Take Control of Your Cyber Career!

Wondering how to become a cyber security architect? Today’s article discusses everything you might want to know to help you achieve your goal.

Table of Contents

Interested in learning more about how to become a cyber security architect? Click below to find out!

What Is a Cyber Security Architect?

Why Security Architecture Is Important to An Organization?

What Are the Skills Required for Cyber Security Architect?

Cyber Security Architect Qualifications

Security Architect Certification Path

What Does a Cyber Security Architect Do?

How Much Does a Cyber Security Architect Make?

Do I Need a Degree for Cyber Security?

Cyber Security Engineer Vs Cyber Security Architect

How to Become a Security Architect?

Can I Take a Security Architect Training Course?

What Is a Cyber Security Architect?

The role of a security architect is to design and implement security solutions within an organization’s enterprise infrastructure.

This is so that users may safely interact with the information systems and with minimal concern for the loss of data confidentiality, integrity, or availability.

Architects work with executive management, engineers, analysts, and other IT staff members to design and implement the security architecture.

Architects also design and allocate systems to properly manage the enterprise-level security risks.

A security architect also known as: Information Assurance (IA) Architect, Information Security Architect, or Security Solutions Architect. Whatever the position is called, the role is the same.

Why Security Architecture Is Important to An Organization?

Security architecture provides a framework for the design and implementation of security measures.

The architecture is a system of policies, procedures, and controls that define how security will be implemented and maintained within an organization.

Organizations also rely on the security architecture to understand their current security posture so they can make informed decisions about future investments in technology and security.

It’s a complex and strategic process that involves technical and non-technical elements.

What Are the Skills Required for Cyber Security Architect?

A cyber security architect needs to have a broad range of skills to effectively design the security architecture.

The skills required for this role vary depending on roles and responsibilities. However, there are some general security architect skills you’re expected to possess:

Operating Systems and Security Tools

Understand how Windows, MacOS, and Linux/Unix-based operating systems work. Much of the systems infrastructure you’ll be designing, and data collection/security tools your team will be using, are based upon any one of these operating systems as a foundation. And though you may not have access to any of the infrastructure and tools (to maintain a separation of duties), not fully understanding them will become a severe hinderance to your performance.

Coding / Software

Knowing how to code, how software is designed including its use cases and applications, how software interacts with the infrastructure and the vulnerabilities that result. While you won’t be doing any coding on your own, you will be working with a technical security team responsible for the development of the security components and tools that’ll protect your organization’s information systems.

Brush up on your soft skills

Don’t underestimate the importance of soft skills. We’ll talk about additional soft skills below but becoming a security architect requires you to be analytical, detail-oriented, have good research and problem-solving skills, and be able to provide creative solutions. It’s especially vital that you remain open-minded, receptive to new ideas, and willing to lean upon your analysts and engineers to fill in gaps in your knowledge.

Have the right mindset and perspective

Don’t focus on a particular area of the system. This position requires a deep and holistic understanding of entire information infrastructure. You’ll need the vision to creatively design a security solution with the latest and most tested tools and configurations available. This means understanding how the existing infrastructure combined with the security infrastructure will work with each other.

Communicate with your stakeholders

Cyber security architects also need excellent communication skills, both written and verbal, to effectively convey their findings and recommendations to other stakeholders within an organization. It’s vital to translate technical knowledge into a business language that’s easily understood by non-technical people. You may even find yourself in a position to justify some of your decisions to executive leaders based on necessity rather than cost.

Act like a leader

Being a subject matter expert (“SME”), your position lends itself into becoming a leader. This means you’ll also act as the “spokesperson” for your security team. This is especially true, if you’re in a smaller organization where you also act as the highest security team member. At this level, confidence in your abilities and mentoring your team is key!

You’re the one who’s accountable!

As the SME, you’re automatically held to the highest level of accountability. Know the specific details about how the security infrastructure operates. When a security breach occurs, everyone will look to you to understand what has happened. Work with the forensics team to understand how the investigation will proceed. Then determine what actions are needed to mitigate further harm and future security breaches (aka incident response).

Risk and Compliance

The entire reason why your position exists is to reduce organizational risks, which include the risk of security breaches. To reduce this risk, knowing how to read, understand, and implement security controls based on compliance standards such as: NIST SP 800-53, NIST CSF, ISO 27001/2, etc. is crucial. This also means incorporating results of threat models, risk and vulnerability assessments, and any other threats assessments as part of the architecture.

Know the network

This probably goes without saying but as a SME, you must know the design and operation of the entire network infrastructure, the software used to operate the network, as well as the resources and tools used maintain the network.

Working with teammates

Provide that critical link between management and engineering to help turn business requirements into technical design requirements. Get comfortable working across the organization with executive leadership, analysts, engineers, vendors, and other technical team members to help plan and execute the deployments of new systems or updates.

What about the money?

Design the security infrastructure according to the budgetary constraints of the project. If the organization cannot afford the design, development, or maintenance of the security infrastructure, there is a chance the organization may fail to properly operate such infrastructure due to inadequate resources. To design a cost-effective solution agreeable to stakeholders, realize that customers don’t enjoy wasting money, especially when it comes to IT security.

Are project management skills important?

Keep a project on time, under budget, and manage stakeholder needs. If you don’t possess these abilities, you won’t stand a chance of being able to manage large, complex development and deployment processes. If you have little experience in this area, consider senior-level security engineering or systems admin roles with a PMP certification.

Cyber Security Architect Qualifications

Take a look at the basic qualifications needed for a cyber security architect:

How much experience is needed?

The time it takes for you have enough knowledge will always depend on your abilities and your security exposure. Expect to possess a minimum of 5-10 years of experience in information security with the bulk of that time spent as a security engineer, system administrator, or a combination of both. You won’t have the requirements of a security architect with anything less.

What do I need exposure to?

As an architect, maintain a wide variety of exposure to networking and security roles. Coding, networking, development, security, etc. are all pieces of what it takes to become an IT security architect. Take every opportunity to gain exposure in different roles even if that means occasionally switching jobs.

Security Architect Certification Path

Security Certification: A security architect certification doesn’t imply that you’re an expert, but it does help employers understand the minimum level of knowledge you possess. Once you reach this level the Security+ cert isn’t good enough; most employers will look for the following certifications:

CISSP (Certified Information Systems Security Professional) by ISC2

CISSP-ISSAP (Information Systems Security Architecture Professional) by ISC2

CISM (Certified Information Security Manager) by ISACA

GSE (GIAC Security Expert) by GIAC

GDSA (GIAC Defensible Security Architecture)

CASP+ (CompTIA Advanced Security Practitioner)

Keep in the mind that the choice of certification is less relevant than the actual knowledge you possess.

If you possess at least one of these certs, you should be fine; although if you have the CISM, it might be a good idea to get one more as it’s slightly less technical in nature.

Enterprise Architecture Framework: In addition to the security certification, it’s a good idea to also obtain an architectural framework certification to showcase your foundational knowledge of architectural design. Each framework differs in its approach or area of specialization. SABSA is a highly recommended enterprise security architecture framework but research which framework works for you. Here’s a non-exhaustive list of frameworks; however, this should help you to get a head start.

TOGAF (The Open Group Architectural Framework)

SABSA (Sherwood Applied Business Security Architecture)

DoDAF (Department of Defense Architectural Framework)

Zachman

What Does a Cyber Security Architect Do?

Security architects generally blend execution and management.

You’ll still be heavily involved in the technical aspects of the job, but you’re not always the person performing the implementation (no scripting, troubleshooting, server setups, etc).

Other teams will worry about the technical challenges of deploying the solution. You must know the specific challenges they face and develop solutions to overcome them.

In smaller organizations, the security architect responsibilities are slightly less defined, and you’re likely to have multiple responsibilities.

You may find that your duties range from cyber strategy, generally reserved for Cyber Security Directors or CISOs, to cyber development and integration, usually performed by security engineers.

In larger organizations, the position is much more defined because the information systems are highly scaled and much more complex. You may have several security architects, each responsible for their own areas of specialization such as: cloud security architect, data security architect, network security architect, etc.

Research & Strategy

As part of implementing any new or updated infrastructure, you’ll need to evaluate the business requirements, resource constraints, security technology, and threat landscape to determine a solution that will work best for the organization. Due to the evolving threat landscape, keep yourself updated with the latest knowledge. By understanding having this knowledge in the background, you’re able to offer employers and clients with the most technologically sound and cost-effective solutions.

Document everything

At the onset of any new implementation, you’ll participate in design or structural change-related activities. Heavy amounts of documentation (drawing, reading, writing, reviewing, and approving) are expected at nearly every point of the design lifecycle. The image below should give you a brief understanding of the types of documentation required to implement a successful security architecture.

Implementation & Test

Security solutions sometimes presents a challenge (or aren’t usable at all) and require a modification to the environment. As such, you’ll work directly with the security team, engineers, and analysts throughout the development process. These team members will work with you to implement and test these modifications.

Attend project reviews

Project meetings and reviews to discuss strategy, documentation, and implementation occur daily. During this time, you’ll provide guidance on all security-related matters. Expect to spend time reviewing the security architecture with stakeholders, vendors, and engineering teams to explain technical details.

How Much Does a Cyber Security Architect Make?

Considering the salary displayed by the following websites, the average salary of a security architect is around $135k ($65/hour).

Keep in mind, this is this the medium value, the upper and lower range can vary significantly.

Salary.com: $141,000 or $68/hour

PayScale: $131,000 or $63/hour

ZipRecruiter: $146,000 or $70/hour

Glassdoor: $120,000 or $58/hour

Do I Need a Degree for Cyber Security?

Yes, because you’re now the SME, your looked upon as the expert by most employers.

Employers want to ensure the architect being hired is fully capable of taking on the responsibilities of this role and have the academic background to prove it.

Therefore, having a bachelor’s degree is a minimum requirement at this level. While it’s difficult to find a “security architect” degree, you can research several alternatives to get your foot in the door:

• Information Technology (with a concentration in security, administration, or development)
• Network Administration
• System Administration
• Computer Science
• Computer Engineering
• Network Engineering
• Software Engineering
• Cyber Security
• Information Security

Cyber Security Engineer Vs Cyber Security Architect

Security engineers and architects, though highly skilled, have very different roles.

Cyber security engineers work to ensure the safety of a company’s information systems from a technical aspect. They implement solutions, developed by the architect, by applying their knowledge of computer science and engineering. A cyber security engineer develops, troubleshoots, manages and maintains various information systems in order to keep them secure.

Cyber security architects focus on the business aspects of security by designing the overall security architecture to withstand an attack. While there is a heavy technical component to this role, it’s more managerial in nature.

A cyber security engineer does not need to have a background in business or management, although it can help, but a cyber security architect must understand these topics before entering this role.

How to Become a Security Architect?

Look at the steps below to help you get started on your security architect career path:

1. Determine what line of security architect do you prefer? Interested in application-based security, or more infrastructure-based security? Do some research into the requirements and responsibilities of job descriptions that match those interests.
2. Explore the two separate routes to become a security architect: Security Engineer or System Administrator. Determine how to can obtain one of these positions; either one is fine if you can stick with it. Expect to spend around four to five years in this line of work.
3. If you’re a security engineer or system administrator, don’t stick with your current set of responsibilities for too long. You’ll need a broad amount of experience while you’re here so seek out opportunities to learn new things. If you’re finding that difficult, start looking for jobs that do allow you to grow. In the meantime, start really working on those soft skills.
4. Study for the security certifications and architectural frameworks that will help you learn the necessities of becoming a security architect. Passing these certifications shows employers you’re technically qualified to move toward a higher role.
5. If you have the time and resources, you might consider getting your MBA. It’ll teach you some of the business aspects of becoming a security architect and looks great on your resume. Some MBAs offer concentrations in IT or information systems which is even more beneficial.

Can I Take a Security Architect Training Course?

Yes, you can take a security architect course but be warned!

It isn’t a substitute for the experience and the exposure requirements discussed above.

Because a security architect position is not an entry-level position, I was able to find only two security architect bootcamps provided by Udacity and SANS.

Fair warning, the SANS course is a prep course specifically designed to help pass the GIAC Defensible Security Architecture (GDSA) exam, but it’s still an option to think about.

Interested in More…

Cyber Security vs Computer Science: Know the Difference!

What Is the Best Job in Cyber Security?

The Best Method to Become a Security Auditor!

Wondering How to Be a SOC Analyst?

---

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

Trying to decide which career path to take? The truth is, there are some similarities between cyber security vs computer science but also some key differences. In today’s article, we’ll discuss both to help you make the right choice.

Table of Contents

Interested in learning more about cyber security vs computer science. Click below to find out!

Is Computer Science the Same as Cyber Security?

What’s The Difference Between Cyber Security and Computer Science?

Is Computer Science Needed for Cyber Security?

Can You Do Cyber Security with A Computer Science Degree?

Can I Do Master’s in Cyber Security After a Bachelor’s in Computer Science?

Which Degree Is Better Computer Science or Cyber Security?

Is Computer Science the Same as Cyber Security?

Is cyber security computer science or does cyber security fall under compute science? The answer is… it depends.

It’s true that some of the concepts behind cyber security are shared with computer science, like coding and programming.

But at its core, cyber security is about protecting data—and there’s a lot more to protecting data than just being able to code; there’s a certain psychology involved in cyber security.

For example, if you’re trying to protect a computer from getting hacked, you need to know the various ways hackers might attempt to breach a system. One such method, which often has nothing to do with computer science, is social engineering (think email or phishing scams).

Physical security, such as locking an office which may contain sensitive information, is also another example where computer science has no bearing.

Security concepts such as access control may require coding to grant a user access to a specific system but is also as simple as determining who is allowed to have access which doesn’t require coding.

What’s The Difference Between Cyber Security and Computer Science?

What is Cyber Security?

Cyber security is a multi-faceted and rapidly growing field that involves protecting information systems to ensure the confidentiality, integrity, and the availability of such information (commonly known as the “CIA Triad”) through various means.

There are many different types of jobs in this field, but all of them deal with protecting against threats, either internal or external.

As a cyber security professional, you would usually find yourself working as part of a larger team, and your job could be anything from securing a specific system to managing the security of the entire corporate infrastructure.

And What Can You Do with A Cyber Security Degree?

With a cyber security degree you’re open to nearly any job in cyber security. Here’s a list of the 11 cyber security domains in which you can excel:

Security Frameworks and Standards

Application Security

Security Risk Assessment

Enterprise Risk Management

Security Governance

Threat Intelligence

Security Training

Security Operations

Physical Security

Career Development

Security Architecture

Want to know if a cyber security degree is worth it?

What is Computer Science?

Britannica defines the field of computer science as, “the study of computers and computing, including their theoretical and algorithmic foundations, hardware and software, and their uses for processing information. The discipline of computer science includes the study of algorithms and data structures, computer and network design, modeling data and information processes, and artificial intelligence”.

It’s a popular technology field that utilizes Python, Java, and multitude of other computer languages used to program information systems.

And What Can You Do with A Computer Science Degree?

With a computer science degree you can have your choice of jobs in over 100 different careers.

Read below to help you discover exactly how to start your cyber security career with a computer science degree.

Is Computer Science Needed for Cyber Security?

“Do I need a computer science degree for cyber security?”…”maybe!”

Cyber security is a multidisciplinary field that requires skills from many different disciplines, including computer science, but the answer to whether you need a computer science degree depends on what kind of job you want in this field.

There are plenty of jobs available in the industry for non-programmers (read further to get an idea of which type of job might suit you better); however, most of the time, when people ask this question, they’re trying to figure out if they should get an undergraduate degree in computer science, software engineering, or some other IT degree. And most of the time, the answer is “it doesn’t matter.”

Even if you decide not to pursue a computer science degree, you’ll still need to know how computers work, the basics of computer programming, how they communicate with each other, and how they store and process information.

Is Cyber Security Easier Than Computer Science?

Or is…“Is cyber security harder than computer science?” No, cyber security is not any easier or harder than computer science. Although some overlap exists between these fields, the two are quite different and require different skill sets.

Can You Do Cyber Security with A Computer Science Degree?

Is computer science a good degree for cyber security? Yes, you can do cyber security with a computer science degree. Read each step below to get you on the right path…

There’s No Perfect Degree

The first thing you should know is that there is no single, specific degree or certification that will teach you how to do cyber security. You’ll need to start by working towards an undergraduate degree in computer science. This will give you the foundation for understanding how computers work, how they’re vulnerable, and how you can protect them from threats.

Take a Few Security Courses

You’ll want to consider taking a few courses in security or information assurance. Get the best use of your credits by taking electives in any of the security courses available to you. Even if you exceed the number of credits required to graduate by a little bit, that’s okay. With enough credits, you may even qualify for a minor in cyber security. With this, you’ll be more likely prepared for careers in digital forensics, incident response management, cybercrime investigation and prevention, cryptography, network security administration, etc.

Start Attending Cyber Security Conferences

Infosec-Conferences.com has an amazing user-submitted list of nearly every security conference available. You will have to do some research to determine if student discounts are available; however, you can also find low cost or free opportunities with your local technology council, university cyber club, BSides, Eventbrite, or Meetup.

Get Experience Quickly!

Earning a computer science degree is important and will help you get your foot in the door, but it won’t get you far on its own. The reality is that most companies are looking for people who have both technical skills and real-world experience. This means you need to take every opportunity to gain experience whether that’s through an internship, volunteering your IT knowledge, solving people’s personal computer issues…anything! The one advantage you have with a comp sci degree is that it’ll be much easier for you to land a job versus an infosec degree.

Marketing is Everything!

How do you expect to land a job if no one knows you exist? In the end, you’ll need to network with people. Post your resume on websites…such as MyTurn (coming soon) and get a LinkedIn profile going. But having a profile isn’t enough, you need to cut through the clutter just to be seen. Start writing meaningful LinkedIn articles, participating in security discussion in your local security conferences or groups, have a GitHub profile started! Do everything you can just to be seen!

Seek Out Security Certifications

Once you’ve got your undergraduate degree, then it’s time for some hands-on training through certifications. There are two good certifications available for starting out, including: CompTIA Security+ or ISC2 “Certified In Cybersecurity”. Pick one start out with. You’ll need to get a few different certifications and maybe attend some security bootcamps, but all these things can be done with a computer science degree.

To recap, can you work in cyber security with a computer science degree? Yes, you can! But it’s not as easy as you may think. As long as you’re willing to put in some hard work and dedication, there’s no reason why you shouldn’t be able to find employment!

Can I Do Master’s in Cyber Security After a Bachelor’s in Computer Science?

Absolutely! To pursue a master’s degree in cyber security, it’s worth looking into these two pathways…

Online Program: One of the most common options is an online program. These programs typically take one to two years to complete and can be completed on your own schedule. Online programs are great because they allow students to continue working while they study. That way you don’t have to worry about missing out on opportunities because of your education.

Campus-based Program: Another option is a campus-based program—these courses are taught by professors who work at local colleges or universities, so you’ll be able to see them in person whenever necessary. Campus-based programs are often more expensive than online programs because they include other fees associated with attending school on campus (meals, housing costs). However, they also offer academic support services like counseling and tutoring services that might not be available through online schools.

Wondering how long it takes to complete a cyber security degree?

Which Degree Is Better Computer Science or Cyber Security?

Cyber security vs computer science, which is better?…Neither. The core difference is how technical you want to get when it comes to security.

More Technical: If you’re interested in the technical side of things, then computer science would probably be more appropriate for you. With a computer science degree, you’ll have the foundational knowledge to understand security from a coding perspective. You’ll learn about different programming languages, coding techniques, and integration methods while developing software and applications for securing information systems.

Additionally, with a computer science degree, you have a certain amount of flexibility that you’re not going to get with a cyber security degree, making it easier to enter the infosec industry. The same can’t be said for a cyber security degree; you can’t suddenly become a python developer with a cyber degree.

A computer science degree is good if you’re looking to get into Application Security, Security Operations, and Security Architecture.

Less Technical: On the other hand, if you’re leaning towards the less technical side, getting a cyber security degree is probably a better option. With this degree, you’ll learn about the various types of network infrastructures and their security vulnerabilities, offensive and defensive security measures, security risks, policies and procedures, social engineering techniques, as well as encryption methods (like public key cryptography).

A cyber security degree is perfect if your area of interest is Security Frameworks and Standards, Security Risk Assessment, Enterprise Risk Management, Governance, Security Training, Physical Security, Threat Intelligence, or Career Development.

Still Having Trouble Deciding Which Is Better Computer Science or Cyber Security?

Still having difficulty in making a choice between cyber security vs computer science, then let me help you out. If you’re more technically inclined, go with the computer science. For the less tech savvy, not that there aren’t some technical aspects to the degree, then go for the cyber security degree.

With a cyber security degree, you’re saying to yourself that security is the career path I want to take. With a computer science degree you’re provided a wide variety of fields from which to choose.

Ultimately, the final decision is yours. But, it’s probably a lot easier to move from a more technical degree to a less technical degree. If you’re ambitious enough, you can do both!

Interested in More…

What Is the Best Job in Cyber Security?

The Best Method to Become a Security Auditor!

Wondering How to Be a SOC Analyst?

Choose the Right Career, Cyber Security vs Ethical Hacking

---

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

What is the best job in cyber security? Well, that really depends on your interests and experience.

If your real question is, what is the best job for me to get my foot into cyber security…then maybe we can answer that in today’s article.

I do want to warn you. Cyber security is generally not considered an entry level career; however, that doesn’t mean you can’t find a job as an entry-level candidate if you’re willing to work hard.

Table of Contents

What is the best job in cyber security?…Click below to find out!

What Are Some Entry Level Cyber Security Jobs?

What Is the Easiest Cyber Security Job?

Can I Get a Cyber Security Job Without a Degree

Cyber Security Jobs That Don’t Require a Degree

What To Study for Cyber Security Jobs?

What Do You Major in For Cyber Security?

Is It Easy to Get a Cyber Security Job

Is It Hard to Get a Job in Cyber Security

How Competitive Is Cyber Security?

How Many Cybersecurity Jobs Are There?

What Companies Hire Cyber Security Professionals?

Where to Start Cyber Security Career?

What Is the Easiest Cyber Security Certification?

What Skills Are Necessary for Cyber Security?

What Soft Skills Are Necessary for Cyber Security?

Are Cyber Security Jobs in Demand?

Do Cyber Security Jobs Pay Well?

What Are Some Entry Level Cyber Security Jobs?

When looking for cyber security beginner jobs, you’ll come across many roles. So many in fact, that it would be difficult to really tell you which role is the best role.

I can say for sure that trying to become a penetration tester or red teamer right out of school is probably not the best way if you don’t already have the necessary background.

These positions are extremely competitive and quite honestly very boring, nothing like you see on TV or in the movies.

A good job title for entry-level cyber security graduates is “cyber security analyst” (aka information security analyst).

The below list is a variation of the analyst roles that are great to seek out:

Cyber Security Analyst, Information Security Analyst, Threat Analyst, Security Risk Analyst, Security Compliance Analyst, Security GRC Analyst, Security Risk and Compliance Analyst, Network Security Analyst, Network Defense Analyst, Cyber Defense Analyst, Forensic Analyst, Blue Team Junior Analyst, Cyber Detection Analyst, Security Operations Analyst, Cyber Intelligence Analyst, Cyber Operations Analyst, Cyber Policy Analyst, Incident Response Analyst, SOC Analyst, Cloud Defense Analyst, Cloud Security Analyst, IT Security Analyst, Security Audit Analyst, Audit and Compliance Analyst, Systems Security Analyst, Identity Access Analyst, Product Security Analyst, Network Exploitation Analyst, etc.

What Is the Easiest Cyber Security Job?

The easiest job title is again based on the type of work you like to do and your existing background.

A specific job title doesn’t have only one set of responsibilities. The position of cyber security analyst, for example, is a broad field that carries many different responsibilities depending on which organization you’re employed with.

However, if you have no technical experience or knowledge of computer languages, then the “easiest” cyber security job for you to consider is in the field of security governance, risk, and compliance (GRC).

I’m not saying this field isn’t a challenge, but you’ll find that it’s not reliant on technical skills to gain entry.

Read here if you want know more about how to get into cyber with no experience.

Can I Get a Cyber Security Job Without a Degree?

Yes, you can get a cyber security job without a degree. But it’s more challenging to find a job without a formal education so be prepared to do an extensive amount of studying on your own.

Cyber Security Jobs That Don’t Require a Degree

With little exception, entry-level cyber analyst positions don’t need a degree.

There are some organizations that request a degree, such as government or government contracting companies; otherwise, there’s really no reason why an employer needs a candidate with a degree.

If that’s the only thing holding you back, go ahead and apply anyways.

Most often, many employers will substitute an education for someone with solid project or work experience.

What To Study for Cyber Security Jobs?

Getting a degree is different than asking what to study for a cyber security job. That’s because one is independent of the other. Let’s talk about a couple things you can do to study for a security role:

College Degree. As previously discussed, a college degree is always a good option if you have the time, money, and patience to see it through to the end. An employer is primarily concerned with your foundational knowledge, your lab/project experience, and how well you finished your degree program (i.e. were you an ‘A’ student or ‘C’ student). That last piece demonstrates how well you can assimilate information and your work ethic.

Security Certification. Certifications are an important asset in your cyber security journey. Currently, about 2/3rds of job postings request security certifications as part of the job description. So, if you want to be taken seriously as a security professional, regardless of whether you possess a degree, having up-to-date security certifications are important. They do a great job of keeping you updated on the latest security trends and knowledge, whether by taking the exam or by forcing certificate holders to maintain the required educational credits.

What Do You Major in For Cyber Security?

Have you decided on the college route? Today, most major universities will offer cyber security degree programs.

Unfortunately, many of those programs are still in their infancy.

It’s not uncommon to find two of the same cyber security degree programs with differences in the quality of their education.

That doesn’t mean you still shouldn’t strive for a degree, given the opportunity. It just means, you need to be more discerning about your choices.

A much more practical option is to get an IT degree, then obtain a security certification to move into cyber security.

The benefit here is that it’ll be easier for you to get an IT job, which will make it much easier for you to move into cyber security.

Regardless, trying to determine what major is best for your security career really depends on what area you want to specialize in.

If you’re interested, read here if want to learn more about what to study.

For example, if you’re interest is in network security, then get a degree in network security; or you can get a degree in network engineering or network administration with a security certification.

Either way, it’ll achieve the same result.

Is It Easy to Get a Cyber Security Job?

No, it’s not easy to get a cyber security job because many companies are having difficulty in finding qualified talent.

One of the main reasons why people might perceive a difficulty in getting hired in cyber security is that often companies are looking for experienced personnel to manage the security of their information systems.

What compounds the problem is that many recruiters and hiring managers don’t understand what to look for when it comes to hiring security personnel.

In other words, they need experienced personnel but don’t know what an experienced person looks like!

From their perspective, hiring the wrong person can have significant ramifications to their bottom line.

Therefore, you can certainly understand why companies are often unwilling to hand over such great responsibility to recent graduates or untried talent.

Is It Hard to Get a Job in Cyber Security?

No, just as with any other industry, if you have little-to-no background in IT or security and possess no education or certifications, you can certainly expect some hesitation by companies to hire you.

However, you do need to work to get your foot in the door.

Take a look at my LinkedIn article that talks about how often you should be applying for a job.

In other words, applying for a job, is a job in-itself!

How Competitive Is Cyber Security?

Organizations such as Cyberseek, supported by the National Initiative for Cybersecurity Education (NICE), approximates “that there are only enough cybersecurity workers in the United States to fill 68% of the cybersecurity jobs that employers demand.”

This means that cyber security, as a whole, is not a very competitive field; it only seems that way for a couple reasons.

First, as we previously mentioned is because of the bottlenecks in the corporate hiring process. But the second reason is because many young students tend to think that cyber security means penetration testing or ethical hacking and believe this is the only route into the industry, when in reality there’s so much more!

So, while everyone’s competing for those cyber positions that seem glamorous, I suggest you go after those positions that seem less glamorous and have less competition.

How Many Cybersecurity Jobs Are There?

68% is a really good number considering the total number of cyber security job openings is well over 700,000 jobs!

This means that cyber security has a “0%” unemployment rate; there’s no shortage of cyber security jobs available!

What Companies Hire Cyber Security Professionals?

Companies in nearly every industry have a need for cyber security professionals. However, you will tend to find about 30% of cyber security hiring takes place in the professional services industry (i.e. consulting, staffing, and third-party security providers).

These are companies that hire cyber security personnel to perform security services for other businesses.

For example, if a company needed to develop a cyber security program, they would either hire a Chief Information Security Officer (CISO) to develop a program from the ground up, or outsource their corporate security to a third-party company, or use a cyber security resume database to search for potential candidates themselves.

Where to Start Cyber Security Career?

If I’m being completely honest, the best place to start your cyber security career is by looking for jobs in IT, as I previously mentioned.

As you gain some knowledge, start learning the security aspects of your role, get a security certification, set yourself up with a LinkedIn profile, and eventually make the move into more cyber related roles.

However, if IT isn’t the direction you want to start from, then you need to be tenacious and patient. It’s not uncommon for it take a minimum of 6 months before you get your first offer or even interview.

What Is the Easiest Cyber Security Certification?

The easiest cyber security certification that will lead you down the path of getting the best cyber security job is the CompTIA Security+.

Another is ISC2 Certified in Cybersecurity (CC).

The Security+ has been around for a while and will be one of the first certifications that many technical recruiters look for on your resume. However, the CC is also just as comparable and backed by a very reputable organization.

It’ll take a bit of study depending on how quickly you’re able to absorb the material.

On average, it can take anywhere from a couple of weeks to a month to study for.

Either certification is good enough to get your foot in the door, and they’re also vendor neutral; meaning they don’t just apply to one company, business model, or cyber security tool.

I recommended either cert as being the first security certification you should obtain.

What Skills Are Necessary for Cyber Security?

If you want to know technical specifics, that’s usually dependent upon the field of interest. There’s no one area of technical proficiency that will lead you to the best job.

The Cyber Career Pathways Tool provided by the National Initiative for Cybersecurity Careers And Studies (NICCS) is an amazing source to determine the technical skillset you’ll need for more than 50 different cyber security job titles!

What Soft Skills Are Necessary for Cyber Security?

You’ll be surprised to find out that there aren’t any specific skills for cyber security other than soft skills.

Common soft skills include critical thinking, analytical problem solving, persistence, communication, interpersonal skills, patience, etc.

And don’t think soft skills aren’t important! Being able to interact with your peers, leaders, and even clients is a highly prized skill that not every person possesses.

Be prepared to go through a rigorous behavioral interview process that tests how you manage to navigate hypothetical scenarios, or how you’ve dealt with previous situations.

Are Cyber Security Jobs in Demand?

Yes, cyber security jobs are in demand.

According to the US Bureau of Labor and Statistics, the demand for information security analyst alone will increase by 35% between 2021 and 2031.

The great thing about cyber security is that you’ll find people that have migrated from many different backgrounds.

Do Cyber Security Jobs Pay Well?

Yes, cyber security jobs pay very well. Many entry-level security jobs can pay upwards of $70k.

After about a year of experience, you can find jobs that pay over $85k.

Websites such as PayScale, ZipRecruiter, Glassdoor, and Salary.com can give you a general idea of the approximate pay range that can be expected.

I’ve tried to do some of the hard work for you by finding the approximate averages according to job title in some of my other posts.

As an example, the average salary for a cyber security auditor is about $108k. Not bad!

Interested in More…

The Best Method to Become a Security Auditor!

Wondering How to Be a SOC Analyst?

Choose the Right Career, Cyber Security vs Ethical Hacking

Cyber Security vs Data Science: Which Is Better?

---

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

Interested in learning how to become a cyber security auditor! Read on as you learn everything to get your auditing career started!

Table of Contents

Start your career in cyber security and auditing! Click below to find out more…

What Is a Cyber Security Auditor?

What Does a Cyber Security Auditor Do?

Information Systems Auditor vs Information Security Auditor

Internal Security Auditor vs External Security Auditor

Compliance Standards for Security Auditors

Information Security Auditor Job Description

Auditing Tools for Information Security

Cyber Security Auditor Skills

Cyber Security Auditor Salary

How to Become a Cyber Security Auditor?

IT Security Auditor Career Path

 

What Is a Cyber Security Auditor?

A cyber security auditor assesses an organization’s information security program from a top-down perspective to ensure compliance with a specified cyber security framework.

What Does a Cyber Security Auditor Do?

The auditor will analyze the presence of an enterprise’s data and information to determine if it is protected appropriately by:

1) Assessing whether the organization has proper controls in place to regulate data access

2) Determining if those controls are appropriate based on its policies and procedures

3) Ensuring that the controls being implemented to protect their data and assets are effective

4) If weaknesses are found, the auditor will make recommendations regarding what corrective actions should be taken, normally involving documenting processes and procedures, additional training for employees or upgrades to hardware or software.

Information Systems Auditor vs Information Security Auditor

It’s important to understand that both job titles are not interchangeable. In general, there are many similarities between the two roles: both positions involve auditing computer systems for the purpose of ensuring accuracy and risk reduction. However, the key difference is the nature of their roles:

Information Systems Auditor (aka IT Auditor)

During an information systems audit, the auditor is concerned with the efficiency of the company’s information systems.

Information Security Auditor

During IT security auditing, the auditor is concerned with the security of the company’s information systems and not its efficiency.

Internal Security Auditor vs External Security Auditor

There are two types of security auditors, external and internal. Let’s look at both:

External Security Auditor

An external auditor is a third-party agent whose purpose is to validate a company’s compliance with a government or regulatory requirement.

Internal Security Auditor

An internal auditor can either be an employee or third-party consultant hired to perform audit functions to help the organization maintain compliance with an external audit.

For example, if a company wants to be ISO 27001 certified, they may hire an internal auditor to identify deficiencies in their IT policies, procedures, and controls, who then works with the company to bring them into compliance. The external auditor would then validate that the company has made the necessary adjustments to their information system practices to meet the requirements of ISO 27001 certification.

Compliance Standards for Security Auditors

While a company can choose from any set of cyber security frameworks to adhere, they might be required by law to follow a specific framework. For instance, medical facilities are required by law to follow the Health Insurance Portability and Accountability Act (HIPAA) dictating how personally identifiable information should be maintained by the healthcare industry.

While there are many frameworks or laws for which a company may follow, some of the more common ones are:

ISO/IEC 27001

NIST Cyber Security Framework (CSF)

NIST Special Publication (SP) 800-53

CIS Critical Security Controls

As an auditor in the US, you’ll find that these four frameworks are worth learning. To make it easier, you’ll find some overlap between them.

Information Security Auditor Job Description

While information security auditor responsibilities will often vary from role-to-role, the following lists your daily activities in four steps:

Security Assessment Plan Preparation

Prior to conducting an audit, the auditor must prepare for the assessment. You’ll need to be familiar with the organization’s operation and structure as well as the key stakeholders involved in the audit. Additionally, you’ll need to work with executive teams to determine the objective, scope, and length of the assessment. Be prepared to gather all the necessary documentation, status of operations, and other facts required to consider as part of the assessment.

Security Assessment Plan Development

During the development of a security assessment plan, the auditor will determine what security controls are to be included as part of the audit. The procedures for the assessment are selected and tailored to the environment, even if that means developing new procedures. Assessment procedures are then optimized and finalized with organizational approval.

The assessment plan will include any vulnerabilities or security gaps that you’ve identified, measures that can be implemented to mitigate those vulnerabilities and gaps, as well as reporting procedures.

Security Assessment Plan Performance

After the plan’s development, you’ll begin auditing the system for those controls having been identified as part of the assessment plan. This includes documenting the outcome of the controls’ effectiveness and any deficiencies.

Security Assessment Performance Review

During the review period, the findings of the assessment report are reviewed. At this time, auditors will collaborate with the executive team to understand and formally plan for methods to address deficiencies and manage the organization’s risk. As needed, the auditor may be required to run through multiple iterations of these four steps.

While the above four steps were sampled from NIST, you can be sure that these steps are common to any IT security job description.

Auditing Tools for Information Security

There are multiple cyber security audit and compliance tools that are used to provide reports for your audit. Each tool serves a specific purpose within the information system. Here are the common tools used by security auditors:

Code Scanning Tools scan for broken or low-quality coding issues that may cause vulnerabilities to arise.

Network Scanning Tools scan the network for vulnerabilities as well as network traffic for possible security threats.

Vulnerability Scanning Tools checks the system for any potential points of unauthorized access that will allow the possibility of a security breach.

SIEM Tools integrate multiple security tools and are able to correlate security events to alert users to real-time threats.

Though you’re not required to know how to use these tools, you do need to understand how to interpret the reports generated from such tools.

Cyber Security Auditor Skills

The skills needed for a cyber security auditor job can be broken down into several categories.

Interpersonal Skills

While evaluating the company’s security posture, you’ll be working with multiple personnel, some of whom are used to doing things a different way. Unfortunately, your role is somewhat intrusive in nature which may not be appreciated by all those involved. As a result, having empathy is essential in your role, especially for those with limited resources or lack of knowledge in your area of expertise.

Technical Skills

Being technically savvy is part of the job. Information security is highly technical in nature, so you’ll need a deep understanding of how information systems operate as well as a solid understanding of how to interpret security audit tools.

Analytical Skills

Vital when performing your role as an auditor as you need to have a keen eye for details and be inquisitive. You’ll be required to gather and analyze information from various sources such as information systems; security documentation; personnel interviews; and security procedures, processes, and controls to understand where deficiencies are present.

Presentation Skills

Expect to present your findings to leadership regardless of the outcome. The ability to present usually requires a bit of finesse; you’ll be speaking to personnel that may not understand the technical language or might have difficulty in accepting your findings.

Patience

Conducting an audit can take a few weeks to months. Leadership teams will expect you to provide them with continuous status updates. During that time, you’ll have an enormous amount of information from which to gather and process which can be tedious.

Cyber Security Auditor Salary

Based on the average “information security auditor” salary for the first three websites listed below, you can expect to earn an average of $108k/year.

Salary.com: Salary range falls between $100k to $142k and averages $114k

ZipRecruiter: Salary range falls between $63k to $124k and averages $93k

Glassdoor: Salary range falls between $78k to $194k and averages $117k

PayScale: Salary range falls between $55k to $103k and averages $72k (for IT Auditor)

How to Become a Cyber Security Auditor?

If you’re truly interested in learning how to become an information security auditor, one of the best methods to get a job is to gain experience first. Regardless of whether you have a degree or any other certification, experience is an absolute must!

And, while you might get lucky and obtain a junior or associate level cyber security auditing position, you’ll always be second best to someone that already has a background in IT auditing. If you’re having trouble finding a role, look below at an alternative step to become a security auditor.

IT Security Auditor Career Path

Apply for an IT Audit Role

If you can’t find a job as an information security auditor, then don’t waste too much time. The next best method, as counter intuitive as it may seem, is to find a job working in IT auditing, not information security.

Is IT audit a good career? Yes, as an IT auditor, you’ll gain enough experience to pick up some security knowledge along the way. As an added benefit, there are more job opportunities as an IT auditor then IS auditing. For example, a quick search of Indeed showed approximately 750 jobs for “Information Systems Auditor -security” vs ~100 jobs available for “Information Security Auditor”.

Get Your Security+ Certification

Before you even think about moving into information security, you’ll need your very first certification, the CompTIA Security+. The good thing about this certification is that it doesn’t require any experience and immediately gives you some infosec credibility.

Become a Certified Cyber Security Auditor

Once you’ve had sufficient experience as an IT auditor and have passed the Security+ exam, you’ll want to make the move into information security and audit. It’s at this point you’ll want to consider taking one of the following certifications to appear more serious about your auditing career:

Certified Information Systems Auditor (CISA)

GIAC Systems and Network Auditor (GSNA)

Certified Internal Auditor (CIA)

Information Security Audit Training

Though it’s not required, you might want to take a security audit course if you’re having trouble getting certified. There you’ll be trained to understand the security aspect of auditing which may or may not be associated with any certification program. Here are a few programs to get you started in the right direction:

Information Systems Audit and Control Association (ISACA)

The SANS Institute

The Institute of Internal Auditors (IIA)

Information Security Management System (ISMS)

Regardless of your choice, as always, I recommend going with an officially authorized information security auditor training program if you’re goal is to pass a certification exam; otherwise find a program that’s been certified by an accredited body. You can find a list of accreditation bodies by country along with the certification body listed here:

IAF Certification Validation – IAF CertSearch

Apply for Security-Focused IT Audit Roles

If at this point you’re still having trouble obtaining infosec auditing roles, start by making the move into IT auditing roles that have some focus on security. By doing this you now get to work with a mix of responsibilities. Then, if you feel successful at the job, you’re now only a step away from getting a full information security auditing role!

Interested in More…

Wondering How to Be a SOC Analyst?

Choose the Right Career, Cyber Security vs Ethical Hacking

Cyber Security vs Data Science: Which Is Better?

Difference Between Cyber Security vs Cloud Security

---

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

Wondering how to be a SOC analyst? Read below to understand what SOC analyst do and how to get your first job.

Table of Contents

How to become a SOC analyst! Click below to find out more…

What Is a SOC Security Analyst?

SOC Analyst vs Security Analyst

Why Do You Want to Be a SOC Analyst?

What Is the Average SOC Analyst Salary?

SOC Analyst Roles and Responsibilities

Determine Your SOC Analyst Role

How to Be a SOC Analyst?

SOC Analyst Job Requirements

How to Become a SOC Analyst Without a Degree?

What Degree Do I Need to Be a SOC Analyst?

Will a SOC Analyst Certification Help?

What Is the Best SOC Analyst Certification?

Is SOC Analyst a Good Job?

What Is a SOC Security Analyst?

A SOC analyst is a person who studies and analyzes information security threats and vulnerabilities. They examine data from both internal and external sources, as well as analyze data to find patterns and trends that could be useful for assessing risks. By reviewing these patterns of activity, they can determine whether there’s a security risk—and if so, how serious it is.

SOC Analyst vs Security Analyst

Security analyst roles come with a variety of titles. Let’s take a look at a couple other types of roles:

Security Compliance Analyst. This is a person that doesn’t analyze threat data but is more focused upon the security governance, risk, and compliance (“GRC”) of the organization. Depending on the nature of the role, they implement or examine current security policy, standards, controls, and procedures to determine whether they’re compliant with the intended security goals of the organization. This type of analysis isn’t dependent on log monitoring; rather, the intent is more “compliance monitoring”. Though non-technical in nature, a security compliance analyst does need to be familiar with the technical aspects of the profession.

Information Security Analyst. Technically speaking, the term “cyber” in cyber security deals with digital information. However, an organization may define an “information security analyst” for individuals responsible for analyzing the security of all information, including physical paper that’s been locked away. You may hear the terms “cyber security analyst” and “information security analyst” used interchangeably. If an organization does make a distinction, you might expect additional analysis regarding their physical security measures.

Although today’s article is more heavily focused on the SOC analyst type of role, some aspects are applicable to all cyber analysts roles in general.

Why Do You Want to Be a SOC Analyst?

While SOC analyst is a good place to start your career, there are points you need to consider before diving right in!

If you’re getting into cyber security because you think being an analyst is an easy job, it’s time to start looking into another industry. This is a challenging job just like any other cyber career with its own set of pros and cons. Expect to spend long hours staring at data in front of a computer screen while performing research on the side.

If you want to enter this career as a steppingstone to another security position, it’s doable provided you’re not trying to make a leap from analyst to red teamer! If you can handle that, then you’re on the right path!

What Is the Average SOC Analyst Salary?

Wondering how much do SOC analyst make? Below are listed the base pay hourly rates from select websites within the Washington DC region.

Payscale: $86,628/year or $42/hour *Cyber security analyst

Salary.com: $77,884/year or $37/hour

Glassdoor: $67,380/year or $32/hour

ZipRecruiter: $106,259/year or $51/hour

SOC Analyst Roles and Responsibilities

What do SOC analyst do? Each security analyst role will have varying degrees of responsibility so it’s up to you to check out the job description and make your own comparisons. Let’s look at some of the common SOC analyst day to day activities:

Network Monitoring. Use and configuration of network defense tools to monitor for system anomalies that might be indicative of a breach.

Detection and Event Correlation. Use of security incident and event management (SIEM) tools to identify threat activity from multiple sources across the network.

Threat Research. Maintain awareness of the most current threats, vulnerabilities, attack methods as well as detection techniques using common threat lists such as the CVE.

Event Documentation. Log alerts and threat data from detection events as well as collaborate with customers and various security team members to create incident and remediation reports.

Custom Support. Provide customers with incident response support such as: creating tickets, tracking investigations, upholding remediation efforts, and any other threat mitigating activities.

Technical Documentation Support. Analysts may also be asked to develop plans for implementing new processes or technologies within an organization’s infrastructure; they may also be responsible for training employees on how best to protect themselves from cyber threats.

SOC analyst duties involve roles such as: threat hunting, SIEM monitoring, incident response, network troubleshooting, system hardening, vulnerability scanning, etc.

Determine Your SOC Analyst Role

It’s hard to say what exactly you’ll be required to learn because there are many types of SOC analyst roles!

To give you an idea, here are some of the categories different roles may cover:

• Access to Cloud Services
• Endpoint Detection and Response
• Firewalls (Next-Generation or Web Application)
• Forensic Analysis
• Identity and Access Management
• Intrusion Prevention and Detection Systems
• Managed Detection and Response
• Network Access Control
• Security Information and Event Management
• Simulated Breach and Attacks

These are by no means exhaustive, and each one of these is a specialized area of security analysis with their own specific tools. It’s not realistic to believe you’re going to know all of them; however, if you have a particular niche that you can focus on, you’ll be better off.

How to Be a SOC Analyst?

It’s said that cyber security is not an entry level career; in a sense that’s very true. You’ll be competing against professionals with years of experience in IT wanting to make a switch. So, give yourself a chance by taking advantage of every learning opportunity!

Additionally, if you’ve participated in any security bootcamp, freelance work, or any college laboratory/project work, list it on your resume! Interested in more tips to upgrade your cyber security resume?

Most importantly, experience counts above all else. If you have any real-world IT experience, or can find ways to get some, you’ll be ahead of the curve. Check out some of these freelance sites to help you gain some experience:

• Upwork – Great freelance site for technical workers.
• Freelancer – Another really good option for showcasing your talent.
• Guru – Great spot to freelance your IT experience.
• Fiverr – My personal favorite to find gig work.
• TopTal – Job portal designed for the best of the best.
• FlexJobs – Here you’ll find a mix of gig work and full-time employment.
• JoinHandshake – An extremely popular site for college students and graduates.
• Internships – An amazing website with lists of many internship opportunities.

Every cyber graduate struggles for months to get a first-time job. Be prepared to receive many no responses and rejections before you even have a chance to sit down for your first interview. Remember, motivation only turns the car on, but it’s your perseverance that will see you through to the finish line!

In the next section, I’ll discuss the required skills for SOC analyst.

SOC Analyst Job Requirements

If you’re wondering how to get a SOC analyst job, let’s look at the prerequisites:

Critical Thinking. The most important qualification for this position is the ability to think critically. You’ll be looking at a tremendous amount of data, which means you’ll need to be able to tell what’s important and what isn’t.

Decision Making. You’ll come across many false positives, or even false negatives (i.e. anomalies that show up as negative, but are real threats). You must make decisions quickly, based on the facts at hand and in an environment where there are no right answers. Being an analyst is labor intensive and while security tools are available to help, don’t expect it to automate the decision-making process for you!

Communication. You’re expected to attend meetings as the subject matter expert; as such, you’ll need excellent communication skills. As part of your job, you’ll have to explain your findings to other people who might not understand them as well as you do.

Sales. This is an odd skill to possess; however, I’m not talking about selling a tool or product; instead, I’m referring to your ability to sell yourself. There’ll be times when you believe implementing certain security solutions are appropriate but would require additional cost and cause disruption to the company’s productivity. Be prepared to defend your reasoning as this can include communicating with executives and making sure they understand the importance of your work on their business bottom line.

Sociability. Ironically, the technical aspect of being a SOC analyst isn’t as crucial as being able to interact with your teammates. You’ll be working alongside other colleagues for long periods of time, and if you can’t get along with one another, the entire team will suffer!

Curiosity. There’s a lot that’ll be thrown at you, and you’ve got to be willing to do the research necessary to make sense of the information. Be prepared to undertake the responsibility of researching the who/what/when/where/why and how of the threat data and vulnerabilities.

Being Adaptable. With the cyber industry in a constant state of flux, you’ll need to adapt your approach as new information and events unfold around you. This means quickly processing new threats, monitoring techniques, security tools, etc.

In the next several sections I’ll discuss SOC analyst qualifications, including whether a degree is necessary.

How to Become a SOC Analyst Without a Degree?

Yes, it is possible to get a job in cyber security without a degree; however, that’s entirely dependent on the organization’s experience and education requirements.

A degree will give you an advantage when applying for jobs, especially true if you have no IT experience at all. Your resume will stand out among other applicants and may even earn you more interviews than someone without a degree.

Of course, there is a trend toward substituting education for those with sufficient experience; but in almost any case, obtaining security certifications are a must!

What Degree Do I Need to Be a SOC Analyst?

If you’re planning to go into cyber security and wondering what degree you need to become a SOC analyst, there’s some good news!

There are no specific cyber security degrees required for this position. If you have a formal education in cyber security, software, computer science or engineering, or information technology (IT), you shouldn’t have any issues transitioning into cyber security.

The college electives you take also matter. Some companies may prefer applicants who have taken additional course work in computer science or computer engineering, while others may be looking for a concentration in business administration or information technology.

If you’re trying to figure out which degree and concentration works best for your career goals, it’s important to consider your future goals and what kind of job opportunities are available in your area.

Sure, there are some positions that may require more education and experience, but for most entry-level positions, you should be able to get away with having a bachelor’s degree and no experience. However, as I mentioned earlier, without experience, it’ll take time to get your foot in the door.

Will a SOC Analyst Certification Help?

Yes, regardless of whether you decide to get a college degree, or receive any type of formal training, getting a SOC analyst certification will help your career goals.

Below I’ve linked to some of the best SOC analyst certifications to get you started down the right path.

What Is the Best SOC Analyst Certification?

There are multiple paths to becoming a certified SOC analyst!

First and foremost, the best certification for SOC analyst is the CompTIA Security+. This security certification is an absolute must for anyone attempting to enter the field of cyber security.

After you’ve successfully passed the Security+ exam, you have several options from the most well-known certifying agencies (GIAC, ISC2, CREST, and EC Council):

• CompTIA CySA+
• ISC2 Systems Security Certified Practitioner
• GIAC Certified Intrusion Analyst
• GIAC Continuous Monitoring Certification
• GIAC Certified Detection Analyst
• GIAC Security Operations Certified
• CREST Practitioner Security Analyst
• CREST Registered Security Analyst
• CREST Certified Network Intrusion Analyst
• EC Council Certified SOC Analyst
• EC Council Certified Threat Intelligence Analyst

Some of you will ask about ISACA; while they do offer some very good security certifications, there didn’t appear to be any dedicated to cyber security analysis.

Is SOC Analyst a Good Job?

Depends. As you probably realize by now, the role of SOC analyst is broad in scope and so are the responsibilities associated with it. So, it’s hard to guess if you’re going to have a tough time with the role.

Some claim that being a SOC analyst is very demanding while others will say it was easy. In fact, for a SOC analyst, burnout isn’t uncommon due to the constant vigilance required of the job.

Ultimately, your best bet is check or ask those questions on sites such as Quora or Reddit to get the best opinion!

---

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

Deciding between cyber security vs ethical hacking? Read on as I describe the similarities and differences between them to get your career headed in the right direction!

What Is Ethical Hacking?

Ethical hacking is not just a bunch of people who hack into websites to steal information.

It’s a form of computer security testing that involves professionals (aka “white hat hackers”) who have been trained to test a system or network to find vulnerabilities.

The goal of ethical hacking is to find and fix flaws before they can be exploited, rather than after the fact.

Ethical hackers have a set of ethics they adhere to while they’re working on a project—they only hack systems or networks with permission from their owners, and they always supposed to follow organizational guidelines for reporting the who/what/when/where/how of any discovered vulnerabilities.

Those companies can then fix any issues before they’re exploited.

Is Ethical Hacking and Cyber Security Same?

Both ethical hacking and cyber security are focused on protecting computers and networks from malicious attacks.

Ethical hackers use their knowledge to find vulnerabilities in systems and networks so that they can be patched up before real attackers take advantage of them.

In doing so, ethical hackers are helping companies avoid having their data stolen or their reputation ruined by hackers.

Cyber security professionals also have this same goal—they just go about it in slightly different ways.

The biggest similarity between these two fields is that both require a deep understanding of computer science as well as a strong grasp of network administration principles (e.g. routing protocols, encryption methods, etc.).

What’s the Difference Between Cyber Security and Ethical Hacking?

Cyber security vs ethical hacking, let’s look at the real difference:

Ethical hacking is the practice of testing a network or an information system for vulnerabilities before they can be exploited.

Cyber security is a more holistic approach to ensuring the confidentiality, integrity, and availability of the organization’s information systems and data which involves many aspects, including ethical hacking. If you’re interested, you can read about all 11 cyber security domains here.

Ethical hacking is a preventative approach to protecting information systems against intentional threats; on the other hand, cyber security is a preventative and responsive (i.e. once a security breach has occurred) approach that protects against both intentional and unintentional security breaches (ex. user clicks a button causing system to crash).

This means knowing how to protect an organization against physical threats like fires or floods, internal vulnerabilities like poor employee practices, external threats like hacking attempts or network intrusions into your system.

Ethical hacking doesn’t require knowledge of programming languages to start hacking; however, if you want to become an advanced ethical hacker, it does require solid knowledge of several programming languages.

Cyber security is such a vast field, that programming is not required to succeed.

If you’re interested in cyber security but don’t want to learning programming languages, consider a career as a cyber security analyst.

As an ethical hacker, unless you decide to work in teams, you’re pretty much on your own; however, cyber security requires you to work in teams to ensure compliance with all areas of security.

Which Is Better Ethical Hacking or Cyber Security?

It’s a tough decision to make. On the one hand, cyber security is a field that’s growing rapidly, with plenty of opportunities for people with the right skills to get their start.

On the other hand, ethical hacking is portrayed as the “cool” and specialized field that requires a lot of training and experience.

If you’re not sure which path to take, here are some things to think about:

Teamwork. If you’re interested in working with people, cyber security might be the better choice for you. If you’re interested in working autonomously (not alone), ethical hacking is better way to go.

Technical Skills. You need a lot of technical skills to be an ethical hacker! You’ll want to be familiar with programming languages such as Python, C++, Java, SQL, etc., as well as operating systems such as Linux or Windows. But, if you choose to work in cyber security, you still need a heavy amount of technical knowledge, just in different areas. For example, if you choose a career in GRC (governance, risk, and compliance) you’d be required to understand the risk management framework along with applicable security control, policies, and procedures.

Job Growth. Ethical hacking is a very specialized field within the cyber security industry. You’ll need to understand that the only growth in this field would be your breadth of knowledge and the speed of your skills. Beyond that, I wouldn’t expect much growth beyond the job title “Senior Ethical Hacker”. Growth after that may require you to become red team/blue team lead or switch into an engineering-type role (if you’re looking to stay technical). If we look at cyber security, growth has a much more natural progression. On the technical side, you can advance from cyber analyst to engineer to architect if you maintain your security certifications and learn to stay relevant.

Job Availability. One of the biggest downsides to a career in ethical hacking is the severe lack of need. Most companies hire only one ethical hacker (or none). So, if you’re prepared to be the best of the best, then go for it; otherwise, there are plenty of jobs available right now for cyber security professionals who want to bring their knowledge and skills into the workforce quickly.

Job Stability. Even if you do get hired, it may not be on a permanent position. You may be hired on a contractual basis where the scope of your position is to test a new software application or feature for vulnerabilities. As more security patches are implemented, fewer and fewer vulnerabilities become apparent. It may not be surprising to have your job eventually outsourced to a bug bounty program. By contrast, cyber security has very good job longevity. Once, you enter the field, there’s a very good chance, you’ll be here to stay for quite some time, assuming you don’t burn out!

Cyber Security and Ethical Hacking Salary Differences

The following shows the average and base salary of an ethical hacker from four separate sources.

Depending on the source, the range may represent base salaries between the 25th – 75th percentile.

Ethical Hacker:

• PayScale: Base salary $49k – $112k and averages $80k
• Salary.com: Base salary $83k – $132k and averages $104k
• Glassdoor: Base salary $80k – $196k and averages $119k
• ZipRecruiter: Base salary $127 – $142k and averages $135k

Cyber Security:

• PayScale: Average salary $92k (salary range not given)
• Salary.com: (salary range not given and dependent upon exact job title)
• Glassdoor: Base salary $62k – $180k and averages $98k
• ZipRecruiter: Base salary $60k – $146k and averages $113k

Unfortunately, the salary ranges and averages don’t align very well together, so a real determination can’t be made just from income alone.

Just as a reminder, salary ranges and average are dependent on the sources input and method of calculation.

As a reader, you’re cautioned to use additional sources to educate yourself on the total compensation.

Is Ethical Hacking a Good Career?

Hacking is fun and exciting. You get to learn about all kinds of new things, and it’s easy to feel like you’ve made the right choice if you’re just starting out.

However, it’s not all fun and games—it’s actually hard work! You’ll spend hours researching different vulnerabilities and figuring out how they work, as well as actually finding them in real-world systems.

This can be extremely tedious and boring at times, so make sure that this is something you’re willing to put up with before pursuing this career path.

It’s a great career if you manage to get your foot in the door, but the lack of job opportunities should make you think twice before you decide to step into ethical hacking! While it’s ultimately dependent on your skills and interest, you might have a better chance of success looking at other career paths in cyber security.

Create a Roadmap for Your Cyber Security Career!

TL;DR

Cyber security vs ethical hacking, which career is right for you?…Click below to read more!

What Is Ethical Hacking?
Is Ethical Hacking and Cyber Security Same?
What’s the Difference Between Cyber Security and Ethical Hacking?
Which Is Better Ethical Hacking or Cyber Security?
Cyber Security and Ethical Hacking Salary Differences
Is Ethical Hacking a Good Career?

---

by Amit Doshi

Ready to Find the Cyber Career That Works for You?