This article covers some of the things you should know before getting into cybersecurity. When you’re ready to take your first step into a cybersecurity career, you can check out our Getting into Cybersecurity Guide. We’ve also covered the best entry-level jobs in cybersecurity here.
As a former humanities student, when I made the transition from English literature to a degree in Cybersecurity I had no idea what I was getting into. Cybersecurity is one of those emerging fields that has a lot of appeal for anyone looking for job security and a more than competitive salary.
But if you were like me and you’re completely new to all things cybersecurity, you may want to think about what it is you’re getting into before you take that first step forward. Before I list 11 important things you need to know to succeed in a cybersecurity position, let’s first take a look at exactly what cybersecurity is.
Ready to Start Your Cybersecurity Career?
If you're serious about starting your cybersecurity career, enroll in my FREE 5-part series "Strategies for New Cyber Careers". These strategies can help you determine your best path forward. I'll also send you my weekly cyber career newsletter with resources that every cyber professional needs to know.
What is Cybersecurity?
Cybersecurity is the active defense of computer data and networks from outside threats. Outside threats doesn’t just mean black hat hackers working from the outside to steal your personal information or turn your PC into a zombie. Threats come in all shapes and sizes, from malicious insiders (disgruntled employees or co-workers), to spilled coffee, a power outage, or an outside human threat.
Because there are such a wide range of cyber threats, the demand for cybersecurity professionals has never been higher. Our increasing reliance on technology, particularly technology with an internet connection, makes cybersecurity a pivotal part of any business.
One of the upsides to being a cybersecurity professional is that you have a variety of areas to specialize in, all of them equally important. You could specialize in network defense, creating cybersecurity tools as a software engineer, define security policies, and so on. No single cybersecurity position covers all the needed bases for an organization’s comprehensive security.
Cyber threats are evolving fast. New vulnerabilities are discovered in systems every day, which brings me to the first important point in a cybersecurity career.
What You Need to Know About Getting Into Cybersecurity
1. You must always be learning.
One of the most important things you need to understand about cybersecurity is that you will never know absolutely everything about your field. Cyber defense is not only an incredibly wide topic, it’s always changing.
As soon as a solution to one vulnerability is discovered, another is sure to be exploited. Viruses are updated regularly to overcome common defense measures, and new viruses are constantly designed that cyber professionals have never encountered before.
While that sounds daunting, remember that you aren’t expected to know everything. As a cybersecurity professional, you should know how to contain a threat and be prepared to take steps to make sure the same exploit doesn’t happen twice, but just because a security breach happens doesn’t mean you’re out of a job.
Bottom line, the first question you should ask yourself before deciding on a cybersecurity career is how much time are you willing to dedicate to research. Again, you don’t have to know everything, but you need to be familiar with the most common exploits and willing to do your own research. You should be that person who reads cybersecurity-related articles in their off-time.
2. It helps if you have a background in IT.
It goes without saying that in order to be a cybersecurity professional, you should know computers. You won’t be able to defend what you aren’t familiar with yourself, and all cybersecurity jobs expect you to have some experience in an IT-related field (not necessarily one in cybersecurity).
Experience is invaluable in cybersecurity, and if you are a student you should definitely be looking into internships or part-time jobs. Some federal agencies, including the NSA, offer co-op programs for cybersecurity and computer science majors with incredible benefits and training.
If you’re not in school and are simply considering making the transition into a cybersecurity job, it helps if you’re already working in IT.
Some jobs will do ask for familiarity with cybersecurity tools and procedures, and for students as well as working professionals, industry certificates go a long way towards proving that you have the experience needed to work as a cybersecurity professional. The CompTIA Security+ is just one of many certificates that employers frequently require new hires to have.
3. Degrees aren’t necessary, but they help.
One thing you should be aware of is that, while degrees are not required for all cybersecurity jobs, they can certainly help secure your position. In some cases, employers will even consider a four-year degree as equivalent to four years’ field experience, which is why it’s important that your degree be in an IT-related field.
Employers generally ask for at least a Bachelor’s, but the higher you go the higher your value becomes on the job market. Also, if you’re in the process of earning your degree, studying for a Bachelor’s makes you eligible for most of those cool co-op programs that the United States government offers for students.
Remember, a degree is not a requirement. Many employers just prefer them because they are one way of ensuring your creditability as a cyber professional. However, if you want a federal cybersecurity job, a degree is essential.
4. Certifications are a must.
We already mentioned CompTIA Security+ as one of several degrees that employers will look for in your resume. Other helpful certificates really depend on the cybersecurity field you want to specialize in.
If you’re interested in network security, CompTIA Network+ is a practical additional choice. The CISSP (Certified Information System Security Professional) is a high-level certificate for professionals looking to get into advanced cybersecurity positions. CEH (EC-Council Certified Ethical Hacker) is a must if you want to be hired as a pen-tester.
The certificates you need really depend on the cybersecurity position you want, and what is required for one position may only be recommended for another. Generally, everyone asks for at least the Security+.
5. You have a LOT of career options available.
If you’re still reading this article, you’ve probably already figured out that cybersecurity is a very wide field. When I first started studying cybersecurity, I had no idea that there were so many options for what you could do professionally. While having a variety of choices is amazing, it can also be confusing if you’re just getting started. (You can check out some of your career options here.)
One of the best comparisons to cybersecurity is the medical field. Sure you want to be a doctor, but what kind? You could be a dentist, an orthopedist, a pediatrician. There are many different areas of specialization, and that applies to cybersecurity as well.
Before getting into cybersecurity, you should consider what exactly it is you want to do in the field. Do you want to be a pen-tester, hired by organizations to test their security infrastructure for weaknesses? Do you want to be an incident responder, working on a team to limit the damage from an ongoing exploit? Or do you want to be a chief information security officer, the head of your security team?
Taking the time to consider exactly what you want to do in cybersecurity will help you identify your goals and what you need to do to achieve them.
6. Knowing programming or scripting languages are invaluable.
As a cyber professional, it’s mandatory that you understand computer hardware and software. Nothing gives you a better appreciation for the interconnectedness of both than knowledge of programming.
The only effective defense against these kinds of attacks is recognizing a vulnerability before an attacker has a chance to exploit it. With an understanding of a programming or scripting language, you have that edge.
If you don’t have any experience in programming, Python is the most forgiving language for beginners. It’s a powerful language and is one of the most in-demand languages for cybersecurity professionals.
7. Be prepared to work long or odd hours.
Being a cybersecurity professional really isn’t that different from being a firefighter or policeman. While the work is a lot less physically demanding, cyber attacks can occur at all hours, and you need to be available during a crisis.
That’s one of the reasons why it’s so important to stay on top of your research. In the chaos of a moment, you need to recognize the threat for what it is—or at least what it could be—and know how to contain it. You’re damage control in the event of a cyber attack, and you’ll be the first to know if an active threat is detected.
On the upside, according to a survey by Farsight Security, Inc., 97% of cybersecurity professionals find their work tremendously rewarding in spite of the work demands. Even though “half of IT security professionals (57%) work weekends and, on average, nearly a third (29%) work ten hours a day…nearly all (97%) said that they still find their job rewarding (85%).”
8. Cybersecurity comes with prestige.
One of the many reasons why cybersecurity professionals are satisfied with their work can be tied to prestige. Come on. Who doesn’t secretly admire the hacker working in secret with nothing but their computer and a world of technical know-how at their fingertips? All the more admirable are the men and women capable of protecting users and bringing that hacker down.
There is a lot of glamor tied to cybersecurity. Some of the glamor might be because the subject is crazy hard (not so hard if you’re willing to put in time and patience), and most people would rather not be spending their time analyzing a network for abnormalities. But everyone recognizes that the work is essential and exciting.
As a cybersecurity professional, you’re that person who can keep up with the mysterious hacking genius in the basement. You might not always know what’s coming, but you’re ready for it, and you know how to stop the threat in its tracks.
Believe me, going from an English degree to Cybersecurity, the difference in how people look at you is pretty obvious. And it’s not bad.
9. You’ll have access to all the latest technology.
It pretty much goes without saying that as a cybersecurity professional, you’re going to be working with the best hardware available. Technology is improving at an incredible pace, and exponentially, cyber threats are getting more and more advanced.
In an increasingly internet-dependent world, you’ll have access to all kinds of cutting-edge tools that improve security, as well as close experience with evolving hardware for users. Right now is the best time to be in IT, and as a cybersecurity professional, you’ll be the first to work with the latest and best.
10. The only thing better than the prestige in cybersecurity is the pay.
Cybersecurity jobs are among the top-paid in the world. Here are just a few of the top-paying cybersecurity professions:
- CISO (Chief Information Security Officer) – as a CISO, your average annual salary ranges between $130,000 to $170,000 a year
- Computer and Information Systems Manager – according to the US Bureau of Labor Statistics, the median annual wage for managers is $142,530. Keep in mind that their listing for managers is general, including cybersecurity-specific managers
- Cybersecurity Incident Responder – incident responders typically earn an average of $106,000 a year
- Software developers – according to the US Bureau of Labor Statistics, the average annual pay for software developers is $105,590. As a cybersecurity professional, you would be expected to design improved, security-related software
- Information Security Analyst – according to the US Bureau of Labor Statistics, the median annual pay for information security analysts is $98,350
- Cybersecurity Consultant – according to the US Bureau of Labor Statistics, the median annual wage for information security analysts is $92,600
11. You can choose where you live.
If you’re at all anxious about your work environment, cybersecurity is the job for you. Demand for cybersecurity professionals is currently so high that there is a shortage of qualified individuals to fill all the open positions. Consequently, there are cybersecurity jobs available all over the world.
There are even telecommute opportunities for individuals who prefer to work at home. While most organizations do prefer in-person contact with their cybersecurity team, there are plenty of positions available that give you the freedom to work from your home office.
Whether you like to travel or work remotely, cybersecurity is one of the most flexible, well-paying jobs open today.
Is Cybersecurity for You?
The pros of working in cybersecurity definitely outweigh the cons, with advantages in job security, annual salary, and freedom of location. Even so, the ultimate decision of whether or not a cybersecurity job is for you depends on your own preferences. These are just a few insights on what you should expect (and what may be expected of you) in a cybersecurity career. You can view our article on if cybersecurity is for you here.