This is because, according to the most recent estimates, there a global shortage of around 3 million cybersecurity professionals. Despite the development of artificial intelligence and machine learning technologies, people remain as important as ever in tackling cybercrime.
It is often assumed that cybersecurity roles will be extremely technical – but this is not always the case. This can be a fantastic and extremely rewarding career choice offering candidates across a range of backgrounds and skillsets the chance to succeed. If you have been considering a move into the cybersecurity sector, here is a guide to five roles that could interest you.
Cyber Security Analyst
Cyber Security Analysts (CSAs) have a vital role to play in helping to protect organisations against cyber threats. They use a wide variety of techniques and technologies in order to prevent, detect, and manage threats against systems.
The key responsibilities of a CSA typically include monitoring networks for breaches and other types of attack, as well as investigating software generated security alerts and responding to incidents. They will also generally monitor current threats and be expected to keep up-to-date with the latest types of attacks and vulnerabilities. They will also create reports to keep other stakeholders informed.
CSAs often work within a security operations centre (SOC) operating 24 hours a day, 365 days a year – so you would need to expect to work shifts.
Salary expectations: starting salaries for CSAs are typically between £25,000 and £35,000 – more experienced analysts could expect to earn up to £50,000.
Network Security Engineer
Network Security Engineers are responsible for running and maintaining an organisation’s security systems. The main requirements of the role include configuring, deploying, and optimising firewalls as well as managing network monitoring tools such as SIEM, intrusion detection, and endpoint detection and response platforms. They will also often oversee router, switch, and virtual private network (VPN) maintenance.
A major element of the job is to help technologies understand the baseline of an environment, so that they can better understand what constitutes normal behaviour. This is important not only because it allows systems to notice obvious deviations from normal behaviour, but it also helps to reduce the volume of cybersecurity alerts which need to be investigated. When systems created too many alerts it can lead to cyber fatigue.
Salary expectations: the average salary for a Network Security Engineer is around £45,000.
Penetration testers (often referred to as pen testers) are security professionals who help to identify and address security issues in organisations’ networks. This role requires a range of skills across IT, including an understanding of networking, system administration, and software development.
Many pen testers start out in other areas of IT and security, and develop their skills over time. It is also generally necessary to gain ethical hacking qualifications in order to be considered for roles – however, this takes a lot of time. To pass the industry-recognised CREST qualification students need to have knowledge and skills across the industry, as well a two to three years of regular and frequent practical experience.
Salary expectations: Someone starting out as a penetration tester can expect a salary of around £25,000. A registered professional with significant experience would expect to earn in the region of £55,000, while a team leader could look at a salary in excess of £90,000. Many penetration testers work as contractors, which can earn around £400-500 per day.
Security Risk Analyst
Responsible for helping organisations to manage their information security risks and ensure controls are accurately assessed, Security Risk Analysts are typically involved in understanding which threats could have the largest impact on a business. They will advise boards in non-technical language on how they should spend budgets mitigating these risks.
The role involves conducting business impact assessments, quality assurance, commissioning independent security assessments and audits, and management information (MI) reporting.
Salary expectations: the average salary of a Risk Analyst is around £35,000.
It is important that cybersecurity is a key consideration during the development process, and to ensure that this is the case, many organisations are employing dedicated Security Developers. In this role, individuals are typically responsible for helping to define, document, and evolve the security strategy for the applications that the business providers.
To work in this role, it is important to have a good knowledge of software development languages as well as a sound understanding of security principles and threat modelling.
Salary expectations: the salary here can vary enormously depending on the role, but an experienced Security Developer could expect to earn around £70,000.
If you are interested in a career in cybersecurity but aren’t sure what path is best to follow, it’s a great idea to talk to people in the industry. There are industry events which are a great place to meet people, as well as an opportunity to ask questions.