According to Forbes in 2015, the annual investment in cybersecurity across the private sector is expected to surge from $75 billion a year to upwards of $170 billion a year by 2020. As demand rises amid a shortage of qualified professionals, experienced cybersecurity experts are seeing more opportunities for upward mobility while those new to the field are being offered higher starting salaries as employers compete for top talent.
Here are some of the key positions in this field that will help fill this employment void:
Cloud Security Administrator
Cloud security administration is such a new field that many administrators have the luxury of defining their own job duties. Although many of these tasks are hands-on matters of configuration and monitoring, much of the work consists of strategizing and coordinating internal information security efforts with those of cloud providers. The job requires the technical expertise and knowledge of IT security compliance policies and expertise in administering virtual and Cloud computing solutions. You will also need knowledge of firewalls, intrusion detection, encryption, monitoring, vulnerability scanning, and authentication solutions for traditional and Cloud-hosted IT systems.
Cyber Intelligence Analyst
Cyber intelligence analysts, also known as “cyber threat analysts,” are information security professionals who use their skills and background knowledge in areas like network administration or network engineering. Their mission is to counter the activities of cyber criminals such as hackers and developers of malicious software. They are professional intelligence officers who apply their scientific and technical knowledge to solving complex intelligence problems, produce short-term and long-term written assessments, and brief the organization. This work demands initiative, creativity, analytical skills, and technical expertise. However, the most important piece of the profession is an analytical skill. At times, this skill is more of an art form than a hard science. First, it requires that an analyst become a technical expert.
Information Security Auditor
Information security auditors make audits happen. They may work for independent consulting firms that specialize in such services or for autonomous working groups inside of an organization. They strive to keep an objective eye on the information systems that serve as the lifeblood of the modern corporation. IT auditors conduct the laborious but necessary role of going through information systems and double-checking for any soft spots. These soft spots could be the failure to upgrade operating systems or failure to apply patches to known security holes. Or they might be configuration errors such failing to change default passwords or close factory-service accounts.
Information Security Specialist
Also known as Infosec Specialist, there are numerous sub-specialties within the IT Security Specialist field:
- Network security
- Application security
- Database security
- Security support
- IDS (Intrusion Detection System) configuration and monitoring
- SCADA (Supervisory Control and Data Acquisition) security
For example, in healthcare, an IT security specialist may be expected to handle incoming security-related trouble tickets, work with staff to resolve security-related issues, and handle other basic support desk duties. At the industrial level, they may develop network security standards and guide network design, conduct network security assessments, and ensure that IT acquisitions meet network security standards.
In the corporate world, organizations hire cyber threat intelligence analysts or engage with threat intelligence service providers to perform the task of identifying potential risks and threats in an organization.
Network Security Architect
Users log in to networked systems every day for work and play, romping through corporate networks and across the Internet freely, slotting in a username and password from time to time. This is done with very little consideration for the complex array of hardware, software, and logic that enables their activities. Today, network security architects are indispensable members of enterprise architecture teams. While other architects worry about LAN (Local Area Network) cabling runs, router installations, and data storage requirements, network security architects focus on averting accidental or nefarious vulnerabilities. Additionally, they are responsible for analyzing network data and systems to select the most appropriate control mechanism for the security required.
IT Security Engineer
Security engineers, plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. They install and use software, such as firewalls and data encryption programs, to protect organizations’ sensitive information. They also assist computer users with installation or processing of new security products and procedures. They also conduct penetration testing, in which they simulate an attack on the system to highlight or find any weaknesses that might be exploited by a malicious party.
Professionals working in cybersecurity engineering go by a number of different titles:
- Application/Web security engineer
- Cybersecurity engineer
- Data security engineer
- IA/IT security engineer
The title of this profession sounds like an oxymoron…an ethical hacker. The job has other names, such as Penetration Tester (really) and White Hats Hacker. A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.
Ethical hacking involves more creativity and a deeper knowledge of both human psychology and hacking strategy than simply running a network scan. Essentially, the job of a white hat hacker/penetration tester/ethical hacker is to find vulnerabilities before the black hats do. The ethical hacker uses many of the same tools and goes through the same steps:
- Researching the intended target via both open-source and dark-web channels
- Scanning target networks and systems with commercial, open-source, or custom vulnerability scanners
- Designing a plan of attack that can include exploiting software vulnerabilities, systemic vulnerabilities, social manipulation, or any combination of those factors
Most of these jobs may not be offered without experience. However, the appropriate degree in computer science and related areas can provide the means to land one of these during your career in cybersecurity.