Careers in cybersecurity: get to know these top 4 professions

Article | November 2020

Thinking of starting a career in cybersecurity? In this article we’ll cover four of the most popular cybersecurity professions out there. It’s important to understand the differences between the roles and know which qualifications are necessary for each. For example, some cybersecurity roles require only an associate’s degree, while others require bachelor’s and even master’s degrees. Further, some professions may offer the flexibility of freelance work, while others offer more traditional in-office jobs. One thing is certain: it never hurts to have additional industry-recognized certificates on top of higher education degrees. We’ve rounded up the important information on cybersecurity engineers, cybersecurity consultants, security administrators and pen testers here: 


1. Cybersecurity engineer

Cybersecurity engineers protect systems from being invaded or attacked by malicious actors. They work to fortify an organization’s systems and networks by fixing and updating them according to new advances in technology. They also work alongside IT teams to build contingency and emergency plans if a system were to be breached. A big component of the cybersecurity engineer’s job involves researching and evaluating new technologies and processes and deciding which would be smart to implement to enhance security. They’ll “configure and install firewalls and intrusion detector systems” and supervise “changes in software, hardware, facilities, telecommunications and user needs” and more. 

In terms of the necessary qualifications, “the mass responsibility they carry for engineering systems puts them at the top of the hierarchy in cybersecurity teams and has made having a graduate degree almost standard for IT jobs that involve security engineering.” In the U.S., cybersecurity engineers earn between $107,000 and $127,000 a year. 


2. Cybersecurity consultant

A cybersecurity consultant wears many hats in their job. They must know how to  “play both the attacker and the defender” for networks, software programs and computer systems. Some cybersecurity consultants work full-time for IT consultancies while others may choose to work on a freelance basis. They need to be experienced in penetration testing, firewall safety and management, encryption techniques, programming languages (Python is a must), principles of ethical hacking practices, and beyond. They’ll likely work alongside IT departments, be required to deliver technical reports related to investigative findings, and give professional guidance and supervision to other security teams. 

Qualifying for this position requires a bachelor’s degree in cybersecurity. It’s beneficial to have a industry-recognized certificate in ethical hacking (CEH) or information security management (CISM). In the U.S. freelance cybersecurity consultants can make around $85,000 a year (or about $52/hour). 


3. Security administrator

Security administrators (cybersecurity administrators) are responsible for the system overall, not any of the system’s various parts. They’re considered the spokesperson/manager for a cybersecurity team. Unlike their team members, they’re not focused on the specific hardware or software of a system, instead “they work to defend the system as a whole and keep it secure from threats.” The more administrative part of the job requires writing up training documents and security policies. Additionally, they’ll train fellow colleagues in cybersecurity awareness and develop and maintain the organizations’ security protocols. The job also requires a strong understanding of firewall technologies and knowledge of SSL, HTTP, DNS, IPSec and SMTP protocols. 

Security administrator positions require different levels of education; in many, an associate’s degree is sufficient, while others will require a bachelor’s. The average salary for security administrators is around $80,000 in the U.S. 


4. Penetration tester

Also known as ethical hackers, vulnerability analysts or assurance validators, penetration testers play a vital role in protecting organizations’ systems from external threats. Their job is to “seek, identify, and attempt to breach existing weaknesses in digital systems and computing networks.” Pen testing teams simulate security breaches and other cyberattacks in an attempt to access sensitive and private information within an organization. While carrying out the simulated attack, “pen testers document their actions to generate detailed reports indicating how they managed to bypass established security protocols, and to what degree.” Ultimately, they help organizations improve their digital security measures, and their insights are an invaluable asset. 

Some organizations may have a pen testing team within the IT department, but more often than not, they rely on pen testing consultancies. To qualify for a pen testing position, the candidate will need to have coding/scripting capabilities, deep knowledge of vulnerabilities and exploits, and strong working knowledge of networking and network protocols. The average penetration tester in the U.S. earns $84,000 annually. The position usually requires a bachelor’s degree, entry-level IT experience and/or industry-recognized certifications in ethical hacking, pen testing or other related fields. 


Interested in upping your cybersecurity game? Check out some of CYBERPRO’s workshops and courses.