As technology continues to play a fundamental role in our day-to-day lives, it’s critical to protect the technology that we use, including data, applications, networks, and devices. It’s also increasingly important to educate technology end-users about the steps they should take to keep themselves safe, as well as to effectively plan a response for when—not if—something bad happens.
Cybersecurity careers allow individuals to help public and private organizations protect their information and assets from a broad range of cyberattacks. According to TechTarget’s technology dictionary WhatIs.com, these types of attacks include (but are not limited to) the following:
- Ransomware: Taking a victim’s computer files, often through an insecure network or device, and demanding a ransom payment to get them back.
- Malware: Installing malicious software, such as virus or worm, on a victim’s computer.
- Social engineering: Tricking victims into breaking security policies in order to provide access to sensitive information.
- Phishing: Sending fraudulent emails that appear to come from reliable sources in order to get users to give up sensitive or personal information.
With attacks like these on the rise, virtually every major company and government department relies on a trained team of specialists to help prevent loss from cybercrimes. Read on to explore the job outlook and salary potential for those who specialize in cybersecurity, and the practical ways you can set yourself up for a successful career in the industry.
Why is Cybersecurity Important?
When cyberattacks happen, organizations are fined, executives lose their jobs, customers may take their business elsewhere, and an organization’s credibility and public perception take a hit. By maintaining an organization’s security strategy and operations, cybersecurity experts help a company avoid the headaches that come with a cyberattack.
In 2020, for example, the SolarWinds attack exposed sensitive information from about 100 companies and a dozen government agencies, and 122 major blockchain hacks claimed $3.8 billion in cryptocurrency. Early 2021 saw the Colonial Pipeline ransomware attack, which shut down the largest gas pipeline in the United States after attackers stole 100 gigabytes of data as part of a $5 million extortion scheme.
Interestingly, organizations are not only under attack from external hackers. Internal cyber threats, in the form of data leaks or employee sabotage, also pose a large risk for businesses. Cybersecurity professionals are responsible for protecting an organization’s valuable information, customers, and brand reputation and brand by preventing these data breaches.
Beyond just reputation damage, cybercrimes significantly impact the global economy. According to The Center for Strategic and International Studies, close to $600 billion (nearly one percent of global GDP) is lost to cybercrime each year—a number that is swiftly increasing as cybercriminals adopt new technologies and leverage the latest digital currencies. Cybersecurity professionals are constantly searching for novel ways to anticipate and respond to these crimes.
Download Our Free Guide to Advancing Your Cybersecurity Career
Learn how to meet the growing demand for skilled cybersecurity professionals.
Cybersecurity Career Outlook & Job Market
Cybersecurity analysts are in high demand in today’s digital climate, and the career potential for this field reflects this growing need. Recent labor market data reveals that available cybersecurity jobs are expected to grow 31 percent by 2029—more than seven times the average rate of job growth across all industries.
As the demand for skilled cybersecurity professionals continues to rise, employers are struggling to find qualified applicants to fill these roles. According to a 2020 study by ISC(2), just over 4 million professionals are needed worldwide to close the cybersecurity skills gap, meaning that the cybersecurity workforce needs to increase by about 62 percent in the United States alone.
To take advantage of the overwhelming demand for cybersecurity skills in today’s workforce, professionals should consider developing these skills by pursuing the necessary education and training.
Skills and Education Needed for a Successful Cybersecurity Career
Cybersecurity careers come with a lot of responsibility, as they involve protecting an organization’s information assets and complex IT systems. Professionals in these roles need to know the basics of IT and security, in addition to IT-specific terms and vocabulary. Experience with data analysis and engineering, especially in multiple programming languages, is also a plus.
Some specific skills that cybersecurity professionals should have include:
- Programming and coding skills
- Data management
- Security Information and Event Management (SIEM)
- Mobile device and application security.
- Security incident handling
- Analytical skills
- Communication skills
Cybersecurity professionals also need to stay on top of industry trends. Cybersecurity trends for 2021 and beyond include focusing on specific attacks on internet-connected devices and outdated operating systems, which are particularly vulnerable, following best practices for mitigating ransomware risk, and proactively planning a disaster recovery response in the event of an incident.
Cybersecurity Education and Training
Most jobs in cybersecurity typically require a bachelor’s degree in cybersecurity, information technology, or computer science.
Advanced degrees, such as a Master of Science in Cybersecurity, provide more specialized training in vulnerability analysis, criminology, social science, planning security strategy, and effectively communicating with management about key cybersecurity trends. These degree programs benefit cybersecurity professionals who seek management or executive positions, as well as anyone who wants to develop security products.
In addition, cybersecurity certificate programs can benefit anyone seeking more specialized instruction in network security, digital forensics, risk management, or the legal and ethical challenges of cybersecurity. This education can help professionals to advance their cybersecurity careers in their current roles, or to begin the process of obtaining a Master of Science degree.
By obtaining an advanced degree and developing their cybersecurity skillsets, professionals can go on to land some of the most sought-after jobs in the field.
12 High-Paying Cybersecurity Careers
If employees are willing to take on the responsibility to defend organizations against cyberattacks, then employers are willing to compensate them well. According to the U.S. Bureau of Labor Statistics (BLS), the median pay for an information security analyst, a common cybersecurity career, is just over $103,000.
Depending on the type of cybersecurity role, and the level of specialization the role requires, average salaries can vary. Here’s a look at some of the highest-paying cybersecurity careers, along with a description of the type of work you can expect to do in these roles.
Salary estimates are based on figures provided by IT staffing firm Mondo and research firm PayScale. Job descriptions come from Mondo and Tripwire, a vendor of security and compliance software products.
1. Chief Information Security Officer (CISO)
Average Salary: $165,985
The CISO oversees the IT security department. This role requires a background in IT strategy, security architecture, management, and communication. While the average salary for this role is $165,985, CISOs can make up to $229,000. The wide salary range for this role stems from factors such as the size of the organization and its security team to the executive bonus and profit-sharing structures, which can add more than $85,000 to a base salary.
2. Security Architect
Average Salary: $124,769
This role builds and maintains the computer and network security infrastructure for an organization. This requires extensive knowledge of security frameworks, which can be obtained through certificate programs or other professional development efforts. Security architects can make up to $166,000 depending on the individual’s education, experience, and where they work.
3. Information Systems Security Manager
Average Salary: $116,978
Cybersecurity professionals in this role command a high salary because they manage the systems that contain an organization’s exclusive or proprietary information, which is often of particular interest to hackers. Depending on their experience level, information systems security managers can make up to $152,000.
4. Information Systems Security Engineer
Average Salary: $100,936
These cybersecurity professionals perform security tests, keep networks free of viruses and malware, and set security system protocols for a company. Information Systems Security Engineers can make up to $145,000 depending on the individual’s education, experience, and where they work.
5. Application Security Engineer
Average Salary: $97,684
This cybersecurity role monitors all the software applications that an organization uses, making sure that privacy and compliance policies are up to date. Organizations that use automated software for analytics or operations, as well as organizations that use software hosted on cloud servers, look for more experienced engineers. Depending on their experience level, application security engineers can make up to $151,000.
6. Malware Analyst
Average Salary: $92,880
These cybersecurity professionals help organizations understand the malicious software threats that they face, identify software products and services that can prevent intrusions, and work quickly to detect and mitigate intrusions when they do happen. Salaries for this role can increase up to $156,000 depending on the individual’s education, experience, and where they work.
7. Penetration Tester
Average Salary: $85,869
In this role, employees design tests to identify security vulnerabilities and evaluate overall cybersecurity effectiveness. According to Mondo, this role is in high demand, so average salaries should rise over time. Depending on their experience level, penetration testers can make up to $139,000.
8. Forensic Engineer
Average Salary: $85,525
This role analyzes information taken from an organization’s computers, networks, and connected devices to detect potential intrusions. Professionals in this role should be comfortable collaborating with law enforcement agencies to assist with investigations; knowledge of cryptography is also beneficial. Forensic engineers can make up to $120,000 depending on the individual’s education, experience, and where they work.
9. Security Director
Average Salary: $85,501
In this role, employees implement IT security measures, allocate resources to a security department, create employee and end-user security education campaigns, and assist law enforcement in the event of an external incident investigation. Depending on their experience level, security directors can make up to $156,000.
10. Cybersecurity Consultant
Average Salary: $84,279
Another possibility for a cybersecurity career is that of a consultant. Organizations hire these outside experts to help implement security products and develop security strategies. Cybersecurity consultant salaries vary from $61,000 to $140,000, according to PayScale. Some may do this work on a part-time basis as part of a career or life change.
11. Cybersecurity Analyst
Average Salary: $76,550
Cybersecurity analysts are generalists focused on protecting against the wide range of cyberattacks, based on data-driven analysis of present and future trends. The senior roles that command a higher salary typically involve strategic planning. Cybersecurity Analysts can make up to $117,000 depending on the individual’s education, experience, and industry.
12. Network Security Analyst
Average Salary: $72,388
This role manages the security of a company’s computer network and information systems. In industries that rely on the safety of Internet-connected devices— including healthcare, transportation, and energy—organizations often look for more experienced professionals. Depending on their experience level, network security analysts can make up to $107,000.
Cybersecurity Careers Are Everywhere
It’s also important to consider where to find a job in cybersecurity. You might think that most domestic cybersecurity careers are found only in technology hubs like Silicon Valley and the Boston area. However, a recent analysis by the job posting site Indeed found that those metro areas rank number seven and eight, respectively, in U.S. job postings for cybersecurity roles, meaning there are cybersecurity roles to be found no matter where you are located.
The Washington, D.C. metro area topped the list, which is not surprising when you consider the importance of protecting data for the Department of Defense, other federal agencies, and third-party government contractors. Baltimore ranked number four for similar reasons, as the city is home to large offices for the Social Security Administration and the Centers for Medicare & Medicaid Services.
Meanwhile, the other metro areas in the top five (New York, Dallas/Fort Worth, and Chicago) are home to the headquarters of many Fortune 500 companies. This shows that cybersecurity careers are not just technology jobs—they are jobs in industries such as government, finance, healthcare, energy, and transportation.
What’s more, the U.S. Bureau of Labor Statistics expects the number of all cybersecurity jobs to grow by 31 percent between 2019 and 2029. That’s more than seven times the national average for all industries over the same 10-year span.
How to Build a Successful Career in Cybersecurity
1. Embrace advanced learning—your way.
Advanced degree holders, in general, earn a salary 35 percent higher than those with a bachelor’s degree, and the cybersecurity field is no exception. A student who chooses to continue their education with a master’s degree can expect a more challenging, rewarding, and specialized career experience. Many available master’s programs are also quite flexible and can be completed either full-time or part-time in just two to three years.
The master’s degrees at many top universities are also offered in a variety of formats, including on-ground, online, and hybrid. Considering the impact that an advanced degree can have on your cybersecurity career, finding a program that fits your personal lifestyle and your unique learning preferences will be the first step on your path to success.
2. Choose a holistic cybersecurity program.
Once you’ve decided to advance your education (and given some thought to the structure of the program), it’s important to consider the different approaches to learning covered in each school’s curricula.
Technical training in this field is often divided into two types of learning: practical (hands-on, step-by-step, and how-tos) and theoretical (the why and how of the science). Both learning methods are needed to become proficient in this field, and the right cybersecurity program will cover both equally.
By following this holistic approach, graduates will have the skills to anticipate cyberthreats, proactively build solutions, and know what to do when criminals threaten systems. As technology changes, a cybersecurity professional with adaptive, hands-on experience will have the skills to evolve with it.
3. Follow your passion.
Cybersecurity offers professionals a wide variety of opportunities to pursue individual interests within the tech world, and the best way to be truly successful in this field is to find which area best aligns with your skills and passions.
Someone with a love for the law, for example, may choose to focus their career on ethical norms and legal requirements for cybersecurity. This could include privacy, disclosure, and the Digital Millennium Copyright Act (DMCA), which protects digital creators from infringement and acts of piracy. Designers, on the other hand, have the opportunity to translate their creative skills into more secure network environments. The field requires those who can teach, write, code, and test—all within the day-to-day applications we use all the time—and who have an eye for the most secure methods possible. For those interested in the planning, designing, implementing, and operating of security infrastructures, a role as a cybersecurity analyst may also be a good fit.
No matter what area of cybersecurity interests you the most, the field offers an array of opportunities to use your unique talents in a way that is fulfilling to you.
4. Plug into a network.
One of the benefits of pursuing a master’s in cybersecurity program is that you will graduate with a network of professional contacts that can help you on your path toward an established career.
While pursuing your degree, take the time to connect with professors and fellow students in the classroom, as well as co-workers and managers during any experiential learning opportunities. Then, once you’ve graduated, be sure to put in the effort necessary to maintain these relationships. Having contacts like these can be helpful not only to uncover employment opportunities after graduation but to stay up-to-date on evolving industry trends throughout your career, as well.
Taking the Next Step in Your Cybersecurity Career
Choosing a career in cybersecurity isn’t just a commitment to bettering yourself through more education and a higher possible starting salary; it’s also a commitment to improving our world by thwarting bad players’ efforts to compromise the technology we enjoy every day. Whether your skills are used to stop debit card fraud, ransomware, or high-level government hacking, the impact you can make as a cybersecurity professional can have a lasting impact on society.
Interested in helping protect global organizations from cyber threats? Explore Northeastern’s graduate programs in Cybersecurity and learn how a degree can help you advance your career.
Editor’s note: This article was originally published in September 2017. It has since been updated for relevance and accuracy.