What is Cyber Security and Why is it Important?
In recent years, headlines about cyber security have become increasingly common. Thieves steal customer social security numbers from corporations’ computer systems. Unscrupulous hackers grab passwords and personal information from social media sites, or pluck company secrets from the cloud. For companies of all sizes, keeping information safe is a growing concern.
What is Cyber Security?
Cyber security consists of all the technologies and practices that keep computer systems and electronic data safe. And, in a world where more and more of our business and social lives are online, it’s an enormous and growing field.
Why is Cyber Security Important?
Getting hacked isn’t just a direct threat to the confidential data companies need. It can also ruin their relationships with customers, and even place them in significant legal jeopardy. With new technology, from self-driving cars to internet-enabled home security systems, the dangers of cyber crime become even more serious.
So, it’s no wonder that international research and advisory firm Gartner Inc. predicts worldwide security spending will hit $170 billion by 2022, an 8% increase in just a year.
“We’re seeing a tremendous demand for cyber security practitioners,” said Jonathan Kamyck, associate dean of programs for cyber security at Southern New Hampshire University (SNHU). “Most businesses, whether they’re large or small, will have an online presence, for example. Some of the things you would do in the old days with a phone call or face-to-face now happen through email or teleconference, and that introduces lots of complicated questions with regard to information.”
These days, the need to shield information from malicious actors is a concern at the highest levels of business and government. State secrets can be stolen from the other side of the world. Companies, whose whole business models depend on control of customers data, can find their databases compromised. In just one high-profile 2017 case, personal information for 147.9 million people – about half the United States – was compromised in a breach of credit reporting company Equifax.
Even small companies face threats if they don’t keep their security strong. A recent survey from Nationwide Mutual Insurance Company found that 58% of business owners with up to 299 employees had been victims of a cyber attack. Computer viruses and phishing were particularly common, but 12% had faced hacking as well, and 7% – more than one in 15 businesses – had suffered a data breach. The survey also found the companies ill-prepared to protect themselves. Less than half had plans in place to protect their employee or customer data.
Career Opportunity and Salary Potential in Cyber Security
As companies large and small scramble to respond to the growing threats, jobs in the cyber security field are growing fast. The U.S. Bureau of Labor Statistics (BLS) predicts that jobs for information security analysts will grow by 31% through 2029. That’s more than twice as fast as the average computer-related occupation and four times as fast as American jobs in general.
To help fill the need for more professionals in the cyber security world, CyberSeek, a project funded by the federal government and supported by industry partners, provides detailed information on demand for these workers by state. The tool shows that, across the country, there are about 286,000 job openings in the field, while 747,000 people currently hold jobs. That comes out to a ratio of only 2.6 employed workers for every opening, reflecting a large unfilled demand. In contrast, the overall ratio for all U.S. jobs is 5.6.
“There’s a huge shortfall right now in entry-level and midlevel cyber security roles,” Kamyck said. “You’re looking at demand across all business sectors, with companies of all sizes.
CyberSeek lists the following entry- mid- and advanced-level roles available in the field. Average salaries are based on job openings posted between Oct. 2019 and Sept. 2020.
Entry-Level Cyber Security Roles
- Cyber Security Technician – Cyber security technicians make an average salary of $89,000 and important skills for the role include information security, network security and information assurance.
- Cyber Crime Analyst or Investigator – Cyber crime analysts make an average salary of $93,000 and common skills necessary for the role include computer forensics, information security and malware engineering.
- Incident Analyst or Responder – Incident analysts make an average salary of $85,000 and common skills needed include project management, network security and intrusion detection.
- IT Auditor – Information technology auditors make an average salary of $95,000 and common skills for the role include internal auditing and audit planning, accounting and risk assessment.
Mid-Level Cyber Security Roles
- Cyber Security Analyst – Security analysts make an average of $96,000 and top skills required include information security and systems, network security and threat analysis.
- Cyber Security Consultant – Consultants in cyber security make an average salary of $91,000 and need skills in information security and surveillance, asset protection and security operations.
- Penetration and Vulnerability Tester – Penetration testers make an average salary of $104,000 and need to have skills in penetration testing, Java, vulnerability assessment and software development.
Advanced-Level Cyber Security Roles
- Cyber Security Manager – Managers in this field make an average salary of $103,000 and top skills include project management, network security and risk management.
- Cyber Security Engineer – Cyber security engineers make an average of $99,000 a year and need skills in cryptography, authentication, and network security.
- Cyber Security Architect – Cyber security architects make an average salary of $131,000 and top skills for the role include software development, network and information security and authentication.
What Does a Cyber Security Professional Do?
Kamyck said there are a wide range of roles that cyber security professional can play in a modern company. Some small businesses may hire a single person to handle all kinds of work protecting its data. Others contract with consultants, which can offer a variety of targeted services. Meanwhile, larger firms may have whole departments dedicated to protecting information and chasing down threats.
While companies define roles related to information security in a variety of ways, Kamyck said there are some specific tasks that these employees are commonly called on to do. In many cases, they must analyze threats, gather information from a company’s servers and cloud services, as well as employees’ computers and mobile devices.
“An analyst’s job is to find meaning in all of that data, see what’s concerning,” he said. “Is there a breach? Is someone violating a policy?”
In many cases, Kamyck said, security specialists work with other information technology professionals to make sure a company’s systems are secure. That involves not just technical know-how but also people-oriented skills.
Good security means:
- Making sure employees use strong passwords
- Downloading the latest patches and software updates
- Ensuring data is secure
But breaches don’t just take the form of someone hacking into a server. They can also involve customer lists sent through unencrypted email, a password written on a sticky note in a cubicle, or a company laptop stolen from an employee’s car.
Depending on their specific role, many cyber security professionals must also think big strategically. In many industries, companies depend on many employees having quick access to highly sensitive data, such as medical records or bank account information.
“The goal is to balance the needs of the company or the organization you’re working for with the need to protect the confidentiality of customer data and trade secrets,” Kamyck said.
Kamyck said people who do well in these kinds of jobs tend to be curious, competitive and willing to keep learning to stay up to date with rapidly changing technology. The work draws on multidisciplinary knowledge, and people who continue with the work find there are a variety of directions they can take their careers.
For example, Kamyck said, if you're interested in the business side you might become a manager or run audits that let companies know where they need to improve to meet compliance. If you love the adversarial part of the job, you might become a penetration tester, essentially an “ethical hacker” who tests for system vulnerabilities by trying to get through them.
How to Get Into Cyber Security
If you’re considering a job in cyber security, it’s clear the positions are out there. The question is how to make sure you’re a good fit for them. According to BLS, most information security analyst jobs require at least a bachelor’s degree in computer science, information assurance, programming or another related field.
In some cases, the work calls for a Master of Business Administration (MBA) in information systems. That’s a degree that typically takes an additional 2 years of study and involves both technical and business management courses.
Cyber security job requirements also sometimes include related work experience. Rather than jumping right into the security side of information technology, you can start out as a network or computer systems administrator. Depending on the specific cyber security position, employers may have other job requirements. For instance, keeping databases secure might be an ideal job for someone who’s spent time as a database administrator and is also well-versed in security issues.
Aside from work experience and college degrees, some employers also prefer job candidates who have received certifications demonstrating their understanding of best-practices in the field. The Certified Information Systems Security Professional (CISSP) credential validates a professional’s general knowledge and abilities in information security. There are also more specific certificates, which can highlight specialized knowledge of computer architecture, engineering or management.
Whatever path new employees in cyber security want to follow, Kamyck said, those who are willing to make the effort to learn the field will find abundant opportunity.
“There’s needs in government. There’s needs in finance. There’s needs in education,” he said. “There’s a tremendous unfilled need.”
Explore more content like this article
March 30, 2021
Careers in machine learning and artificial intelligence are still being defined, which creates generous opportunities to innovate and carve your own career path.
March 26, 2021
Many technical fields require more than an associate degree to advance to a management position. An online bachelor's in technical management can allow you to position yourself for advancement without interrupting your career.