A cybersecurity career path involves protecting an organization’s systems, networks, and data from cyberattacks. This can include a wide range of tasks, such as monitoring networks for security threats, implementing security measures, and responding to incidents when they occur.
If you’re interested in cybersecurity and want to know more about the career path, this guide covers cybersecurity roles at every level, typical salaries, industry outlook, and more.
- Cybersecurity Career Path
- Cybersecurity Certifications, Skills, and Education
- Cybersecurity Salary
- Cybersecurity Jobs Outlook
Cybersecurity Career Path
The cybersecurity field is constantly adapting to keep up with current threats and new technology. Fortunately, this means there are a variety of roles to pursue, no matter your experience level.
“The possibilities are endless!” says Jackie Flores-Bochner, director of information security and risk management at Johnson & Johnson and Forage program consultant. “You normally start out as an analyst of some sort, whether it’s general security or IT help desk. Eventually you start to develop a specialty or niche based on what it is you prefer to do. Perhaps you want to focus on incident response, identity and access management, or resiliency.”
Flores-Bochner also notes that an executive cybersecurity path is available to those who want to keep advancing to the top. “The highest ranking cybersecurity professional is usually the Chief Information Security Officer and it takes years of both technical and non-technical experience to get there.”
CyberSeek, a project from the National Initiative for Cybersecurity Education (NICE), has created an interactive career pathway site for job seekers, with information on cybersecurity jobs, average salaries, and feeder roles that are good transitions into a cybersecurity career. Jobs without feeder roles listed generally require prior cybersecurity experience.
Find your career fit
Discover if this is the right career path for you with a free Forage job simulation.
Entry-Level Cybersecurity Roles
Cybersecurity Specialist
- Average salary: $106,810
- Feeder roles: networking, systems engineering, financial and risk analysis, security intelligence, IT support
- Moves into: any mid-level roles
Cyber Crime Analyst
- Average salary: $100,000
- Feeder roles: networking, systems engineering, financial and risk analysis, security intelligence, IT support
- Moves into: any mid-level roles
Incident and Intrusion Analyst
- Average salary: $86,428
- Feeder roles: networking, systems engineering, financial and risk analysis, security intelligence, IT support
- Moves into: any mid-level roles
IT Auditor
- Average salary: $110,000
- Feeder roles: networking, systems engineering, financial and risk analysis
- Moves into: cybersecurity consultant or penetration and vulnerability tester roles
Mid-Level Cybersecurity Roles
Cybersecurity Analyst
- Average salary: $107,500
- Feeder roles: networking, software development, systems engineering
- Moves into: any advanced-level roles
Cybersecurity Consultant
- Average salary: $93,067
- Moves into: any advanced-level roles
Penetration and Vulnerability Tester
- Average salary: $101,662
- Feeder roles: networking, software development, systems engineering
- Moves into: cybersecurity engineer or cybersecurity architect roles
Advanced-Level Cybersecurity Roles
Cybersecurity Manager
- Average salary: $136,236
Cybersecurity Engineer
- Average salary: $113,758
- Feeder roles: networking, software development, systems engineering
Cybersecurity Architect
- Average salary: $163,121
- Feeder roles: networking, software development, systems engineering
According to CyberSeek, the most job openings are for advanced-level cybersecurity engineers, followed by mid-level cybersecurity analysts, penetration and vulnerability testers, and cybersecurity consultants.
>>MORE: Mastercard Cybersecurity Virtual Experience Program
Cybersecurity Certifications, Skills, and Education
While education and certifications are vital for cybersecurity careers, skills and work experience are starting to pull ahead in terms of what employers are looking for.
Certifications
When it comes to certifications, “It depends on what route you want to take,” says Flores-Bochner. “Initial certifications for people looking to start out would be the CompTIA Security + or CSX-P.” For the risk management side, she recommends the CRISC or CISM certification offered by ISACA.
Flores-Bochner notes that CISSP is a great certification across the board but may not be for everyone due to its very technical nature. Indeed, CyberSeek includes CISSP as a top certification for advanced-level positions.
However, employers aren’t prioritizing certifications as much as they used to. The (ISC)2 Cybersecurity Workforce Study 2022 results indicate that relevant IT and cybersecurity work experience is now more important to employers than cybersecurity certifications.
Flores-Bochner concurs. “While certifications are great and prove your dedication to the craft, nothing will surpass real experience so always seek to supplement your certificates with experience when you can.”
>>MORE: SAP Cybersecurity Virtual Internship Program
Skills
Strong strategic thinking and adaptability skills are essential as cybersecurity professionals must continually adapt to prevent and respond to new threats. Problem-solving skills are also crucial soft skills — and are ranked in the (ISC)2 survey as the second most important qualification for those looking for cybersecurity employment.
However, communication skills are paramount, not just for aspiring cybersecurity workers, but for those who are already in the field and want to advance their careers. “The ability to communicate with non-technical professionals is what sets a security professional apart from their peers,” explains Flores-Bochner.
“At the end of the day, security functions are funded by nontechnical business units, so you will find yourself in situations where you are requesting funding for a critical project but the person approving the funds doesn’t necessarily understand what you do. If you can successfully explain what you do and why it’s critical to the business you will quickly find yourself moving up the ladder,” she continues.
Some of the top specific hard skills for entry-level cybersecurity positions are:
- Information security/assurance
- Security operations
- Cryptography
- Risk assessment and management
- Threat analysis
Education
Your college education can help you gain the skills you need to find entry-level cybersecurity jobs, such as “a solid understanding of technology and what we call the technology stack,” notes Flores-Bochner. “Cybersecurity will always have some sort of technical component or implication so knowing what you are protecting is important.”
Slightly more than half (51%) of surveyed cybersecurity professionals pursued bachelor’s degrees in computer and information sciences, followed by engineering degrees (19%) and non-IT degrees (30%), according to (ISC)2.
However, younger generations are forging new cybersecurity career paths. Just 50% of cybersecurity professionals under age 30 started with a career in IT before moving into cybersecurity, compared to 77% of those aged 50-54.
In addition, 23% of under-30s pursued cybersecurity education before getting their first cybersecurity job, 14% moved into cybersecurity from a different field, and 12% explored cybersecurity training on their own before being recruited — vs. 4%, 13%, and 4%, respectively, for ages 50-54.
>>MORE: AIG Shields Up: Cybersecurity Virtual Experience Program
Cybersecurity Salary
The median annual salary for cybersecurity professionals in 2022 was $134,800 in North America, according to (ISC)2. Cybersecurity workers in the U.S. earn up to $150,000 a year with a doctorate, $142,00 with a master’s degree, $130,000 with a bachelor’s degree, and $127,750 with an associate degree.
Information security analysts earned annual average salaries of $113,270 in 2021, with the top 10% earning more than $165,920. California and New York are the top-paying states for this role.
Cybersecurity Jobs Outlook
As innovation in technology progresses at a dizzying pace and the threat landscape continues to grow, cybersecurity jobs are sure to remain in high demand. For example, the Bureau of Labor Statistics estimates that job openings for information security analysts will grow by 35% from 2021 to 2031 — much faster than average.
According to CyberSeek, there were 1.1 million cybersecurity workers in the U.S. in 2022. However, there are only enough U.S. cybersecurity professionals to fill 65% of available jobs.
This “cybersecurity workforce gap” left more than 410,000 cybersecurity jobs unfilled in the U.S. (3.4 million worldwide) in 2022, explains (ISC)2. Globally, the gap has grown over twice as much as the workforce, and Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity positions by 2025.
Ready to kick off your cybersecurity career path? Learn a variety of foundational technology skills with Forage’s tech virtual experience programs.
Image credit: Gorodenkoff / Depositphotos.com