With a growing amount of sensitive information stored not just digitally but on networked systems as well—an increasing number of tools and appliances we rely on daily patch into the misleadingly benign-sounding Internet of Things (IoT)—our data and devices are more vulnerable than ever to cyber attacks.
These vulnerabilities do not go unexploited: attackers regularly target individuals or households with lax network security. In 2015, for example, a security researcher demonstrated how a hacker could use unsecured IoT-connected tea kettles to steal WiFi passwords. Other cyber criminals think bigger and act upon more nefarious motives.
In 2020, a Russian hacking campaign made headlines for its breadth and depth. The nine-month-long Sunburst hack created a backdoor in common network monitoring software that gave attackers access to everything from proprietary information to state secrets. The Pentagon, United States Treasury, Department of Homeland Security, and other federal agencies all fell victim. No one knows whether the Russian government is still lurking in federal networks.
Maybe this is all familiar because you already work in cyber security, and you're researching cyber security graduate programs because you want to join the ranks of management. In that case, this guide probably isn't for you. If, however, you're looking into cyber security schools or cyber security master's programs because you want to transition into this field, we can help—especially if your goal is to find your first cyber security job while you're still in school.
In this article about cyber security jobs for grad students, we cover:
Cyber security—sometimes called cybersec—is an increasingly broad branch of computer science encompassing fields like network security, risk management, ethical hacking, and even cyber espionage. Professionals in this space do more than keep devices and databases secure. According to the National Initiative for Cybersecurity Careers & Studies, cyber security encompasses dozens of specialty areas in over 50 career roles.
Cyber security professionals are responsible for things like:
There's more to cyber security than spy games, national security, penetration testing, and ethical hacking, but even on the corporate network security side, careers in this discipline are seldom dull.
Cyber security is an umbrella term covering all the processes, strategies, and technologies used to prevent, detect, and respond to attacks against digital data and computer systems. Common forms of cyber crime include phishing scams and digital identity theft, but most cyber security isn't concerned with attacks targeting individuals. The discipline exists to defend information systems, networks, and connected infrastructure.
The economic impact of cyber crime is staggering. Attacks cost the world $600 billion each year. Hundreds of thousands of digital records are destroyed every single day. Lives are ruined when hackers target individuals in blackmail schemes. Businesses are shuttered when online attacks are successful. And terrorists and enemies of the state can use networks to disrupt physical infrastructure. The Department of Homeland Security has warned that it's "a matter of time before a cybersecurity breach on an airline occurs."
The master's in cyber security is not one degree, but rather a category of graduate-level degrees including the Master of Science in Cyber Security as well as the:
The University of Tulsa explains the purpose of cybersecurity master's programs in its online master's in cyber security guide. Graduate IT security, infosec, and cybersec programs help students with bachelor's degrees "master the theory, concepts, and techniques of information assurance and network defense in real-world environments." Earning this degree can be the first step in a career transition for those with no tech or computer security experience or a way to advance into upper-level positions more quickly for those who work in the cybersecurity field.
There are two distinct types of cyber security master's degrees. Programs for students with little or even no work experience in computer science, information technology, or information systems are similar in scope to undergraduate cyber security programs but usually dive more deeply into foundational topics. Students in the University of Tulsa program, for example, take core classes and electives like:
Programs for students with relevant professional experience in cyber security, on the other hand, skip over foundational topics altogether and dive straight into subject matter related to:
There are compelling reasons to get a cyber security job in grad school instead of waiting until after graduation, even if it means taking an unpaid internship or entry-level position. First, you'll put what you're learning in the classroom into practice in the real-world. You can also boost your lifetime earning potential by joining the field sooner.
The most important reason to get a cybersec job in grad school is that you'll graduate with experience. Nearly half of the hiring managers surveyed for the 2018 (ISC)2 Cybersecurity Workforce Study reported that relevant experience is the top qualification they look for in job candidates—more important than knowledge of advanced cybersec concepts or industry certification.
There are a few ways you can get experience while pursuing a cyber security degree, even if you didn't work in cybersec before enrolling in a master's program.
Many Master of Science in Cyber Security programs build internships into the curriculum and help students find placements in the field. These internships are often unpaid, which can be vexing for students who've been in the working world for a few years.
Don't let that deter you from taking one, however—even if your program doesn't have an internship requirement. Think of your internship as free professional training that might lead to a post-graduation job offer. Multiple research studies have found students who complete internships are employed at higher rates than those who don't. They also have higher starting salaries.
Externships are relatively brief learning experiences that involve shadowing a cyber security professional for a few days or weeks. Most externs spend their time observing what it's like to work in a specific position or environment, though some do work on projects. You might not pick up as many skills during an externship, but you will make valuable connections leading to opportunities down the road.
You can also gain practical experience by serving as a Graduate Student Researcher (GSR) in your college or university's cybersecurity department. This is an especially good option if you're pursuing a full-time or part-time cyber security master's online or on-campus because you want to become a researcher. You'll work on studies and projects conducted by faculty members and investigators, and (most likely) get paid.
A practicum is usually a for-credit capstone course in which students demonstrate their skills and knowledge by either completing a semester-long research project or addressing a real-world cyber security problem for a company or organization. Master's degree candidates who have cyber security jobs can sometimes meet practicum requirements by tackling projects at their place of employment. Cyber security internship experience may also be applicable in a practicum project.
Don't assume you can't land an entry-level cyber security job because you're still pursuing your degree. Rod Rasmussen, VP of Cybersecurity at Infoblox, told Forbes that "just getting your basic credentialing and having at least some aptitude is sufficient to get an entry-level job." From there, he added, you can rise rapidly. Don't be afraid to start at the bottom because chances are you won't stay there very long and some entry-level cybersec positions pay more than $80,000.
Cyber security jobs run the gamut from simple and repetitive to complex and demanding. Most jobs open to grad students—especially those without much relevant experience—will fall into the former category. Your days will probably be spent responding to low-level threats, assessing system vulnerabilities, updating firewalls, or assisting with research, not tracking cyber terrorists, protecting the integrity of federal intelligence networks, or working as an ethical hacker.
If you already have technical skills—like computer programming, analytics, or network administration—do some research to figure out how those skills are used in cyber security. That, plus some self-study, may be all it takes to land an entry-level cybersec job while you're still pursuing your Master of Science in Cyber Security.
If you don't have a tech background, there are non-technical opportunities in cyber security that can help you break into the field. The cybersec industry needs writers, cyber policy analysts, legal experts, and project managers. Former law enforcement personnel are always in demand in cyber security. You can even break into cyber security via jobs in marketing and sales.
The average cyber security salary is probably about $90,000, though some sources claim it's closer to $110,000. Averages can't tell you much about what you'll earn in graduate school or after graduation, however, because they're typically calculated using self-reported data from experienced professionals in tech hubs like San Francisco and small IT contractors in Middle America.
You'll learn more about your future earning potential by looking at average salaries for specific cybersec roles (which we highlight below) and by researching how to earn more in cyber security. Having one or more cyber security certifications will give you a salary boost, as will having the most in-demand skills.
Cybersec jobs pay well and are relatively recession-proof. The problem is most people don't have the skills necessary to step into open positions. The demand for analysts and engineers keeps going up because cyber crime is on the rise, but there's a significant shortage of qualified cyber security professionals around the world. Consequently, this field isn't particularly competitive—especially when compared to fields like computer science. It's easy to get a job. Unemployment rates are low. And when the economy is in peril, employers put more value on security. It's telling that demand for qualified cyber security professionals soared during the coronavirus pandemic, even as unemployment rose unchecked.
It's relatively easy to break into cybersecurity if you have professional experience in one of the following fields:
If you don't have any relevant experience in the above areas to guide you, the first thing you'll need to do is identify your interests, aptitudes, and aspirations. Think about why you're interested in cyber security careers. Maybe you find digital forensics fascinating or want to create new weapons in the fight against malware. Maybe spending your days breaking into systems to expose vulnerabilities sounds good. This is a vast discipline, and there is no typical career trajectory in cyber security for three reasons:
You might start as a cyber security analyst before becoming a cyber security consultant and then advance into a cyber security engineer position. Or you might work in quality assurance before transitioning into penetration testing or becoming an incident responder. Ultimately, there's no blueprint for building a career in cyber security. You'll have to forge your own path after choosing a specialty area like:
Starting salaries in cybersec are relatively high—even for early-career professionals. The average entry-level salary in cyber security is about $73,000, and you'll probably earn about that much in roles like:
Experienced cybersecurity professionals can step into roles like:
High salaries and job security are the two big pros of working in cyber security. There are also some cons you should consider before jumping feet first into this and related fields. The way the media covers hacks like Sunburst can make it sound like cyber security jobs are full of high-speed chases across networks and espionage. However, most cyber security work is relatively mundane, and the day-to-day duties of analysts and security administrators may be anything but glamorous. The work can be routine. More of it involves mitigating human error than responding in real-time to attacks.
That doesn't make the work any less important, though. Human error and lax network security can cause problems that cost millions of dollars, invalidate research, and expose people's private information for all to see. Some sources predict automation will make cybersec professionals obsolete, but hackers will always find ways to break into and hobble automated systems as quickly as they're implemented. Vulnerabilities will still be caused by human error, and cyber attacks will still be fueled by human ingenuity. The cyber security workforce may eventually shrink, but it will never disappear because there will always be a need for people capable of identifying and responding to threats.
Questions or feedback? Email firstname.lastname@example.org