“How To” Cyber Blog Series: Part I

How to Choose a Cyber Career Path
With thousands of positions available daily and no slowdown in sight, a cyber career is a great choice. But knowing which specific path to take requires some introspection, as well as an understanding of the big picture of the security landscape.

Many Types of Job Roles to Choose From
Most cybersecurity jobs fall into an analysis, technical, or management category, but there’s a great deal of overlap among the categories and even the job roles themselves.

Popular analysis-related job roles include the following:

    Cybersecurity analyst: Essentially the same as “information security analyst,” this role covers a wide breadth of tasks. An analyst typically detects security threats and exploits against an organization, implements controls, and responds to incidents. May also be responsible for security monitoring, aspects of risk management and control auditing, among other things, depending on the size of the organization.
    Cloud security risk management specialist: Focuses on assessing and managing risk within a cloud environment. Is often required to apply the six-step NIST RMF and FedRAMP standards.

Upper-level management roles include:

    Chief information security officer (CISO): Develops the foundation for the IS program and sets policy, and is typically responsible for ongoing compliance with regulations and standards.
    Information systems security manager (ISSM): Researches, develops, and reviews information security (IS) requirements, determining which security controls to implement. The ISSM works with the CISO to maintain the security posture of an organization.

Technical roles include:

    Information systems security engineer (ISSE): Safeguards an organization’s computer networks, systems, and data by designing, implementing, and monitoring security measures.
    Penetration tester: Also referred to as an ethical hacker, performs pre-planned and sometimes invasive tests on computer systems, networks, and web-based and mobile applications to assess vulnerabilities and exploits.
    Incident responder: Monitors operations and security events, analyzes and verifies security threats, and responds to attacks.
    Security architect: Designs, builds, and oversees network and computer security implementations. The security architect is a senior position that works with the ISSM, or in place of the ISSM in many organizations.

So which type of cybersecurity job role interests you the most? Choosing one doesn’t prevent you from moving laterally or up the ladder in the future — for example, you can progress from an analyst role to a more technical position, or jump to management — but knowing where your interests lie today will help you properly assess your job readiness, evaluate needed training or education, and narrow your job search.

More Considerations for Your Ideal Career
When choosing a cyber career path, are you interested in the public or private sector? Some people have a great desire to be a public servant, whereas others are attracted to the perceived faster pace and agility of a corporate or consultant position. The situation you choose should match your values and desires best.

Do you already have IT or security experience, and certifications? Even if you haven’t worked in cybersecurity, you probably have skills you can bring to a security career. IT networking and programming skills, for example, lend themselves well to security positions. If you have relevant experience, think about which aspects of your experience appeal to you most and move in that direction.

What is your target salary or salary range? Security salaries and benefits packages vary quite a bit, and they climb appreciably for senior-level positions. The interactive Cybersecurity Career Pathway tool on the Cyber Seek website is handy for checking current average salaries for common security job roles.

Finally, spend some time identifying your short-term cyber career goals (say, six months to three years) and longer-term goals (three to eight years). What do you need to do to meet those goals, or just to get started?

Let Mission Critical Institute Help Guide You
Fast-tracking to advanced cyber positions often requires a graduate education and one or more certifications. By signing up for an Mission Critical Institute-sponsored cyber graduate program, you can become job-ready with a graduate education in under a year, and earn a certification and credits toward an MBA or MSIS along the way.

To learn more, complete the Mission Critical Institute cybersecurity career planning survey.