Cybersecurity

What is Cybersecurity? An In-Depth Look at a Dynamic Industry

Table of Contents

  • [toc headings="h2,h3" title="Table of Contents"] Cybersecurity used to be the domain of IT professionals and other techies, but these days it's become something of a buzz word--and with good reason. The more data is available online, the more organizations need software and tools to prevent malicious attackers from gaining access to protected networks and information. With more businesses across sectors offering customers mobile applications and using cloud-based storage and communication, the demand for cybersecurity talent is greater than ever before in history. Of course, as with many buzzwords, a lot of people who talk about cybersecurity don't fully understand the variety of threats and protection systems that are included under this broad umbrella term. In today's virtual world, data security isn’t just something businesses can leave to their IT team. People in all roles can benefit from understanding the common vulnerabilities that hackers exploit and the best ways to prevent attacks and data breaches.

  • Cybersecurity defined

  • Also called computer security or information security, cybersecurity is basically the set of techniques and tools used to protect devices, networks, and digitally stored information from being accessed, stolen, or corrupted. The broader cybersecurity industry also includes people who respond after a cyber attack happens, like digital forensics investigators who catch cybercriminals or recovery experts that work with the victim of a data breach or attack. While cybersecurity and information security are terms used interchangeably by many, others see a distinct difference between them. CompTIA Chief Technology Evangelist James Stanger says that cybersecurity is focused on protecting electronic assets used to store and transmit information, including internet, WAN, and LAN resources. Furthermore, he says, it "tends to focus on how malicious actors use these resources to attack information." Information security, on the other hand, centers the security of the data, not necessarily the methods used to gain unauthorized access to it. Part of the trouble with clearly defining cybersecurity is the fact that it's a relatively young field that is in a constant state of change and evolution. That said, it's an older discipline than many people realize. Cybersecurity got its start in the 1970s, when email inventor Ray Tomlinson wrote the first antivirus software, a program called Reaper that moved on the ARPANET network. Early commercial antivirus software was developed in the 1980s, but it wasn't until the internet became publicly available in the 1990s that the world had a need for large-scale data protection systems. As criminals saw the revenue potential of the personal information available online, the average consumer recognized the need for technology like firewalls, encryption, and programs to prevent viruses from infiltrating drives and networks.

  • Types of cybersecurity

  • Today, there are a variety of ways hackers can access systems remotely, and each of these threats requires its own security solutions to mitigate that risk. Generally speaking, these solutions can be sorted into five distinct categories: critical infrastructure security, application security, network security, cloud security, and Internet of Things (IoT) security. Let's take a closer look at each.

  • Critical infrastructure security

  • The Cybersecurity & Infrastructure Security Agency (CISA) defines critical infrastructure as hardware, software, or other technology assets that are so vital that "their incapacity or destruction would have a debilitating impact." For the U.S. government, the Department of Homeland Security has identified 16 critical infrastructure sectors, including energy, communication, transportation, and food and agriculture. The systems that defend these life-sustaining core systems need to be iron-clad, which can be a challenge considering that many are legacy systems, often developed and in operation since well before the internet age. This makes critical infrastructure security a top priority in today's landscape, as government agencies look for ways to update their defenses to the needs of today's security environment.

  • Application security

  • This area of cybersecurity focuses on preventing attacks on individual software programs and creating security features within applications to eliminate vulnerabilities. It can be aimed at preventing code within the program from being stolen or hijacked or focused on the security of end user data. Similarly, it applies to every step of the application lifestyle, from initial development and testing through deployment, use, and updates. Normally, this type of security is integrated into the software, either from its initial release or added as part of a later firmware update. It can also include external processes or hardware, such as a router that prevents others from viewing a device's IP address.

  • Network security

  • Network security includes all of the hardware, software, and policies used to protect a network infrastructure from unauthorized access and the theft, misuse, or corruption of the network that could result from it. This is one of the most visible and well-known aspects of cybersecurity for most people, including things like firewalls, intrusion prevention systems (IPSs), and virtual private networks (VPNs). It also includes company policies and best practices for the authorized users of a given network, such as a business requiring two-factor authentication for employees signing into company systems.

  • Cloud security

  • Also called cloud computing security, this is an area of cybersecurity that has grown over the last decade as more people and businesses turn to virtual storage systems for their files and data. In the past, the majority of people and organizations used physical, on-site drives to store information or run software and applications. Shifting into a cloud-based platform allows data and systems to be accessed remotely. This is useful for distributed workers and remote collaboration but also opens up new pathways for malicious interlopers to access proprietary systems or sensitive data. The main challenge in cloud security is how to balance flexibility and functionality with security, giving unimpeded access to the people who should have it while keeping out those who shouldn't.

  • Internet of things security

  • The Internet of Things is an umbrella term for the myriad of physical objects and devices that can be linked to a network. Anything that's touted as "smart" is likely part of the IoT, from smart bulbs and thermostats to kitchen appliances and home theater equipment that can be controlled through a partner app or voice control system. Wearable devices like fitness trackers, smart glasses, and medical monitors are another growing segment of the Internet of Things. The primary goal of IoT security is to maintain the privacy of these devices and protect the confidentiality of users and their data. It also aims to prevent unauthorized users from hijacking or disrupting operation of devices. The broad (and growing) scope of the IoT makes this a particularly dynamic aspect of the cybersecurity industry.

  • Common cybersecurity threats

  • What kinds of things do cybersecurity professionals protect against? The answer to that question is always changing as technology evolves, but there are a few common methods that hackers and bad actors use to infiltrate a company's systems. Many people are familiar with these terms but may not be completely clear on the differences between them. Let's take a look at some of the most common threats to a device, network, or system today.

  • Malware

  • Also known as malicious software or malicious code, malware is a program that an attacker inserts into computer systems without the knowledge of the business or owner. Once installed, these programs can damage the files or computer system, or may grant the attacker access to confidential data or proprietary systems, disrupting the integrity or security of that information.

  • Spyware

  • A specific category of malware, spyware is installed on systems to track users' activity and gather confidential information undetected. It's often used to collect credit card information, passwords, or financial records, and may be the first step in identity theft or other forms of fraud. Spyware is often specifically designed to avoid detection, making it a difficult threat to identify and eliminate.

  • Ransomware

  • Another niche category of malware, ransomware programs take control of a device or network then encrypts files to limit the original user from accessing them. The hacker then demands a ransom, usually money paid via an online transfer service, to restore access to the hardware or system they're holding hostage.

  • Worms

  • Worms are a particularly destructive form of malware. Once installed, these programs can run on their own without needing to be triggered or activated by a user, though they're often initially delivered using social engineering via an email or messaging attachment. They also self-propagate, meaning they create a new version of the program that can infect other hosts across a network, and may consume resources on devices they've infected, leading to data loss. This combination of features makes them one of the most potentially serious attacks for businesses, as well as one of the most difficult to recover from.

  • Phishing attacks

  • Phishing is a type of social engineering that relies on human psychology and reactions to access sensitive information. In these cases, a cyber criminal impersonates a trustworthy business or individual, directing the recipient to send personal information or enter it into a false website. These attacks could be directed at individuals, or at the employees of a business.

  • Distributed Denial of Service (DDoS)

  • Where the above types of attack can be directed at organizations or individuals, DDoS attacks are specific to businesses and services. The attackers use networks of computers infected by malware, known as botnets, to overwhelm an online service or website with traffic. This slows its response and could cause the site to crash entirely. Often, this is done as a distraction from another type of fraud or cyberattack being made against the business.

  • Cybersecurity training and education

  • Cybersecurity degrees are offered at the associate's, bachelor's, and master's level. Most security professionals start their career with a bachelor's degree, though a master's can be an advantage for anyone interested in upper-level leadership and management roles within cybersecurity. While many schools do offer a specific Cybersecurity program, there are other degree courses that will give students the skills they need to identify and defend against security risks. Some of the most common are computer science, computer programming, database management, network administration, cloud computing, or information technology management. There are also degree programs available in computer forensics, for those interested in investigating cyber crimes and criminals. In addition to university degree programs, there are several professional organizations that offer cybersecurity certifications. The International Information System Security Certification Consortium (ISC2) is the leading professional organization for the cybersecurity industry, and offers the popular Certified Information Systems Security Professional (CISSP) course. They also offer training in other specific areas of the security industry, like CCSP certification for cloud security and SSCP certification for security administration and operations. Another organization that certifies cybersecurity professionals is the Computing Technology Industry Association (CompTIA). They offer four core-level certificates (IT Fundamentals, A+, Network+, and Security+) as well as three advanced cybersecurity certificates (CySA+, CASP+, and PenTest+). For those interested in penetration testing or ethical hacking, EC-Council offers multiple levels of their Certified Ethical Hacker (CEH) program for professionals at various stages of their careers. Many cybersecurity workers will start off with a Bachelor's degree then obtain certifications later on in their career to strengthen their knowledge in a specific area. Certificates are also an easy way for professionals to stay current with the industry's trends and best practices as they change. Like all technology-related fields, cybersecurity is constantly evolving as cybercriminals think up new ways to attack systems and businesses find new ways to stop them. ISC2 and CompTIA require recertification every three years to encourage professionals to stay up-to-date on their industry knowledge.

  • Careers in cybersecurity

  • What can you do with a degree in cybersecurity? The truth is, there are a lot of options. Both public sector companies and government agencies can be victims of cyberattacks, and hire professionals to defend against them. While there are a range of career paths and jobs available in the field, the examples below are some of the most common.

  • Information security analyst

  • Average salary: $68,000 per year Typical education: Bachelor's degree, CompTIA Security+ Security analysts spend the majority of their time monitoring networks for attacks or data breaches. When there is an incident, they also help with the investigation, documentation, reporting, and other aspects of disaster recovery. Larger organizations will often employ several individuals in this position, who work under the guidance of a senior analyst or IT manager. While this is considered an entry-level position, most analysts get experience in the broader IT world first, often as a network or systems administrator.

  • Penetration tester

  • Average salary: $63,000 per year Typical education: Bachelor's degree, CEH, CompTIA PenTest+ This role is also known as ethical hacking, which gives a good summary of what the role entails. These professionals use the same strategies and tools as malicious hackers to identify security vulnerabilities. This allows organizations to shore up their network security and reduce the risk of a breach in the future. Larger companies may include penetration testers on their in-house IT team. Ethical hackers also frequently work for security consulting firms or as freelancers. Since penetration testers need to have in-depth knowledge of operating systems, networks, and the methods and products used to breach them, companies usually look for someone with several years of hands-on experience.

  • IT auditor

  • Average salary: $86,000 per year Typical education: Bachelor's degree, CIA/CISA certification The role of IT auditor is similar to that of a security analyst, but with aspects of a penetration tester, too. Its main focus is conducting audits on an organization's entire technology architecture to ensure it's secure, efficient, and in compliance with industry standards. IT auditors may be part of a larger organization's IT team, but are also commonly employed by independent security firms.

  • Security engineer

  • Average salary: $92,000 per year Typical education: Bachelor's degree, CISSP/CCSP certification Security engineer is one of the more common mid-level roles in the cybersecurity career path. Professionals interested in the programming, testing, and implementation side of security will often move into this role after spending a few years as an information security analyst or IT auditor, and it uses many of the same skills. Engineers are primarily focused on designing security measures like firewalls and detection systems. They may also be responsible for recommending or developing security enhancements, testing new security systems, or leading incident response and disaster recovery teams.

  • Application security specialist

  • Average salary: $105,000 per year Typical education: Bachelor's degree, CASE certification People today use apps for just about everything. Mobile applications are an appealing target for many hackers, and often require a different security approach than a company's internal systems and network. Because of this, engineers and analysts who specialize in app security are increasingly in demand. In terms of skills and responsibilities, they're similar to those of a security engineer. This can mean designing security for cloud-based or mobile applications, monitoring and reporting on these systems, or investigating and improving them in the event of an attack.

  • Security architect

  • Average salary: $128,000 per year Typical education: Master's degree, CISM/CISSP certification Security architects are the ones who build and implement security systems, processes, and procedures. This is normally a senior role that oversees a team of analysts and engineers, requiring a combination of hard technical skills and soft skills like organization and communication. Security architects need to understand cybersecurity at both the micro and the macro level. They're often responsible for developing an organization's overarching security strategy, in addition to the practical work of implementing and maintaining those systems. The day-to-day work of the role will depend largely on the needs of the business, and could include planning and installing security technologies, updating existing software and systems, conducting penetration or vulnerability tests, or investigating incidents.

  • Chief information security officer (CISO)

  • Average salary: $233,000 per year Typical education: Master's degree, CCISO certification CISO is the top rung on the cybersecurity career ladder. They serve as the voice of the security and IT departments on a company's executive team, as well as overseeing the security needs and infrastructure of the entire organization. This is an increasingly common position within corporations, and is similar to other c-level roles like chief technology officer (CTO) and chief information officer (CIO). Success in this role requires a combination of skills and knowledge. Along with extensive hands-on, up-to-date knowledge of security systems and best practices, they need to understand how the business as a whole operates and the role information security plays in that bigger picture. Risk analysis is another crucial skill for CISOs since they're the ones planning and designing all of the business' defenses.

  • Digital forensic examiner

  • Average salary: $62,000 per year Typical education: Bachelor's degree, GIAC Certified Forensic Analyst You can think of this role like the CSI team for cyber incidents. Forensic examiners collect data and evidence from compromised computers, drives, and networks to discover how the attacker breached the system. They may also work with law enforcement, or as part of law enforcement teams, to identify the perpetrator and prepare a case for criminal charges. Someone who enjoys puzzles, has a sharp eye for detail, and excels at creative problem solving will be ideally suited for this role.

  • Cryptographer

  • Average salary: $74,000 per year Typical education: Bachelor's degree, ECES certification Another great role for puzzle lovers and creative problem solvers, cryptographers create encryption algorithms, ciphers, and similar measures to secure information being exchanged over the internet. They use the same basic principles that have been employed by military organizations for centuries, and in fact many cryptographers today are employed by government agencies like the U.S. military. Public sector businesses may hire cryptographers, too, especially those in the healthcare or financial sectors that need to protect highly sensitive customer information.

  • The future of cybersecurity

  • The fast-changing nature of cybersecurity is one of the main consistent challenges for both the professionals who protect systems and the businesses that rely on them to keep their systems and data secure. As technology like artificial intelligence and virtual reality become more widely used, cybercriminals will no doubt find new ways to exploit them for nefarious gain, at the same time that industry experts find better defenses against them. While it's impossible to predict exactly what cybersecurity will look like in ten years, one thing is certain: data, network, and device security will continue to be an in-demand skill set well into the future.

Cybersecurity used to be the domain of IT professionals and other techies, but these days it’s become something of a buzz word–and with good reason. The more data is available online, the more organizations need software and tools to prevent malicious attackers from gaining access to protected networks and information. With more businesses across sectors offering customers mobile applications and using cloud-based storage and communication, the demand for cybersecurity talent is greater than ever before in history.

Of course, as with many buzzwords, a lot of people who talk about cybersecurity don’t fully understand the variety of threats and protection systems that are included under this broad umbrella term. In today’s virtual world, data security isn’t just something businesses can leave to their IT team. People in all roles can benefit from understanding the common vulnerabilities that hackers exploit and the best ways to prevent attacks and data breaches.

Cybersecurity defined

Also called computer security or information security, cybersecurity is basically the set of techniques and tools used to protect devices, networks, and digitally stored information from being accessed, stolen, or corrupted. The broader cybersecurity industry also includes people who respond after a cyber attack happens, like digital forensics investigators who catch cybercriminals or recovery experts that work with the victim of a data breach or attack.

While cybersecurity and information security are terms used interchangeably by many, others see a distinct difference between them. CompTIA Chief Technology Evangelist James Stanger says that cybersecurity is focused on protecting electronic assets used to store and transmit information, including internet, WAN, and LAN resources. Furthermore, he says, it “tends to focus on how malicious actors use these resources to attack information.” Information security, on the other hand, centers the security of the data, not necessarily the methods used to gain unauthorized access to it.

Part of the trouble with clearly defining cybersecurity is the fact that it’s a relatively young field that is in a constant state of change and evolution. That said, it’s an older discipline than many people realize. Cybersecurity got its start in the 1970s, when email inventor Ray Tomlinson wrote the first antivirus software, a program called Reaper that moved on the ARPANET network. Early commercial antivirus software was developed in the 1980s, but it wasn’t until the internet became publicly available in the 1990s that the world had a need for large-scale data protection systems. As criminals saw the revenue potential of the personal information available online, the average consumer recognized the need for technology like firewalls, encryption, and programs to prevent viruses from infiltrating drives and networks.

Types of cybersecurity

Today, there are a variety of ways hackers can access systems remotely, and each of these threats requires its own security solutions to mitigate that risk. Generally speaking, these solutions can be sorted into five distinct categories: critical infrastructure security, application security, network security, cloud security, and Internet of Things (IoT) security. Let’s take a closer look at each.

Critical infrastructure security

The Cybersecurity & Infrastructure Security Agency (CISA) defines critical infrastructure as hardware, software, or other technology assets that are so vital that “their incapacity or destruction would have a debilitating impact.” For the U.S. government, the Department of Homeland Security has identified 16 critical infrastructure sectors, including energy, communication, transportation, and food and agriculture. The systems that defend these life-sustaining core systems need to be iron-clad, which can be a challenge considering that many are legacy systems, often developed and in operation since well before the internet age. This makes critical infrastructure security a top priority in today’s landscape, as government agencies look for ways to update their defenses to the needs of today’s security environment.

Application security

This area of cybersecurity focuses on preventing attacks on individual software programs and creating security features within applications to eliminate vulnerabilities. It can be aimed at preventing code within the program from being stolen or hijacked or focused on the security of end user data. Similarly, it applies to every step of the application lifestyle, from initial development and testing through deployment, use, and updates. Normally, this type of security is integrated into the software, either from its initial release or added as part of a later firmware update. It can also include external processes or hardware, such as a router that prevents others from viewing a device’s IP address.

Network security

Network security includes all of the hardware, software, and policies used to protect a network infrastructure from unauthorized access and the theft, misuse, or corruption of the network that could result from it. This is one of the most visible and well-known aspects of cybersecurity for most people, including things like firewalls, intrusion prevention systems (IPSs), and virtual private networks (VPNs). It also includes company policies and best practices for the authorized users of a given network, such as a business requiring two-factor authentication for employees signing into company systems.

Cloud security

Also called cloud computing security, this is an area of cybersecurity that has grown over the last decade as more people and businesses turn to virtual storage systems for their files and data. In the past, the majority of people and organizations used physical, on-site drives to store information or run software and applications. Shifting into a cloud-based platform allows data and systems to be accessed remotely. This is useful for distributed workers and remote collaboration but also opens up new pathways for malicious interlopers to access proprietary systems or sensitive data. The main challenge in cloud security is how to balance flexibility and functionality with security, giving unimpeded access to the people who should have it while keeping out those who shouldn’t.

Internet of things security

The Internet of Things is an umbrella term for the myriad of physical objects and devices that can be linked to a network. Anything that’s touted as “smart” is likely part of the IoT, from smart bulbs and thermostats to kitchen appliances and home theater equipment that can be controlled through a partner app or voice control system. Wearable devices like fitness trackers, smart glasses, and medical monitors are another growing segment of the Internet of Things. The primary goal of IoT security is to maintain the privacy of these devices and protect the confidentiality of users and their data. It also aims to prevent unauthorized users from hijacking or disrupting operation of devices. The broad (and growing) scope of the IoT makes this a particularly dynamic aspect of the cybersecurity industry.

Common cybersecurity threats

What kinds of things do cybersecurity professionals protect against? The answer to that question is always changing as technology evolves, but there are a few common methods that hackers and bad actors use to infiltrate a company’s systems. Many people are familiar with these terms but may not be completely clear on the differences between them. Let’s take a look at some of the most common threats to a device, network, or system today.

Malware

Also known as malicious software or malicious code, malware is a program that an attacker inserts into computer systems without the knowledge of the business or owner. Once installed, these programs can damage the files or computer system, or may grant the attacker access to confidential data or proprietary systems, disrupting the integrity or security of that information.

Spyware

A specific category of malware, spyware is installed on systems to track users’ activity and gather confidential information undetected. It’s often used to collect credit card information, passwords, or financial records, and may be the first step in identity theft or other forms of fraud. Spyware is often specifically designed to avoid detection, making it a difficult threat to identify and eliminate.

Ransomware

Another niche category of malware, ransomware programs take control of a device or network then encrypts files to limit the original user from accessing them. The hacker then demands a ransom, usually money paid via an online transfer service, to restore access to the hardware or system they’re holding hostage.

Worms

Worms are a particularly destructive form of malware. Once installed, these programs can run on their own without needing to be triggered or activated by a user, though they’re often initially delivered using social engineering via an email or messaging attachment. They also self-propagate, meaning they create a new version of the program that can infect other hosts across a network, and may consume resources on devices they’ve infected, leading to data loss. This combination of features makes them one of the most potentially serious attacks for businesses, as well as one of the most difficult to recover from.

Phishing attacks

Phishing is a type of social engineering that relies on human psychology and reactions to access sensitive information. In these cases, a cyber criminal impersonates a trustworthy business or individual, directing the recipient to send personal information or enter it into a false website. These attacks could be directed at individuals, or at the employees of a business.

Distributed Denial of Service (DDoS)

Where the above types of attack can be directed at organizations or individuals, DDoS attacks are specific to businesses and services. The attackers use networks of computers infected by malware, known as botnets, to overwhelm an online service or website with traffic. This slows its response and could cause the site to crash entirely. Often, this is done as a distraction from another type of fraud or cyberattack being made against the business.

Cybersecurity training and education

Cybersecurity degrees are offered at the associate’s, bachelor’s, and master’s level. Most security professionals start their career with a bachelor’s degree, though a master’s can be an advantage for anyone interested in upper-level leadership and management roles within cybersecurity.

While many schools do offer a specific Cybersecurity program, there are other degree courses that will give students the skills they need to identify and defend against security risks. Some of the most common are computer science, computer programming, database management, network administration, cloud computing, or information technology management. There are also degree programs available in computer forensics, for those interested in investigating cyber crimes and criminals.

In addition to university degree programs, there are several professional organizations that offer cybersecurity certifications. The International Information System Security Certification Consortium (ISC2) is the leading professional organization for the cybersecurity industry, and offers the popular Certified Information Systems Security Professional (CISSP) course. They also offer training in other specific areas of the security industry, like CCSP certification for cloud security and SSCP certification for security administration and operations.

Another organization that certifies cybersecurity professionals is the Computing Technology Industry Association (CompTIA). They offer four core-level certificates (IT Fundamentals, A+, Network+, and Security+) as well as three advanced cybersecurity certificates (CySA+, CASP+, and PenTest+). For those interested in penetration testing or ethical hacking, EC-Council offers multiple levels of their Certified Ethical Hacker (CEH) program for professionals at various stages of their careers.

Many cybersecurity workers will start off with a Bachelor’s degree then obtain certifications later on in their career to strengthen their knowledge in a specific area. Certificates are also an easy way for professionals to stay current with the industry’s trends and best practices as they change. Like all technology-related fields, cybersecurity is constantly evolving as cybercriminals think up new ways to attack systems and businesses find new ways to stop them. ISC2 and CompTIA require recertification every three years to encourage professionals to stay up-to-date on their industry knowledge.

Careers in cybersecurity

What can you do with a degree in cybersecurity? The truth is, there are a lot of options. Both public sector companies and government agencies can be victims of cyberattacks, and hire professionals to defend against them. While there are a range of career paths and jobs available in the field, the examples below are some of the most common.

Information security analyst

Average salary: $68,000 per year

Typical education: Bachelor’s degree, CompTIA Security+

Security analysts spend the majority of their time monitoring networks for attacks or data breaches. When there is an incident, they also help with the investigation, documentation, reporting, and other aspects of disaster recovery. Larger organizations will often employ several individuals in this position, who work under the guidance of a senior analyst or IT manager. While this is considered an entry-level position, most analysts get experience in the broader IT world first, often as a network or systems administrator.

Penetration tester

Average salary: $63,000 per year

Typical education: Bachelor’s degree, CEH, CompTIA PenTest+

This role is also known as ethical hacking, which gives a good summary of what the role entails. These professionals use the same strategies and tools as malicious hackers to identify security vulnerabilities. This allows organizations to shore up their network security and reduce the risk of a breach in the future. Larger companies may include penetration testers on their in-house IT team. Ethical hackers also frequently work for security consulting firms or as freelancers. Since penetration testers need to have in-depth knowledge of operating systems, networks, and the methods and products used to breach them, companies usually look for someone with several years of hands-on experience.

IT auditor

Average salary: $86,000 per year

Typical education: Bachelor’s degree, CIA/CISA certification

The role of IT auditor is similar to that of a security analyst, but with aspects of a penetration tester, too. Its main focus is conducting audits on an organization’s entire technology architecture to ensure it’s secure, efficient, and in compliance with industry standards. IT auditors may be part of a larger organization’s IT team, but are also commonly employed by independent security firms.

Security engineer

Average salary: $92,000 per year

Typical education: Bachelor’s degree, CISSP/CCSP certification

Security engineer is one of the more common mid-level roles in the cybersecurity career path. Professionals interested in the programming, testing, and implementation side of security will often move into this role after spending a few years as an information security analyst or IT auditor, and it uses many of the same skills. Engineers are primarily focused on designing security measures like firewalls and detection systems. They may also be responsible for recommending or developing security enhancements, testing new security systems, or leading incident response and disaster recovery teams.

Application security specialist

Average salary: $105,000 per year

Typical education: Bachelor’s degree, CASE certification

People today use apps for just about everything. Mobile applications are an appealing target for many hackers, and often require a different security approach than a company’s internal systems and network. Because of this, engineers and analysts who specialize in app security are increasingly in demand. In terms of skills and responsibilities, they’re similar to those of a security engineer. This can mean designing security for cloud-based or mobile applications, monitoring and reporting on these systems, or investigating and improving them in the event of an attack.

Security architect

Average salary: $128,000 per year

Typical education: Master’s degree, CISM/CISSP certification

Security architects are the ones who build and implement security systems, processes, and procedures. This is normally a senior role that oversees a team of analysts and engineers, requiring a combination of hard technical skills and soft skills like organization and communication. Security architects need to understand cybersecurity at both the micro and the macro level. They’re often responsible for developing an organization’s overarching security strategy, in addition to the practical work of implementing and maintaining those systems. The day-to-day work of the role will depend largely on the needs of the business, and could include planning and installing security technologies, updating existing software and systems, conducting penetration or vulnerability tests, or investigating incidents.

Chief information security officer (CISO)

Average salary: $233,000 per year

Typical education: Master’s degree, CCISO certification

CISO is the top rung on the cybersecurity career ladder. They serve as the voice of the security and IT departments on a company’s executive team, as well as overseeing the security needs and infrastructure of the entire organization. This is an increasingly common position within corporations, and is similar to other c-level roles like chief technology officer (CTO) and chief information officer (CIO). Success in this role requires a combination of skills and knowledge. Along with extensive hands-on, up-to-date knowledge of security systems and best practices, they need to understand how the business as a whole operates and the role information security plays in that bigger picture. Risk analysis is another crucial skill for CISOs since they’re the ones planning and designing all of the business’ defenses.

Digital forensic examiner

Average salary: $62,000 per year

Typical education: Bachelor’s degree, GIAC Certified Forensic Analyst

You can think of this role like the CSI team for cyber incidents. Forensic examiners collect data and evidence from compromised computers, drives, and networks to discover how the attacker breached the system. They may also work with law enforcement, or as part of law enforcement teams, to identify the perpetrator and prepare a case for criminal charges. Someone who enjoys puzzles, has a sharp eye for detail, and excels at creative problem solving will be ideally suited for this role.

Cryptographer

Average salary: $74,000 per year

Typical education: Bachelor’s degree, ECES certification

Another great role for puzzle lovers and creative problem solvers, cryptographers create encryption algorithms, ciphers, and similar measures to secure information being exchanged over the internet. They use the same basic principles that have been employed by military organizations for centuries, and in fact many cryptographers today are employed by government agencies like the U.S. military. Public sector businesses may hire cryptographers, too, especially those in the healthcare or financial sectors that need to protect highly sensitive customer information.

The future of cybersecurity

The fast-changing nature of cybersecurity is one of the main consistent challenges for both the professionals who protect systems and the businesses that rely on them to keep their systems and data secure. As technology like artificial intelligence and virtual reality become more widely used, cybercriminals will no doubt find new ways to exploit them for nefarious gain, at the same time that industry experts find better defenses against them. While it’s impossible to predict exactly what cybersecurity will look like in ten years, one thing is certain: data, network, and device security will continue to be an in-demand skill set well into the future.