even if data is stolen, hackers shouldn’t be able to read it. It is therefore a cryptographer’s job to analyse, decipher and produce encryption.
Cryptography is a highly technical field. Most employers request a bachelor’s degree as a minimum. Technical degrees such as Maths, Computer Science or Computer Programming and Engineering are favoured, but some employers will accept non-technical degrees if candidates can demonstrate experience.
IT support technicians
PC Support technicians or virus technicians need to keep up with the latest bugs, viruses and malware found on the web. Using their extensive knowledge of cyber threats, technicians help develop software that can defend systems and networks against novel viruses. It’s their job to troubleshoot, maintain and install these systems, and diagnose any software issues.
You don’t need a degree to become an IT support technician. To become a senior virus technician and develop defence software, you may need certification. However, many PC support technicians start in entry-level computer roles, for example as a computer service technician or repair technician, and work their way up.
Penetration testers are also sometimes known as ethical hackers or white hat hackers. They learn all the tricks of the trade practised by malicious hackers and put them to good use. They use these very same methods to try to penetrate a company’s systems and networks, to test it for vulnerabilities or security weak points. Knowing how hackers work puts them in the best position not only to test a company’s cyber defence systems but to understand how to reinforce them against such cyber-attacks.
As an ethical hacker, you will have to adhere to strict rules agreed upon with the client or hiring company. This usually involves recording all the tests you apply and files you access and a commitment to confidentiality. Pen-testers need to be creative to stay one step ahead of criminal hackers. Most employers look for a bachelor’s degree, as well as certification in ethical hacking. An excellent entry-level certification for this career path is the Certified Ethical Hacker offered by EC-Council.
The role of a network administrator is to help build and maintain effective computer and communications networks for organisations. They have to configure networks, analyse and troubleshoot network issues as well as determine which employees have access to which data. Only those who need access to particular files and databases should receive access to secure the company’s network as much as possible. It will be down to the network administrator to grant network access to different employees.
Network administration is an intermediate position, requiring at least two years’ experience of technical experience. While most net admins have a bachelor’s degree, employers favour experience and certifications over formal education.
Forensic computer analyst
If you want to be the Sherlock Holmes of CyberSec, this one is for you. Forensic computer analysts are responsible for finding evidence of criminal activity following a security breach. They’ll have to comb through hard drives, storage devices, online code and software for signs and evidence of intrusion. They will need to be able to recover data from deleted or damaged devices and pass on evidence to the authorities. It’s a high-pressure job and also one that requires a high level of trust, as you’ll be handling highly sensitive data.
To get into forensics, you tend to need a bachelor’s degree. This role isn’t an entry-level position, so you’ll also have to have a fair amount of industry experience. If this is your end-goal, focus on gathering experience in ethical hacking. A useful place to start is the Certified Ethical Hacker certification, which is an entry-level exam. If you can get some experience in IT beforehand, it’ll help you master the basics quickly.
Once you’ve got your CEH, you will be eligible for positions as a white hat hacker. Beyond this, aim to achieve the ESCA, which picks up where the CEH left off. After several years, you should have enough experience to attempt the Computer Hacking Forensic Investigator exam. Achieving the CHFI is a prerequisite for many cyber forensic roles.
The list goes on beyond the roles listed here. It’s a billion-pound industry and one that is continually developing. As threats evolve and become quicker and smarter, more information security practitioners are needed to respond to and prevent cyber-attacks. Once you’ve decided on the job you want, it’s time to get you there.
Getting into cyber security with a non-technical background
As we have shown, having a non-technical background doesn’t necessarily exclude you from roles in cyber security. You can learn many skills through on-the-job training. As we’ve seen, many employers are happy to hire individuals with any university degree, or even without one, if you can show that you’ve got transferable soft skills such as effective communication skills and a good work ethic.
There are also many jobs in the cyber security sector which aren’t technical positions. If you’re a good writer, you can start out in the industry as a technical writer. Alternatively, many cyber policy positions don’t include technical duties. Roles in cyber policy focus on how and where an organisation can implement cyber protection strategies, based on advice and findings from cyber security practitioners. You can access these types of roles without a relevant degree.
Alternatively, getting an entry-level cyber security certificate or qualification can be a rapid career booster if you want to access the technical positions right away. You can achieve a certificate by taking an online or in-person course, which can take anywhere from a few hours to a few days. The certificate shows you’ve completed the course and stands as good evidence that you’ve gathered some relevant skills.
Certification holds even higher value. To achieve certification, you need to sit an exam, which can take anywhere from a few months to a few years of preparation. These are still accessible to people of all backgrounds, technical or non-technical, as there are many highly reputable entry-level qualifications. Some of the most highly respected certifications for industry newcomers include:
- CompTIA Network+
- CompTIA Security+
- Certified Ethical Hacker.
The CompTIA Network+ isn’t strictly a cyber-related certification, but for professionals with a non-technical background, it provides a solid technical foundation. This qualification can go a long way to proving to employers that you have what it takes to succeed without a degree or professional work experience.
The CompTIA Security+ is an entry-level cyber security certification that holds worldwide recognition. It’s well-respected by employers: in fact, many employers favour certification to a degree. If you’re interested in one of the roles in penetration testing, ethical hacking or forensics, then the essential credential for you is the Certified Ethical Hacker qualification offered by EC-Council.
These are just a few of hundreds of certifications available. While by no means mandatory, having these certifications can fast-track you into entry-level cyber security roles with no IT experience.
Getting into cyber security with a technical background
A technical background can mean several things. Having a degree, for example, counts as a technical background. Some degrees are well suited to pursuing a cyber security career, even if not directly linked to IT. The obvious entry degrees are in computer science or engineering, but other mathematical or science degrees can also set you up well. Most of these graduates have come across Python or some sort of coding during their degree, which will help them quickly learn to spot malicious code and intrusions, for example.
A technical background might relate to professional work experience in a technical role, such as a programmer or web developer. Programmers will be adept at spotting intrusive code, and web developers will be quick to identify malicious bugs on their site. Software engineers, too, have a sound basis on which to learn how to mitigate breaches by hackers.
That said, any kind of IT experience is a helpful place to start. Specific IT roles lend themselves to progression into cyber security domains. For example:
- Being an exchange administrator can lead to a job in email security
- Network administrators can transition into network security and forensic roles
- Systems administrators can progress into security administrator and forensic roles
- Web developers can become web security engineers or security software developers.
If you’ve got a degree or some professional experience, you might experience an advantage when applying for entry-level cyber security positions. To gain the top spots, typically you will need high-level certifications such as the CISSP. Achieving accreditation is a way to fast-track your career, and can provide you with access to intermediate level positions. Consider the following certification pathway:
- CompTIA Security+
- (ISC)² SSCP.
- (ISC)² CISSP.
The CompTIA Security+ has a worldwide reputation for being one of the most comprehensive entry-level certifications on the market. Certification holders have validated skills in all the fundamental domains of cyber security, making it a fantastic way to get a foot in the door. The next one, the SSCP, is also an entry-level credential for professionals looking to develop their skills in cyber security. The SSCP can get you into cyber security-specific roles, where you can gather the mandatory five years’ experience to sit the revered CISSP exam.
Whether you’re from a technical background or not, employers love experience. The best way you can market yourself as a strong candidate is to show a keen interest and commitment to cyber security.
One way to do this is to complete some unpaid work experience. It doesn’t have to be a long placement – even a few days shadowing a cyber security professional can show off your motivation and drive.
Become an intern
Another brilliant way to gain experience is to find an internship in cyber security, which can give you an insight into the field. Companies may even offer you a fulltime position at the end of the placement, which can make it an effective way to break into the industry.
Apprenticeships are another option, combining on-the-job training with classroom work. You’ll gain first-hand experience of the industry, learn from professionals themselves and enjoy the benefits of a salary, paid holiday, mentorship and boosted career prospects. Apprentices often have an advantage over university graduates, owing to their experience in the field.
Don’t underestimate the power of personal connections. Networking is a critical skill for any individual or business and can go a long way in a job search. Reach out to as many people in the industry as you can. Join groups on LinkedIn, follow industry updates and contact key players by email. Join networking groups and attend relevant industry events. The more people you know, the more potential opportunities you have, whether it’s to offer you work experience, recommend you for a position or teach you valuable skills.
The cyber security sector offers exciting and varied career paths. Cyber security professionals can expect competitive salaries, impressive professional development and ample job security, and to be at the forefront of a booming industry.
While many cyber security positions do require intrinsic knowledge of computers, networks and systems, a lot of this is learned best through experience. There are countless ways to get into cyber security, so don’t be perturbed if you don’t have a technical background. Develop your soft skills, market your transferable skills and, if you can, develop skills in programming, coding or other hard skills for an extra boost. To fast-track your career, consider getting a cyber security certification.
But above all, a passion for information technology and cyber security is your best credential. Look for innovative ways to gather experience and knowledge, and learn as much as you can. Keep up to date with the industry, and you’ll be well on your way to bagging a top-paying job in cyber security.