A lucrative, growing field, cybersecurity focuses on protecting organizations from digital attacks and keeping their information and networks safe. Cybersecurity experts detect vulnerabilities, recommend software and hardware programs that can mitigate risks, and develop policies and procedures for maintaining security.
As more businesses move their operations online, and with cyberattacks on the rise, the need for skilled cybersecurity professionals is projected to grow, particularly for healthcare and financial organizations. For example, the Bureau of Labor Statistics (BLS) projects a 32% job growth rate for information security analysts between 2018-2028.
The cybersecurity field presents diverse career opportunities. Potential jobs include information security analyst, chief information security officer, security architect, and security engineer. The most popular industries that employ cybersecurity professionals include computer systems design and related services; management of companies and enterprises; credit intermediation and related activities; and management, scientific, and technical consulting services.
This guide describes the types of careers available to cybersecurity professionals, including potential salaries, job duties, and the best cities and industries to pursue cybersecurity jobs. We also explain how to prepare for a career in the cybersecurity field.
Click The Buttons Below To Easily Navigate This Guide:
Cyberattacks cause problems for companies across industries, including hospitality, healthcare, and insurance. Hackers exploit security weaknesses to collect private information such as social security and credit card numbers, medical data, passwords, and company secrets. Hackers may then sell this information to the highest bidder or ransom it back to the company from which they stole it.
In November 2018, hackers cracked into a central Marriott reservation database and stole data that included names, addresses, credit card numbers, and passport numbers. With 383 million guests affected, the breach ranks among the top five largest data breaches ever. According to CNET, Marriott’s offer to pay for the stolen passports could potentially cost the company $577 million, plus negative press and loss of consumer confidence.
In July 2019, a data breach compromised 100 million Capital One applications spanning from 2005-2019. The stolen information included 140,000 Social Security numbers, 80,000 bank account numbers, addresses, zip codes, and birth dates.
According to a 2016 Forbes report, industries particularly vulnerable to cyberattacks include healthcare, manufacturing, financial services, government, and transportation. Forbes also highlighted increasing threats to the energy industry.
The cybersecurity field encompasses a large variety of exciting, rewarding career paths. Cybersecurity salary expectations, job duties, and education requirements vary by career. Keep reading to learn more about some of the most popular cybersecurity jobs, including common tasks, average salaries, education and training requirements, and top-paying cities.
Chief InfoSec Officer
Chief information security officers occupy high-level roles as they protect their companies’ data and manage IT and security issues. They work with other executives and IT security experts. These professionals need advanced business, technical, management, and organizational skills. They must also keep abreast of trends and current issues in information security.
Chief information security officers supervise the operational aspects of data protection and management. They develop information security procedures and policies for organizations and manage teams of professionals who identify and mitigate security threats. Other typical job tasks may include developing budgets, carrying out audits, and making sure that the company complies with relevant laws and regulations.
Most chief information security officers start their careers as IT analysts or specialists with a bachelor’s degree in a field like cybersecurity, computer science, or IT. As they gain experience, certifications, and further education, they can advance to higher-level roles.
Cryptographers help organizations safely and securely communicate and exchange information. As cyberattacks and threats grow, the demand for skilled cryptographers who can protect valuable information may increase. Cryptographers typically work for government agencies, financial institutions, and healthcare organizations. Companies like Amazon, Google, and Apple also hire cryptographers.
Cryptographers develop and crack codes, puzzles, and cryptograms. They encrypt data by writing algorithms, security protocols, and cyphers; break down codes to decrypt data; and create cryptology theories. They also identify weaknesses, vulnerabilities, and potential problems by analyzing encrypted systems.
Professional cryptographers need advanced communication, analytical, and problem-solving skills. They must also possess a variety of technical computer and IT skills. They need to understand algorithms, data structures, multiple programming languages, and various operating systems. The high-level knowledge this career requires means that most employers prefer job applicants with a master’s or Ph.D.
Forensics experts investigate computer and cyber crimes and help organizations protect sensitive data and information. Typical job duties may include educating employees about cybersecurity issues, identifying security weaknesses, retrieving data from systems and devices, and reconstructing information systems to understand data breaches. Sometimes forensics experts serve as expert witnesses in trials.
Forensics experts usually work with other IT security professionals. They often deliver security reports to executives, lawyers, and law enforcement personnel. Employers include government agencies, large corporations, and law firms. Individuals with a high level of expertise may work as consultants. Skills required of forensics experts vary by position but typically include advanced understanding of computer software and hardware, programming languages, operating systems, and cryptography.
Entry-level positions usually require at least a bachelor’s degree in cybersecurity, computer science, or a related field, and some professional experience. Forensics experts may qualify for mid-level and upper-level positions after accumulating more experience, certifications, and education.
The incident responder includes jobs such as response engineer, cyber incident responder, computer network defense incident responder, and forensics intrusion analyst. Most incident response professionals respond to cybersecurity incidents and data breaches.
These professionals improve the overall security, finances, and reputations of organizations. They also provide cybersecurity education to employees and detect threats. Typical job duties include developing systems and plans for identifying security breaches, conducting risk analysis, reverse engineering, and writing reports for law enforcement and/or management.
Some incident responder professionals complete certifications like certified intrusion analyst or certified incident handler, but most hold a bachelor’s degree at minimum. Earning a master’s degree in cybersecurity, computer forensics, or a related field may open up more career opportunities with greater salary potential.
Penetration testers find vulnerabilities in networks, information systems, and web applications. They test established security systems and try to prevent cyberattacks. Penetration testers identify weaknesses by conducting their own simulated cyberattacks without actually making data vulnerable, a practice sometimes called ethical hacking.
Penetration testing professionals often work for government, healthcare, and finance organizations. They need strong analytical, problem-solving, and hacking skills.
Penetration testers with excellent hacking skills may not need a degree to find employment. However, entry-level positions typically require a bachelor’s degree in a field like computer science or cybersecurity and relevant experience. High-level management roles may require as much as 10 years of experience and/or a master’s degree.
Security administrators prevent organizations from cybersecurity threats and attacks. These professionals serve in high-level roles, overseeing the IT security efforts of their organizations. With the help of their team, they create policies and procedures, identify weak areas of networks, install firewalls, and respond to security breaches. Security administrators work in nearly every industry that relies on computer networks.
The education requirements for this profession vary by position and employer, but typically include a bachelor’s degree in a field like IT, computer science, or information assurance. Management-level positions often require a master’s in a field like information systems or business administration. Many security administrators gain professional experience through entry-level IT support jobs. Earning certification can improve career prospects.
Security administrators need advanced technical skills in encryption, firewall and router configurations, operating systems, and protocols. They also benefit from communication, problem-solving, and analytical skills.
Security analysts protect organizations’ data from cyberattacks. They typically need a bachelor’s degree to enter the profession. The BLS reports that information security analysts earn a median annual salary of $99,730, with a 32% projected increase in jobs from 2018-2028. Security analysts work for public and private sector organizations in business, technology, and finance.
Typical job duties may include installing computer security software, conducting penetration testing, training employees to use secure processes, and developing procedures and policies. These professionals often work with managers, employees, and executives to identify effective security plans and procedures.
Security analyst positions require a bachelor’s degree at minimum in a field like computer science or IT. Most security analysts start out as software developers or computer programmers and qualify for security analyst positions after 1-2 years of experience. Earning industry certifications can also help individuals qualify for security analyst jobs.
Security architects design, plan, and supervise systems that thwart potential computer security threats. They must find the strengths and weaknesses of their organizations’ computer systems, often developing new security architectures. Job tasks may include budget preparation, allocation of personnel resources, management of IT teams, and report preparation.
These professionals must possess advanced knowledge of software and hardware design, computer programming, risk management, and network and computer systems. Communication, problem-solving, and analytical skills all rank high in importance for this profession. Computer network architects find many opportunities in the computer systems design and telecommunications industries.
Security architects need at least a bachelor’s degree in a field like computer science or IT and relevant professional experience. Many enter the field with hacking experience. To advance in the field, they often earn certifications, pursue graduate degrees, and take continuing education classes. PayScale reports an average annual salary of $123,687 for IT security architects.
Security auditors assess and analyze computer security systems’ efficiency and safety. They hold expertise in cybersecurity, computer and information technologies, and penetration testing. They test databases, administer audits, create reports, and advise organizations about steps they can take to make their computer systems more secure. Security auditors must understand organizational policies and government regulations about computer security.
These professionals typically work as outside consultants for finance companies, nonprofit organizations, and businesses. Security auditors often work with other IT professionals, managers, and executives.
Security auditors may find employment with an associate degree, but many employers prefer individuals with a bachelor’s degree at minimum in computer science, IT, or a related discipline.
Security consultants use their expertise about IT and computer security issues to advise organizations about appropriate security measures. Typical job duties may include looking for potential security breaches, overseeing implementation of new security measures, and training employees to protect their organizations from security risks.
Security consultants need excellent analytical, communication, computer, and other technical skills. Many security consultants earn professional certifications to stay relevant and expand their career opportunities. Popular certifications include certified information systems security professional, certified information systems auditor, and certified ethical hacker.
Security consultants typically need at least a bachelor’s degree in a field such as cybersecurity, computer science, or IT. They frequently begin their careers working entry-level jobs in IT, and then transition to security consultant roles after gaining 1-3 years of experience. Information security consultants earn an average annual salary of $85,430, according to PayScale.
Security directors oversee IT security staff, activities, budgets, and equipment. They often take charge of information security training, compliance, and human resources issues. Security directors also manage the systems that protect organizations’ data, such as patient health records, customer bank accounts, and company secrets.
Security directors respond to and investigate security breaches, engage in strategic planning, and manage budgets. A variety of industries employ security directors, including the military, government, insurance, and finance.
Minimum education requirements for security directors typically include a bachelor’s degree in a field like cybersecurity, computer science, or IT, and at least a few years of professional experience. Some employers prefer candidates with a master’s degree.
Security engineers create IT security systems to protect their organizations’ systems and sensitive data from cyberattacks. Their main job duties include building intrusion detection systems and firewalls to stop attacks. Other tasks include conducting security assessments, tests, and risk analyses. They also deliver reports and make recommendations to executives.
A bachelor’s degree in cybersecurity, engineering, programming, or computer science represents the typical minimum education requirement for most security engineering positions. In addition to education, security engineers usually need 1-5 years of relevant work experience. Security engineers with a master’s degree typically qualify for top-level positions.
Many security engineering positions require industry certifications such as certified ethical hacker or certified information systems security professional. According to PayScale, security engineers earn an average annual salary of $90,745.
As high-level professionals, security managers oversee the operations of their organizations’ information security issues. They typically supervise IT administrators, analysts, and other staff who implement security measures. Typical duties may include hiring new staff, evaluating security plans, preparing budgets, and developing polices.
Security managers must possess excellent managerial, communication, and IT skills. They often start out as information security analysts, network administrators, or security administrators before becoming security managers. Security management positions typically require at least five years of experience.
Security managers usually need at least a bachelor’s degree in a field like cybersecurity, information assurance, or IT. High-level positions often require a master’s degree in a field such as cybersecurity or IT. Reflecting their high level of responsibility, security managers earn a mean annual salary of $108,464, according to PayScale.
Security software developers create new technologies for programs and applications. They integrate security protocols into existing programs and applications to ensure software security. Security software developers must possess an advanced understanding of all aspects of software development as they often participate in the entire lifecycle of development.
Their specialized knowledge spans IT security, computer system and network analysis, software design, and programming languages. They may work as members of a software development team or independently. Employers may include government agencies, nonprofit groups, and private businesses.
Education requirements include a bachelor’s degree in software engineering, computer science, or a related field. Many security software developers start their careers as general software developers and specialize in security software development over time. Industry certifications, like the global information assurance certification, can offer career benefits to security software developers.
Security specialists monitor existing security infrastructure to make sure their organizations remain safe from cyberattacks. Job duties include suggesting period improvements, running system checks, and researching potential new risks. Security specialists also test software permissions and firewalls, analyze network structures, and make recommendations to management.
Specific job duties vary, but security specialists typically need problem-solving, critical thinking, and communication skills. They must also understand computer programming languages, computer system analysis, and network and computer infrastructure.
Most positions require a bachelor’s degree in computer science or a related field at minimum. Those with experience in a specific industry, like healthcare or banking, may stand out from other applicants seeking work as a security specialist in that field. Another way to expand career opportunities involves seeking security certifications like CompTIA Security+ or certified wireless network professional.
Source code auditors prevent security threats, identify coding mistakes, and eliminate inefficiencies. They also create reports on their findings and make recommendations for changes. Source code auditors examine individual lines of coding to find weaknesses, bugs, and syntax errors. They need expertise in database security, cryptography, networking, and computer forensics.
Typical job duties may include penetration testing, collaborating with web developers and software engineers, and reporting on their findings. These professionals often act as consultants for companies.
Source code auditor positions typically require a bachelor’s degree in cybersecurity, computer science, IT, or a related field. Most source code auditors begin their careers as software engineers, programmers, or web developers; they typically qualify for source code auditor roles after 2-3 years of experience. Earning certification in software security, penetration testing, or incident handling may increase job opportunities.
Vulnerability assessors find weaknesses in computer systems and applications. They often present their findings in a formal vulnerability assessment that businesses can consult when making corrections or improvements. Required skills include mastery of multiple operating systems, computer hardware and software systems, and security frameworks.
Typical job tasks include creating a vulnerability assessment database, offering training for systems and network administrators, tracking vulnerability metrics over time, and testing custom scripts and applications. As a highly specialized career, it can be difficult to find salary estimates for vulnerability assessors. However, PayScale reports a $102,500 average annual salary for security assessors.
Junior vulnerability assessors may only need an associate degree and a few years of IT security experience. However, mid- and high-level positions usually require a bachelor’s or master’s degree and significant professional experience. Specific degree requirements vary by position and employer.
The state and city where a professional chooses to live can affect salary and career outlook in the cybersecurity field. For example, densely populated major cities typically feature higher costs of living but offer higher salaries than more rural areas.
The presence of certain high-paying and top-employing industries also impacts the outlook for cybersecurity jobs in different locations. Cities with large IT, healthcare, and finance sectors may need to hire more skilled cybersecurity experts. The tables and map below outline the annual mean wage by state for information security analysts. Because individual cybersecurity jobs include so much specialization, the BLS only highlights one cybersecurity career: information security analyst.
Information security analysts earn a median annual salary of $99,730, making this career more lucrative than many others in the cybersecurity field. Typical job duties for information security analysts mirror those of many other cybersecurity positions, including installing and using software, detecting security breaches, researching IT security trends, and recommending security enhancements.
Annual Median Wage and Employment for Information Security Analysts by State, 2019
Annual Mean Wage by State for Information Security Analysts, 2019 (Source: BLS)
Annual Mean Wage
District of Columbia
Employment by State for Information Security Analysts, 2019 (Source: BLS)
Annual Mean Wage
Top-Paying Cities for Key Cybersecurity Careers (Source: PayScale)
Since organizations of all kinds increasingly rely on computer networks and systems for their everyday operations, cybersecurity graduates can find careers in nearly any industry. However, some industries employ larger numbers of cybersecurity professionals and offer better compensation than others. Employment requirements, job titles, salaries, and job duties may differ considerably between industries. Cybersecurity graduates should research the career and salary expectations typical for different industries prior to accepting a job offer.
The top employing industry for information security analysts is computer systems design and related services. Other major industries for information security analysts include management of companies and enterprises; credit intermediation and related activities; management, scientific, and technical consulting services; and insurance carriers.
Top-paying industries for information security analysts include nonresidential building construction, semiconductor and other electronic component manufacturing, legal services, and automotive repair and maintenance. Another top-paying industry for information security analysts is finance. The tables below outline the top industries for information security analysts in further detail.
Annual Mean Wage by Industry for Information Security Analysts, 2019 (Source: BLS)
Annual Mean Wage
Nonresidential Building Construction
Semiconductor and Other Electronic Component Manufacturing
Automotive Repair and Maintenance
Securities, Commodity Contracts, and Other Financial Investments and Related Activities
Employment by Industry for Information Security Analysts, 2019 (Source: BLS)
Annual Mean Wage
Computer Systems Design and Related Services
Management of Companies and Enterprises
Credit Intermediation and Related Activities
Management, Scientific, and Technical Consulting Services
Major Cybersecurity Employers
A global security, defense, advanced technologies, and aerospace company, Lockheed Martin employs 110,000 people. The company engages in research, design, manufacturing, and development of advanced technology products, systems, and services. Cybersecurity graduates can find jobs at Lockheed Martin as cybersecurity engineers, classified cybersecurity senior staff, cyber systems security engineers, and defensive cyberspace operations analysts.
A global technology company, Apple ranks among the world’s biggest tech companies. Some of its biggest successes include the iPhone, iPad, Mac personal computer, and iTunes media player. Cybersecurity professionals can find many roles at Apple, including as network security engineers, information security infrastructure software engineers, senior security researchers, and Apple information security specialists.
An American chain of urgent care centers, Patient First treats and diagnoses walk-in patients that exhibit ailments. Relevant cybersecurity jobs at Patient First include a variety of roles related to securing sensitive patient health and financial information. Potential job titles may include data security administrator, computer specialist, and health data security analyst.
One of the largest banks in the U.S, Capital One offers credit cards, banking, savings accounts, and car loans. Its reputation as a technology-focused financial institution emphasizes its need for cybersecurity specialists, who make sure that the company’s financial data stays secure.
A multinational technology company, Cisco develops and sells software, networking hardware, and telecommunications equipment. The company specializes in areas like the Internet of Things, energy management, and domain security. Potential cybersecurity jobs at Cisco include IT network and security engineer, cyber network engineer, and cybersecurity network engineer.
An American defense and aerospace technology company, Northrop Grumman ranks among the largest military technology providers and weapons manufacturers in the world. The company needs skilled cybersecurity professionals to ensure that their proprietary and classified information remains secure.
Frequently Asked Questions
How do I get a job in cybersecurity?
Earning a bachelor’s degree in cybersecurity, computer science, or a related field prepares students for most entry-level cybersecurity careers.
What should I study for a career in cybersecurity?
Prospective cybersecurity professionals should study areas like cybersecurity, computer science, or a related field. Most cybersecurity employers require a bachelor’s degree at minimum, but many prefer applicants with a master’s degree.
How much can you make with a bachelor's in cybersecurity?
Earning a bachelor’s degree in cybersecurity gives students the knowledge and practical skills needed for a variety of well-paying jobs. PayScale reports an average annual salary of $69,773 for those with a BS in cybersecurity.
What are the best entry-level cybersecurity jobs?
Some of the top entry-level cybersecurity jobs include information security analyst, computer network analyst, security software developer, and security specialist.
Does cybersecurity pay well?
Salaries for cybersecurity jobs vary by position, education, experience, and industry, but typical cybersecurity jobs pay significantly more than the national median.