Cybersecurity Careers

There are many different career paths in cybersecurity. Some roles are technical, while others are more managerial. For example, a network security engineer requires a deep level of technical knowledge, while a risk manager requires a more general understanding of cybersecurity concepts but a deeper understanding of organizational goals, legal compliance concerns, and managerial processes. This section describes some of the most common roles in cybersecurity.

Learning Objectives

You should be able to describe various cybersecurity roles in early, mid, and senior levels.

Entry-Level Roles

Entry-level roles are often the first step into a cybersecurity career. These roles typically require less experience and may involve basic tasks such as monitoring systems, troubleshooting incidents, or assisting with security assessments.

Help Desk Technician

My people start their careers in information technology (IT) as help desk technicians. Help desk technicians support to end-users, troubleshoot hardware and software issues, and assist with basic network problems. If they cannot solve a problem, they escalate it to a more senior technician. Help desk jobs build both technical skills and communication skills. Many employers like seeing help desk experience on a resume because it shows that the candidate has experience working with people and solving technical problems. Help desk work is not glamorous, but it is a great stepping stone to a more advanced role. Help desk technicians do not focus on security specifically, but they will encounter many security issues, such as malware infections and phishing attempts. They may also be responsible for implementing basic security measures, such as password resets.

Security Operations Center Analyst

Security Operations Center (SOC) analysts monitor security alerts and incidents. They analyze logs, investigate potential threats, and respond to security incidents. SOC analysts often work in teams and are responsible for maintaining the security posture of an organization. When an automated system detects a potential security incident, the SOC analyst investigates the alert. If the alert is a false positive, the SOC analyst closes the ticket. If the alert is a real incident, the SOC analyst works to triage the problem. SOC analysts sometimes communicate with clients to gather information and help them fix the problem. They also document their findings and actions taken during the incident response process. Compared to help desk roles, SOC analyst roles are more narrowly focused on security and monitoring. SOC analysts will not help somebody with a broken printer, but they will help somebody if their printer has been infected with malware.

Network Administrator

A network administrator might run network cable, configure network hardware, and monitor network performance. They ensure that all authorized devices on the network can communicate. They may also implement security measures such as firewalls and intrusion detection systems. Network administrators often work closely with SOC analysts to ensure that the network is secure and to respond to any security incidents that may arise. Network administrators setup the networks that SOC analysts monitor. They also work with help desk technicians to troubleshoot network issues. Network administrators may not be security experts, but they need to understand security concepts and best practices.

System Administrator

System administrators manage servers, operating systems, and applications. They ensure that systems are up to date, secure, and functioning properly. System administrators may also be responsible for user accounts, permissions, and access controls. They work closely with network administrators to ensure that systems are secure and that users have the appropriate access to resources. Compared to help desk technicians, systems administrators have more specialized knowledge in the operating systems and applications they manage. Also, they interact with users less frequently.

Mid-Level Roles

Many career options open up after a few years of experience. Mid-level roles often require more specialized knowledge and skills. They may involve managing teams, leading projects, or developing security policies and procedures. It is possible to move into a mid-level role early in a career, but in these cases the person may be given a title such as "junior" or "associate" to indicate that they are still learning.

Security Analyst

The word "analyst" is very broad. An analyst might be analyzing data, security incidents, vulnerabilities, legal compliance, security policies, or other things. Security analysts are expected to have a good understanding of security concepts and best practices. They might develop recommendations for improving security and then steward those recommendations through the implementation process.

Ethical Hacker

Ethical hackers, also known as penetration testers, are authorized to test the security of systems and networks. They simulate attacks to identify vulnerabilities and weaknesses. Ethical hackers use the same techniques as malicious hackers but do so with permission and for the purpose of improving security. They may work for consulting firms or as part of an internal security team. Ethical hackers often have a deep understanding of security tools, operating systems, and programming languages. People who like to tinker with computers and networks often make great ethical hackers. They need to be able to think like a hacker, but they also need to be able to communicate their findings to non-technical stakeholders.

In my opinion, it is difficult to teach somebody to be a good ethical hacker. You can teach somebody to use a tool, but it is much harder to teach somebody to think like a hacker. A good ethical hacker will be endlessly curious and be able to stay with a problem for a very long time. They must be willing to learn new technology constantly.

Senior-Level Roles

There are generally two paths to senior-level roles: technical and managerial. Technical roles require deep expertise in a specific area, while managerial roles focus on leading teams and managing projects. Senior-level roles often require several years of experience and a proven track record of success.

Security Architect

Security architects have deep technical knowledge. They design and implement security solutions for complex systems and networks. They work closely with other teams to ensure that security is integrated into all aspects of the organization. Security architects may also be responsible for developing security policies and procedures. They need to have a deep understanding of security technologies, risk management, and compliance requirements. Security architects often work on long-term projects and need to be able to communicate their ideas effectively to both technical and non-technical stakeholders. Security architects know how to communicate well, but they feel most comfortable in technical discussions.

Chief Information Security Officer (CISO)

A Chief Information Security Officer (CISO) is a senior executive responsible for an organization's information security strategy and implementation. The CISO works closely with other executives to ensure that security is integrated into all aspects of the organization. They are responsible for managing security teams, budgets, and policies. The CISO must have a solid understanding of security concepts, risk management, and compliance requirements. They also need to be able to communicate effectively with both technical and non-technical stakeholders. Compared to a security architect, a CISO has a broader focus. A CISO is responsible for the entire security program, while a security architect focuses on specific projects. A CISO needs to understand the business and how security fits into the overall strategy of the organization. They also need to be able to communicate with executives and board members.

Risk Manager

Risk managers are responsible for identifying, assessing, and mitigating risks to an organization's information assets. They work with the CISO to develop security policies and procedures. They need to have a solid understanding of risk management principles, compliance requirements, and security technologies. Risk managers might emphasize compliance with legal requirements, disaster recovery planning, and insurance. A risk manager is responsible for specific projects or areas of risk, while a CISO is responsible for the entire security program.

Security Consultant

Many organizations lack the resources to hire a full-time security team. They may hire a security consultant to help them assess their security posture, develop security policies, and implement security solutions. Security consultants often have strong technical knowledge and experience in various industries. They need to be able to communicate effectively with both technical and non-technical stakeholders. Security consultants may work for consulting firms or as independent contractors. They often work on short-term projects and need to be able to adapt quickly to new environments.

Reflection

• What cybersecurity roles are you most interested in?
• How would you spend your time in your early career to prepare for a more senior role?
• Should all managers have a technical background?

Key Terms

• Help Desk Technician: An entry-level IT professional who provides technical support to end-users, troubleshooting hardware and software issues.
• Security Operations Center (SOC) Analyst: A cybersecurity professional who monitors security alerts and incidents, analyzes logs, and responds to security incidents.
• Network Administrator: An IT professional responsible for managing and maintaining an organization's network infrastructure, including hardware and software.
• System Administrator: An IT professional responsible for managing and maintaining an organization's servers, operating systems, and applications.
• Security Analyst: A cybersecurity professional who analyzes security data, incidents, and vulnerabilities to develop recommendations for improving security.
• Ethical Hacker: A cybersecurity professional who simulates attacks to identify vulnerabilities and weaknesses in systems and networks, with permission.
• Security Architect: A senior cybersecurity professional responsible for designing and implementing security solutions for complex systems and networks.
• Chief Information Security Officer (CISO): A senior executive responsible for an organization's information security strategy and implementation.
• Risk Manager: A cybersecurity professional responsible for identifying, assessing, and mitigating risks to an organization's information assets.
• Security Consultant: A cybersecurity professional who provides expert advice and assistance to organizations on security-related matters, often on a project basis.