If you’re in the business of protecting data — and nearly all of today’s businesses are — you know how rapidly the world of data is growing. The already-massive cache of digital information increases at an annual rate of 60 percent, according to the World Economic Forum. With the advent of smart devices, the Internet of Things, artificial intelligence, and other bandwidth gobblers, that rate is only likely to increase in coming years.
So many facets of our lives exist online as bits and bytes of data traveling from computer to computer or from our phones to the cloud and back. Hackers grow more sophisticated each year; they know that this data is out there, and they are expert at finding new ways to get to it. Companies have a responsibility to protect and defend the personal data they collect from customers, but, as we have seen from recent newsworthy data breaches, this task is not always easy for business leaders. One major factor: the number of trained cyber security experts is not keeping pace with the growth of data in the world.
This is where a more sobering and frightening piece of data comes into play: in 2022, the worldwide cyber security workforce of 4.7 million was still over 3 million workers short of the number necessary to provide adequate security.
This is bad news for business, and bad news for customers who rely on businesses to protect their data. But it’s good news for you, if you’re interested in a/ cyber security career. Because if you do the work to become a trained expert in cyber security, your talents will be in high demand for years to come.
There are many cyber security roles within companies, from cyber security specialist to engineer to architect. But there are still thousands of companies that don’t have, can’t afford, or just can’t find an in-house cyber security expert. This is where consultants come in.
A cyber/ security consultant may work for a firm or act as a self-employed contractor. A consultant does not hold a full-time job performing cyber security tasks for a particular company, but rather advises and works with many companies. This puts the consultant in a powerful position, because when need far outweighs talent, well-respected consultants have their pick of clients.
The career path of a cyber security consultant is similar to that of any other cyber security professional in some ways, but diverges in others. There is no “entry level” cyber security consultant role; in order to work as an in-demand consultant, you’ll need training, education, and years of experience. In fact, a consultancy can be seen as the pinnacle of a cyber security career — a role in which you choose your clients, name your prices, and determine your own hours.
If you’re already a cyber security professional, you may be ready to branch out into contract work. If you’re new to the field, you may have a long road ahead of you. Don’t let that discourage you; anything worth doing will take some time and effort.
In its 2022 Cybersecurity Workforce Study, (ISC) estimates the size of the the global cyber security workforce at 4.7 million. It also indicates that the current workforce is 3.4 million workers short. That’s over 3 million positions waiting to be filled by qualified cyber security experts (nearly half a million of them in North America alone). (
According to the Bureau of Labor Statistics, top-paying employers in cyber security analytics include those in:
- Information services: $149,500
- Securities, commodity contracts, and other financial instruments: $142,000
- Research and development in the physical, engineering, and life sciences: $129,000
- Scientific research and development services: $128,500
- Software publishers: $126,000
- Publishing: $125,700
The average salaries of professionals with a Master's degree are between $91,000 and $109,000, respectively. About half of all professionals in this field hold a graduate degree. ( )
|University and Program Name||Learn More|
The first step in any career path is training and education. In some tech roles, individuals with basic training can jump in and learn as they go. Cyber security is not one of them. To be trusted with a company’s most sensitive and confidential information, you’ll need to be highly educated and deeply experienced.
The most common way to build a career as a consultant is to work for others first. And to work for others, you’ll need to be hired. The vast majority of cyber security roles require applicants to hold a bachelor’s degree plus some graduate-level study.
Cyber security professions typically hold bachelor’s degrees in computer science or a related field. Higher education has been historically slow to catch up to the ever-changing tech industry, but we do expect to see more undergraduate programs and courses in areas such as digital forensics, cryptography, and ethical hacking being offered at major institutions. Statistics, advanced mathematics, and English are also important courses for anyone who wishes to join this field.
After earning your bachelor’s degree, further education at the graduate level will give you the best chance at success in the cyber security profession. Whether you choose to pursue a master’s degree or a graduate certificate or even to attend an online bootcamp for cyber security, post-undergraduate work can help you develop your skills and impress potential employers.
In cyber security, as in many tech fields, professional certifications are often not just a plus but a requirement for many jobs. Prominent and respected certifications in cyber security include:
A recent development, so-called “feeder jobs” are becoming prominent sources of cyber security talent for companies in need of such professionals.
So what is a feeder job? Any technical role that dips into cyber security in some way can be an opening into a cyber security career. For example, many/ IT jobs can serve as stepping stones to roles in cyber security, and might thus be considered feeder jobs. If you find yourself in an entry-level IT job that’s not related to security, look for ways to help with security wherever it’s needed. Chances are, your contributions will be appreciated; the steep shortage of cyber security experts means that most companies have security needs that are not being entirely met.
Many companies support technical workers who wish to be trained in cyber security. After all, promoting a good employee can be much easier than finding a qualified cyber security expert in a world where demand outstrips supply. Find out if your company offers tuition reimbursement or other professional development opportunities and set your sights on any cyber security training you can find.
Entering a field in which there are significantly more job openings than there are qualified candidates means your earning potential is virtually unlimited — especially if you’ve reached the level of top cyber security consultant. That said, income levels can be difficult to determine in this field, because consultants are generally self-employed contractors. If you are successful as an independent cyber security consultant, you may find yourself in a position to set your own prices and demand top dollar for your expert services.
If you choose to work for an agency or firm, on the other hand, you’ll likely sign on with a set salary. But even if this is the case, you can command a relatively high salary by reaching the top of your field and positioning yourself to be sought after by large companies.
Indeed reports that cyber security consultants earn, on average, around $103,000 annually, with that number increasing as high as $115,000 in top markets (e.g., Houston, Atlanta, Los Angeles).
This median may be skewed by self-employed contractors on the low end of the scale. It’s certainly possible to open up a business and call yourself a cyber security consultant without the training and experience we’ve laid out here. That said, the potential in this field is high. Those who put in the time and effort to rise in the ranks can see huge rewards. We’ve seen job postings for cyber security consultants with salaries above $200,000. A contractor who opens a firm and consults with large, wealthy companies stands to make even more.
If your goal is to be a self-employed cyber security consultant or an expert consultant employed by an in-demand firm advising top companies and executives on security, you may be wondering at what point in your career you’ll be most ready to make that leap.
The truth is, there is no one-size-fits-all approach. Launching a career as a cyber security consultant means rising to the top in a highly specialized field. At the end of the day, only hard work will get you there. Chances are, you’ll know when it’s time to jump ship from whatever job you’re in and become a consultant. Expect to earn several advanced degrees or certifications, and to log at least ten years’ experience. When you’ve gone as far as you can go at your company, when you feel confident that you can master any security challenges that come your way, and when people outside your company begin asking for your advice on security matters — you may be ready to start consulting.
Questions or feedback? Email firstname.lastname@example.org.