How to Become a Cyber Security Consultant

Here’s a stat that just might blow your mind: Over 90 percent of the data that exists on Earth today was created in the past two years.

Imagine that. Digital technology is increasing at such a rapid pace that we’ve created nine times as much data since 2016 than in all the previous years combined.

If you’re in the business of protecting data — and nearly all of today’s businesses are — this stat is also somewhat overwhelming. So many facets of our lives exist online as bits and bytes of data traveling from computer to computer or from our phones to the cloud and back. Hackers grow more sophisticated each year; they know that this data is out there, and they are expert at finding new ways to get to it. Companies have a responsibility to protect and defend the personal data they collect from customers, but, as we have seen from recent newsworthy data breaches, this task is not always easy for business leaders. One major factor: the volume of trained cyber security experts is not keeping pace with the growth of data in the world.

This is where a more sobering and frightening piece of data comes into play: it’s been projected that by 2019 there will be as many as 6 million cyber security jobs openings — but only 4.5 million trained security professionals qualified to fill those roles.

This is bad news for business, and bad news for customers who rely on businesses to protect their data. But it’s good news for you, if you’re interested in a cyber security career. Because if you do the work to become a trained expert in cyber security, your talents will be in high demand for years to come.

What is a Cyber Security Consultant?

There are many cyber security roles within companies, from cyber security specialist, to engineer, to architect. But there are still thousands of companies who don’t have, can’t afford, or just can’t find an in-house cyber security expert. This is where consultants come in.

A cyber security consultant may work for a firm or be a self-employed contractor. A consultant does not hold a full-time job performing cyber security tasks for a particular company, but rather advises and works with many companies. This puts the consultant in a powerful position, because when need far outweighs talent, well-respected consultants have their pick of clients.

The career path of a cyber security consultant will be similar to that of any other cyber security professional in some ways, but will diverge in others. For example, there is no “entry level" cyber security consultant role; in order to work as an in-demand consultant, you’ll need training, education, and years of experience. In fact, a consultancy can be seen as the pinnacle of a cyber security career — a role in which you choose your clients, name your prices, and determine your own hours.

If you’re already a cyber security professional, you may be ready to branch out into contract work. But if you’re new to the field, you’ve got a long road ahead of you. Don’t let that discourage you; anything worth doing will take some time and effort.

What Education Does a Cyber Security Consultant Need?

The first step in any career path is training and education. There are some tech roles in which individuals with basic training can jump in and learn as they go; cyber security is not one of them. To be trusted with a company’s most sensitive and confidential information, you’ll need to be highly educated and deeply experienced.

The most common way to build a career as a consultant is to work for others first. And to work for others, you’ll need to be hired. The vast majority of cyber security roles require applicants to hold a bachelor’s degree plus some graduate-level study.

Degrees for a Career as a Cyber Security Consultant

Generally speaking, computer science and related fields are the most valuable bachelor’s degrees for an aspiring cyber security professional to hold. Higher education has been historically slow to catch up to the ever-changing tech industry, but we do expect to see more undergraduate programs and courses in areas such as digital forensics, cryptography, and ethical hacking being offered at major institutions. Statistics, advanced mathematics, and English are also important courses for anyone who wishes to join this field.

After earning your bachelor’s degree, further education at the graduate level will give you the best chance at success in the cyber security profession. Whether you choose to pursue a master’s degree or a graduate certificate, or even to attend an online bootcamp for cyber security, the more education you have under your belt the better prepared you will be for this challenging job.

Professional Certificates in Cyber Security

In cyber security, as in many tech fields, professional certifications are often not just a plus but a requirement for many jobs. Prominent and respected certifications in cyber security include:

• CompTIA Security+
• Global Information Assurance Certification (GIAC)
• Certified Ethical Hacker Certification
• ISACA Certifications

Feeder Jobs for a Cyber Security Career

A recent development, so-called “feeder jobs" are becoming prominent sources of cyber security talent for companies in need of such professionals.

So what is a feeder job? Any technical role that dips into cyber security in some way can be an opening into a cyber security career. For example, many IT jobs can serve as stepping stones to roles in cyber security, and might thus be considered feeder jobs. If you find yourself in an entry-level IT job that’s not related to security, look for ways to help with security wherever it’s needed. Chances are, your contributions will be appreciated; the steep shortage of cyber security experts means that most companies have security needs that are not being entirely met.

Many companies will also support technical workers who wish to be trained in cyber security. After all, promoting a good employee can be much easier than finding a qualified cyber security expert in a world where demand outstrips supply. Find out if your company offers tuition reimbursement or other professional development opportunities, and set your sights on any cyber security training you can find.

Cyber Security Consultant Salary

Entering a field in which there are significantly more job openings than there are qualified candidates means your earning potential is virtually unlimited — especially if you’ve reached the level of top cyber security consultant. That said, salaries can be difficult to determine in this field, because consultants are generally self-employed contractors. If you are successful as an independent cyber security consultant, you may find yourself in a position to set your own prices and demand top dollar for your expert services.

If you choose to work for an agency or firm, on the other hand, you’ll likely sign on with a set salary. But even if this is the case, you can command a relatively high salary by reaching the top of your field and positioning yourself to be sought after by large companies.

Glassdoor lists as its median salary for a cyber security consultant $85,667. In many parts of the country, this is a high salary; certainly by most standards it’s a very comfortable living. But it’s not the six-figure number you typically expect for high-ranking members of the tech community.

This median may be skewed by self-employed contractors on the low end of the scale. It’s certainly possible to open up a business and call yourself a cyber security consultant without the training and experience we’ve laid out here. But the potential in this field really is high. Those who put in the time and effort to rise in the ranks can see huge rewards. We’ve seen job postings for cyber security consultants with salaries above $200,000. A contractor who opens a firm and consults with large, wealthy companies stands to make even more.

When Should You Start?

If your goal is to be a self-employed cyber security consultant or an expert consultant employed by an in-demand firm advising top companies and executives on security, you may be wondering at what point in your career you’ll be most ready to make that leap.

The truth is, there is no one-size-fits-all approach. Launching a career as a cyber security consultant means rising to the top in a highly specialized field. At the end of the day, only hard work will get you there. Chances are, you’ll know when it’s time to jump ship from whatever job you’re in and become a consultant. Expect to earn several advanced degrees or certifications, and to log at least ten years’ experience. When you’ve gone as far as you can go at your company, when you feel confident that you can master any security challenges that come your way, and when people outside your company begin asking for your advice on security matters — you may be ready to start consulting.