The migration of an ever-increasing amount of commerce and other activity to online has resulted in unprecedented convenience and efficiency. Unfortunately, these advances are not without their dangers. The online environment is rife with bad actors looking to access information for profit and/or mischief. 2020 saw destructive cyber attacks launched against:
That’s just the tip of the iceberg. Innumerable other attacks occurred, including many that were never reported. Online is not exactly the Wild West, but there are definitely too many cyber-miscreants for comfort.
The computing world takes on these wrongdoers through cyber security measures. Think of cyber security professionals as the internet’s police—albeit police who typically hold advanced degrees and have an extraordinary familiarity with hacking practices. It’s a field with high demand: according to the (ISC)2, the global job market had a shortfall of 3 million qualified professionals for available cyber security jobs in 2022. One of those could be yours.
In this article, we discuss how to become a cyber security professional and the 11 best careers in cyber security. It addresses:
The term cyber security describes all measures taken to defend computer networks from malicious attacks, typically launched online. Hackers and other intruders may seek to access a computer network to access users’ identification information, financial information, and corporate and proprietary confidential information. Or they may seek to inflict harm by introducing a virus, Trojan horse, malware, or worm to infect and perhaps disable a computer system. Cyber security professionals police computer networks to prevent this malicious activity.
The tools of cyber security include:
In its 2022 Cybersecurity Workforce Study, (ISC) estimates the size of the the global cyber security workforce at 4.7 million. It also indicates that the current workforce is 3.4 million workers short. That’s over 3 million positions waiting to be filled by qualified cyber security experts (nearly half a million of them in North America alone). (
According to the Bureau of Labor Statistics, top-paying employers in cyber security analytics include those in:
- Information services: $149,500
- Securities, commodity contracts, and other financial instruments: $142,000
- Research and development in the physical, engineering, and life sciences: $129,000
- Scientific research and development services: $128,500
- Software publishers: $126,000
- Publishing: $125,700
The average salaries of professionals with a Master's degree are between $91,000 and $109,000, respectively. About half of all professionals in this field hold a graduate degree. ( )
|University and Program Name||Learn More|
A master’s degree in cyber security is an advanced degree for computing professionals who specialize—or want to specialize—in computer security (or, more precisely, online security). Some programs offer a Master of Science in Cyber Security; others offer similar degrees under different names, such as:
Programs’ admissions requirements vary. Some only consider candidates with professional cyber security experience. Others may insist that applicants have a bachelor’s degree in cyber security or a related field. Some require nothing more than an interest in cyber security and an aptitude for computer programming.
“Bug bounty hunter” is indisputably the coolest job title in the cyber security world. It’s also elegantly descriptive: in this role you do, indeed, hunt for bugs in computer systems. When you find them, companies and other institutions may pay you a bounty in return for identifying their security vulnerability.
White-hat programs post the bounties; then it’s off to the races for bug bounty hunters to be the first to report system weaknesses. A number of big companies, including Apple, Oracle, PayPal, and LinkedIn have bought in. Apple had paid out more than $20 million in such bounties, including individual bounties as high as $250,000.
You don’t need an advanced degree to do this work, obviously, although you do need highly advanced hacking skills. Like all bounty hunters, you’ll only get paid if you bring in your quarry, so this isn’t the most reliable paycheck out there. Still, if you enjoy working on your own and want to hack without risking prison time, this isn’t a bad way to make a living.
Chief information security officer (CISO) is a c-suite job, with responsibilities and compensation to match. This is a relatively new executive position necessitated by businesses’ and institutions’ ever-increasing reliance on online processes. With practically all critical information digitized—much of it stored in the cloud—information security protocols must be a persistent top priority for any institution.
The CISO oversees all operations that predict, identify, and protect against data breaches. Their responsibilities include:
CISO is a top-level position in information security, requiring many years of experience peppered with impressive accomplishments. Most cyber security professionals will never serve in this role, and some who do wish they hadn’t—the responsibilities and constant barrage of critical threats make this job extremely stressful. If you reach this pinnacle, you’ll likely be very well compensated: according to ZipRecruiter, CISOs earn an average salary of nearly $162,500, plus bonuses and other incentive-based compensation. Salary.com sets the median salary even higher, at $235,500, with another $50,000 in incentives.
You don’t need a PhD in cyber security or computer science to hold this job—some CISOs reach this position without even a master’s degree, in fact. They’re the exceptions, however; most CISOs have an advanced degree in a computer- or cyber security-related field.
Computer and information systems managers lead the IT department. To fulfill this role and manage this team effectively, a CIS manager must be a master of:
Additionally, CIS managers help formulate, and then implement and enforce, a company’s computing and networking security policies, procedures, and systems. When an organization launches major system upgrades or performs large-scale system maintenance, the CIS manager oversees them.
A CIS manager needs both computing and soft skills because they must serve as both technical experts and personnel managers. Eliciting maximum performance from the IT team is every bit as critical for a CIS manager as properly installing an operating system or optimizing system memory usage.
While cyber security is not a CIS manager’s sole responsibility, it is certainly one of their most critical domains. A CIS manager may hold a master’s in cyber security, computer science, information systems, or even business administration (MBA, with a concentration in information systems). According to the United States Bureau of Labor Statistics, CIS managers earn $158,000 per year on average.
Computer and network security infrastructures don’t just happen, nor do they spring fully formed out of the box. Every institution has unique cyber security needs and challenges. A cyber security architect studies those needs and challenges, then designs, tests, builds, installs, and maintains the appropriate security system.
Because security systems must be tailored to a company’s or organization’s needs, a cyber security architect must understand up-to-the-minute security protocols and the diverse functions of the business they serve. A good cyber security architect approaches the security systems they build like an expert hacker, endlessly testing for vulnerabilities to exploit so they can patch the system.
A master’s in cyber security is the preferred degree for cyber security architects. Some employers may prefer to hand this role to a PhD. PayScale sets the average cyber security architect salary at $134,500 per year, with incentives adding another $6,000 to $60,000.
If you are looking for a career that affords greater flexibility in terms of hours and assignment options, becoming a cyber security consultant may be the job for you. Cyber security consultants—sometimes called cyber security analysts—typically work as contract employees, meaning they choose when they work and for whom.
Companies and institutions hire cyber security consultants to test their security systems for weaknesses. A consultant may be asked to launch a cyber attack on a system, defend the system against hacks, or both. This cyber security position can take on an almost game-like aspect; every day, you’ll do battle on a new battlefield. For those who crave variety, it’s a good fit.
Know, however, that contract work can be challenging. It requires some degree of salesmanship—you have to find and bid for jobs, then convince employers that you’re the best choice. You may be able to offload that work to an agency, but you’ll forfeit a good measure of your independence in the process. You can do this job with just a bachelor’s and some boot camps, but you’ll be competing against a lot of folks with master’s degrees, whom many employers will favor. Cyber security consultants earn over $116,000 per year, according to ZipRecruiter.
The bigger the company or institution, the larger the team devoted exclusively to maintaining cyber security. When teams grow large enough, they need a leader. Enter the cyber security director. If the idea of overseeing big picture planning and managing cyber security technicians appeals to you, this may be the job for you.
Most employers expect candidates for cyber security directorships to hold a master’s degree in cyber security or a related field. You may be able to win this role with a bachelor’s, additional specialized training, and an impressive professional record. Cyber security managers earn $145,000 annually on average, according to salary.com.
Many cyber security professionals devote their time to understanding, and protecting against, current and emerging computer security threats. However, some look farther afield, exploring what sort of threats may be possible in the future or pushing theory forward to create new opportunities for cyber security and cyber espionage. These are cyber security research scientists, and they typically hold a PhD in cyber security or a related field.
Because of the advanced nature of their work, you are likely to find cyber security research scientists at work for high-security government organizations such as the National Security Agency (CIA), the Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA). Banks and other large financial institutions also like to have these experts around, as do large online retailers. According to salary.com, cyber security researchers typically earn between $133,000 and $163,000 annually.
Academic jobs are notoriously difficult to come by, but for those who make the grade, the rewards are great. Teaching cyber security at the university level typically pays quite well. Our survey of state universities (many of which must publish faculty salaries because they are public institutions) found that assistant professors in this field can earn between $100,000 and $200,000 annually. Full professors earn between $200,000 and $300,000 per year. In many instances, these professors can generate additional income as consultants to private companies, government agencies, and other institutions. If you enjoy teaching and love campus life, there are few better ways to put your cyber security PhD to good use.
The computing security universe has its intersecting subdivisions. True aficionados can discourse at length between the distinctions among cyber security, network security, and information security. In practice, the dividing lines blur regularly. Cyber security experts can find a home in any of these three disciplines.
For the record, the term “cyber security” refers specifically to online security threats. “Network security” expands the playing field to include security threats from within a computer network; that disgruntled employee in the corner cubicle, for example. “Information security” is the broadest of the three categories: it even encompasses print materials, which people used before there were computers (many old people still prefer them!).
According to the US Bureau of Labor Statistics, information security analysts monitor networks for security gaps, oversee security software, conduct penetration tests, and recommend system enhancements. It’s a job you can get with a bachelor’s degree, it pays on average over $100,000 annually, and it provides an excellent stepping stone to higher-level cyber security opportunities. This is an excellent entry-level job from which to start your cyber security career.
Information technology (IT) director is an executive-level role; in many organizations, it ranks just below vice-president level. An IT director oversees the design, implementation, and maintenance of all technological components in a computer system: hardware, software, databases, routers, basically anything you plug in or upload. An IT director also manages the IT team, a responsibility that requires strong interpersonal skills.
IT security is an essential concern with any computer system, so a cyber security degree will qualify you for this role, as will a degree in computer science, information technology, or information systems. An MBA with a computing concentration should also earn you a look when applying for this job. According to Glassdoor, an IT director earns an average salary of $177,000.
Penetration testers are ethical hackers, cyber security professionals paid to attack computer systems. Penetration testing is pretty much the same work that bug bounty hunters do but under more conventional conditions. Penetration testers typically work under contract as consultants, although some large companies and government agencies hire full-time penetration testers.
An effective penetration tester can get inside the mindset of a criminal hacker. They need a highly developed coding skill set, a deep knowledge of computer security protocols, excellent problem-solving skills, and proficiency in communication to inform clients of their findings. According to PayScale, the average penetration tester earns about $91,000 per year.
Creating any software package is a mammoth endeavor,typically requiring a substantial team of programmers. Everyone on the team contributes their specialized talents. The team member responsible for ensuring the final product is not susceptible to cyber attacks is the security software engineer, sometimes called a secure software developer. ZipRecruiter reports an average salary of $139,000 for professionals in this role.
Questions or feedback? Email email@example.com