Take Control of Your Cyber Career!

Take Control of Your Cyber Career!

Is Cyber Security Right for Me?

Is Cyber Security Right for Me?

Is cyber security right for me? As a rule, cyber security is right for anyone. For example, you enter a password to login into a web application, expect privacy when you talk on Google Meet or Zoom, and only forward emails to people that have a “need to know”, etc.

All of these are examples of cyber security (or information security). The question is, do you want to apply these in a more formal environment and turn them into a career?

Table of Contents

Is cyber security right for me? Click below to find out!

Would I Be Good at Cyber Security?
Why Is Cyber Security a Good Career?
How Is Cyber Security as A Career?
Is Cyber Security Easy or Is Cyber Security Hard?
Do You Need a Degree to Work in Cybersecurity?
How Can I Start a Career in Cyber Security?
Is It Easy to Get a Cyber Security Job?
Where to Learn Cyber Security?
Is A Career in Cybersecurity Worth It?

Would I Be Good at Cyber Security?

Yes, of course you would be good at cyber. The great thing is that cyber security is one of the few industries that’s found in every sector of the global economy.

Each industry has something specific to contribute to cyber; meaning, it’s not a one size fits all industry.

And it’s an industry that employs people from all backgrounds because of the intense need for a diverse set of skilled labor.

For instance, the healthcare industry has specific HITRUST or HIPAA security requirements to ensure that patient data is kept confidential. This makes it a great opportunity for people in the medical field that already have this knowledge.

So, it doesn’t matter if you’re coming from IT, healthcare, or even HVAC; you would still be great at cyber security.

Why Is Cyber Security a Good Career?

Cyber security is a very good career option if you’re seriously considering it.

If you’ve ever thought about security, then you probably already know that it’s a booming field with many opportunities to fill.

But you do need to ask yourself what interests you about cyber security? Look at a few points to consider:

Opportunity. Now is the time to make the leap into the cyber industry! There are thousands of open positions and not enough people to fill them. According to CyberSeek there are only enough workers to fill roughly 2/3rds of the jobs available on the market today. That still means approximately 250,000 jobs are still yet waiting to be filled!

Money. It’s okay if your real interest is money. As you’ve probably heard by now, you can make a lot of money in cyber security and very quickly. In just a few short years (~3 years), you can easily make over $100,000.

Growth. Even though money may be what you’re really after, growth should be at the forefront of your mindset. Money will only motivate you so far, but it’s your need to grow that will push you to excel towards cyber. Because of the high level of demand, you can move up very quickly in the early years of your career. It won’t take long for you to move from IT Support to Junior Cyber Analyst to Senior Analyst in the same amount of time.

So, if someone asks, “Why did you choose cyber security?” You can now talk about opportunity and growth, in addition to money!

How Is Cyber Security as A Career?

A career in cyber security is an excellent choice. But just as in any industry, there are pros and cons:


As we previously mentioned, cyber security professionals can earn a high salary. According to the Bureau of Labor Statistics, the median salary in 2021 for the position of information security analyst is $102k.


There’s a vast amount of opportunity available in the industry. And, since the job outlook is only expected to grow over the next ten years, there’s also a good chance that your job isn’t going away anytime soon. Luckily, it takes longer for a newcomer to learn the ropes of your position, so you’re in a good spot!


Unless you’re aiming for a specific title, such as penetration tester, there’s usually good growth opportunity within the industry. In as little as five years, you can make your way to become a cyber security manager with the pay to match.


Although benefits are company dependent, you might be able to ask for a few extra days of PTO (Paid Time Off), remote work opportunities, paid training or mentorship opportunities, etc. This is especially true if the company has been searching a while for a good hire and is willing to negotiate.

Work Life Balance

It’s generally common in the industry for people to work well over forty-hour weeks, and with strict deadlines. The main reason here is that staffing shortages, being commonplace, require others to pick up the slack. That means, if a project is due Monday morning, be prepared to have working lunches and meetings as well as saying goodbye to your weekend plans.


Training is a big part of security. That’s because the industry is always on the lookout for new hackers, threats, and vulnerabilities. There’s always going to be some new tool, technology, or perspective that must be learned and integrated into your thought process. This is where maintaining your “continuing professional education” credits (CPEs) for renewal of your certification makes sense.


Another common occurrence is cyber burnout. Due to the limited budgets, staffing shortages, long working hours, intense workloads, quick deadlines, and demanding clients; burnout becomes a reality. As a result, employer turnover is much higher. You may even experience coworkers leaving a company, then coming right back a few years later. If you can handle the imperfect work-life balance, training requirements, and withstand the stress, then cyber security might be right for you.

Is Cyber Security Easy or Is Cyber Security Hard?

I’ve just discussed some of the pros and cons in the section above. Other than that, I guess it depends on what your definition of easy and hard is, and to what are you referring? Nothing worth doing well is ever that easy or that hard; in the end, it really just depends on you dedication.

For a deeper answer to your question read, Is Cyber Security Hard?

When most people ask that question, what they really want to know is, “How quickly can I earn a living in cyber security?”

There’s no absolute answer to that question, but there are things you can do to shorten that time span. Read the next section below to figure out how you can start.

How Can I Start a Career in Cyber Security?

Now, if you’re wondering where to start with cyber security, then the first thing that every single newcomer should do is immediately start studying for the CompTIA Security+ exam.

This is the most entry level certification and provides a basic understanding of what you need to know for cyber security.

You’ll find that many security professionals possess this very basic, entry-level certification.

Then, as you’re studying for the exam, view some of the job descriptions to understand what companies are looking for and try to learn some of what’s being requested.

Afterwards, you can read my article about How to Get into Cyber Security with No Experience?

Do You Need a Degree to Work in Cybersecurity?

Students and those in other professions, often have questions regarding cyber security educational requirements.

Let’s look at several questions related to obtaining a cyber security degree.

Do You Need a Bachelor’s For Cyber Security?

No, you don’t need a bachelor’s degree for cyber security.

Many companies are starting to understand that a bachelor’s degree isn’t as important as it once was.

Four years of experience is just as good as a bachelor’s degree and is often more prized.

Can You Get a Cyber Security Job Without a Degree?

Yes, you can get a cyber security job without a degree. In fact, having a degree as an entry level candidate can sometimes hurt your chances.

Degreed candidates are usually more expensive for the employer and offer little value in return.

That’s because an employer would rather take a chance with someone with no degree and four years of experience instead of a four-year degree and no experience.

Read Can You Get a Job in Cyber Security Without a Degree? for more information.

Do Cyber Security Jobs Require a Degree?

There are some positions that do require a degree, such as those jobs working for the federal government.

However, many companies are looking for immediate hires and don’t have the time to wait for a candidate to get their degree.

You’ll find that many job postings mention they’ll take experience in lieu of a degree.

If you have no experience, then you’ll need to get some, even if it’s six months of doing Help Desk related work.

Is Cyber Security a Good Degree?

Yes, although it’s not really needed for entry level positions, it’s a good degree to have and will certainly help you to get promoted the higher you move up in the organization.

But if you’re still on the fence, read Is a Cyber Security Degree Worth It? to find out more!

What Degree Is Best for Cyber Security?

There is no “best” degree for cyber security. If you decide to move forward with a degree, you can choose from multiple degree programs: computer science, software engineering, network engineering, cyber security, etc.

Any IT-related degree can be combined with a security certification to provide you the foundational knowledge required of cyber security.

Then What Degree Is Required for Cyber Security

You don’t need any degree for an entry-level cyber security job. Security certifications and experience are all that matter.

Even then, some professionals have so many of years of knowledge and experience, that certifications don’t really do much for them. These are people that can easily find work just with their experience alone.

What Jobs Can I Get with Cyber Security Degree?

With a cyber security degree, you can seek out any position you desire; but that doesn’t mean you’ll get a job right away. It’s your lack of experience that will hold you back.

Regardless of what type of job you want, you still need to show some aptitude for that role.

For example, if you’re interested in GRC, show some experience in NIST SP 800-53, if you’re interested in Ethical Hacking, display your knowledge of TryHackMe or other real-world scenario, etc.

Is It Easy to Get a Cyber Security Job?

That depends, if you already have a background in IT, then it’ll be a lot easier for you to get a cyber security job.

If you don’t have that experience, then you’re probably asking, “What cyber security job is right for me?” For most entry level candidates, my best suggestion to you is to start with a low-level IT Help Desk or Support role; a position that’s not even in cyber.

That way you can get some experience and then make the jump into a cyber analyst type of role.

If you’re transitioning from another career, I suggest you find a career path that aligns without your current background.

For instance, a business analyst, might have an easier time of making it to cyber analyst.

However, if you find that your background doesn’t matchup very well, you might have to take the same route as an entry level graduate.

Interested in knowing What Is The Best Job In Cyber Security?

Where to Learn Cyber Security?

Self-Study: You’ll find that many people have transitioned into cyber security by merely educating themselves. They’ve taken the time to watch the online materials, study and pass the security certifications, and sharpen their cyber skills. The best part of this method is you move at your own pace, and it’s relatively cheaper than the other two options.

Cyber Security Coursework: If you choose this route, this could mean either a workforce development course or college coursework. In either case, these are not cheap options, but they do ensure you maintain a daily regimen of cyber classwork. The benefit here, is it that it may come with assignments, lab work, projects, and you might even receive tutoring. The downside is it can take months or years for you to finish a course or degree plan, respectively.

Cyber Security Bootcamp: Bootcamps are usually designed as short-term courses that last from a few weeks to a few months. During this time, you’re crammed with all kinds of cyber knowledge (e.g. concepts, assignments or labs, and projects) mostly because you don’t have a lot of time to work with. They’re usually designed to “teach-to-the-test” of some security certification. The good ones come with a voucher or at least some guarantee and some level of tutoring, but keep in mind that bootcamps can sometimes be as expensive as a college degree.

Are Cyber Security Bootcamps Worth It? Read here to find out!

Is A Career in Cybersecurity Worth It?

That depends on your priorities in life. If you value a work-life balance or a stress-free environment, then cyber security isn’t probably going to work out for you.

On the other hand, the pay is good, and the growth potential and opportunities are great.

So now you need to ask…is cyber security worth it and is cyber security right for me?

Interested in More…

How to Become a Cyber Security Architect?

Cyber Security vs Computer Science: Know the Difference!

What Is the Best Job in Cyber Security?

The Best Method to Become a Security Auditor!

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

Read more
How To Become a Cyber Security Architect?

How To Become a Cyber Security Architect?

Wondering how to become a cyber security architect? Today’s article discusses everything you might want to know to help you achieve your goal.

Table of Contents

Interested in learning more about how to become a cyber security architect? Click below to find out!

What Is a Cyber Security Architect?

Why Security Architecture Is Important to An Organization?

What Are the Skills Required for Cyber Security Architect?

Cyber Security Architect Qualifications

Security Architect Certification Path

What Does a Cyber Security Architect Do?

How Much Does a Cyber Security Architect Make?

Do I Need a Degree for Cyber Security?

Cyber Security Engineer Vs Cyber Security Architect

How to Become a Security Architect?

Can I Take a Security Architect Training Course?

What Is a Cyber Security Architect?

The role of a security architect is to design and implement security solutions within an organization’s enterprise infrastructure.

This is so that users may safely interact with the information systems and with minimal concern for the loss of data confidentiality, integrity, or availability.

Architects work with executive management, engineers, analysts, and other IT staff members to design and implement the security architecture.

Architects also design and allocate systems to properly manage the enterprise-level security risks.

A security architect also known as: Information Assurance (IA) Architect, Information Security Architect, or Security Solutions Architect. Whatever the position is called, the role is the same.

Why Security Architecture Is Important to An Organization?

Security architecture provides a framework for the design and implementation of security measures.

The architecture is a system of policies, procedures, and controls that define how security will be implemented and maintained within an organization.

Organizations also rely on the security architecture to understand their current security posture so they can make informed decisions about future investments in technology and security.

It’s a complex and strategic process that involves technical and non-technical elements.

What Are the Skills Required for Cyber Security Architect?

A cyber security architect needs to have a broad range of skills to effectively design the security architecture.

The skills required for this role vary depending on roles and responsibilities. However, there are some general security architect skills you’re expected to possess:

Operating Systems and Security Tools

Understand how Windows, MacOS, and Linux/Unix-based operating systems work. Much of the systems infrastructure you’ll be designing, and data collection/security tools your team will be using, are based upon any one of these operating systems as a foundation. And though you may not have access to any of the infrastructure and tools (to maintain a separation of duties), not fully understanding them will become a severe hinderance to your performance.

Coding / Software

Knowing how to code, how software is designed including its use cases and applications, how software interacts with the infrastructure and the vulnerabilities that result. While you won’t be doing any coding on your own, you will be working with a technical security team responsible for the development of the security components and tools that’ll protect your organization’s information systems.

Brush up on your soft skills

Don’t underestimate the importance of soft skills. We’ll talk about additional soft skills below but becoming a security architect requires you to be analytical, detail-oriented, have good research and problem-solving skills, and be able to provide creative solutions. It’s especially vital that you remain open-minded, receptive to new ideas, and willing to lean upon your analysts and engineers to fill in gaps in your knowledge.

Have the right mindset and perspective

Don’t focus on a particular area of the system. This position requires a deep and holistic understanding of entire information infrastructure. You’ll need the vision to creatively design a security solution with the latest and most tested tools and configurations available. This means understanding how the existing infrastructure combined with the security infrastructure will work with each other.

Communicate with your stakeholders

Cyber security architects also need excellent communication skills, both written and verbal, to effectively convey their findings and recommendations to other stakeholders within an organization. It’s vital to translate technical knowledge into a business language that’s easily understood by non-technical people. You may even find yourself in a position to justify some of your decisions to executive leaders based on necessity rather than cost.

Act like a leader

Being a subject matter expert (“SME”), your position lends itself into becoming a leader. This means you’ll also act as the “spokesperson” for your security team. This is especially true, if you’re in a smaller organization where you also act as the highest security team member. At this level, confidence in your abilities and mentoring your team is key!

You’re the one who’s accountable!

As the SME, you’re automatically held to the highest level of accountability. Know the specific details about how the security infrastructure operates. When a security breach occurs, everyone will look to you to understand what has happened. Work with the forensics team to understand how the investigation will proceed. Then determine what actions are needed to mitigate further harm and future security breaches (aka incident response).

Risk and Compliance

The entire reason why your position exists is to reduce organizational risks, which include the risk of security breaches. To reduce this risk, knowing how to read, understand, and implement security controls based on compliance standards such as: NIST SP 800-53, NIST CSF, ISO 27001/2, etc. is crucial. This also means incorporating results of threat models, risk and vulnerability assessments, and any other threats assessments as part of the architecture.

Know the network

This probably goes without saying but as a SME, you must know the design and operation of the entire network infrastructure, the software used to operate the network, as well as the resources and tools used maintain the network.

Working with teammates

Provide that critical link between management and engineering to help turn business requirements into technical design requirements. Get comfortable working across the organization with executive leadership, analysts, engineers, vendors, and other technical team members to help plan and execute the deployments of new systems or updates.

What about the money?

Design the security infrastructure according to the budgetary constraints of the project. If the organization cannot afford the design, development, or maintenance of the security infrastructure, there is a chance the organization may fail to properly operate such infrastructure due to inadequate resources. To design a cost-effective solution agreeable to stakeholders, realize that customers don’t enjoy wasting money, especially when it comes to IT security.

Are project management skills important?

Keep a project on time, under budget, and manage stakeholder needs. If you don’t possess these abilities, you won’t stand a chance of being able to manage large, complex development and deployment processes. If you have little experience in this area, consider senior-level security engineering or systems admin roles with a PMP certification.

Cyber Security Architect Qualifications

Take a look at the basic qualifications needed for a cyber security architect:

How much experience is needed?

The time it takes for you have enough knowledge will always depend on your abilities and your security exposure. Expect to possess a minimum of 5-10 years of experience in information security with the bulk of that time spent as a security engineer, system administrator, or a combination of both. You won’t have the requirements of a security architect with anything less.

What do I need exposure to?

As an architect, maintain a wide variety of exposure to networking and security roles. Coding, networking, development, security, etc. are all pieces of what it takes to become an IT security architect. Take every opportunity to gain exposure in different roles even if that means occasionally switching jobs.

Security Architect Certification Path

Security Certification: A security architect certification doesn’t imply that you’re an expert, but it does help employers understand the minimum level of knowledge you possess. Once you reach this level the Security+ cert isn’t good enough; most employers will look for the following certifications:

CISSP (Certified Information Systems Security Professional) by ISC2

CISSP-ISSAP (Information Systems Security Architecture Professional) by ISC2

CISM (Certified Information Security Manager) by ISACA

GSE (GIAC Security Expert) by GIAC

GDSA (GIAC Defensible Security Architecture)

CASP+ (CompTIA Advanced Security Practitioner)

Keep in the mind that the choice of certification is less relevant than the actual knowledge you possess.

If you possess at least one of these certs, you should be fine; although if you have the CISM, it might be a good idea to get one more as it’s slightly less technical in nature.

Enterprise Architecture Framework: In addition to the security certification, it’s a good idea to also obtain an architectural framework certification to showcase your foundational knowledge of architectural design. Each framework differs in its approach or area of specialization. SABSA is a highly recommended enterprise security architecture framework but research which framework works for you. Here’s a non-exhaustive list of frameworks; however, this should help you to get a head start.

TOGAF (The Open Group Architectural Framework)

SABSA (Sherwood Applied Business Security Architecture)

DoDAF (Department of Defense Architectural Framework)


What Does a Cyber Security Architect Do?

Security architects generally blend execution and management.

You’ll still be heavily involved in the technical aspects of the job, but you’re not always the person performing the implementation (no scripting, troubleshooting, server setups, etc).

Other teams will worry about the technical challenges of deploying the solution. You must know the specific challenges they face and develop solutions to overcome them.

In smaller organizations, the security architect responsibilities are slightly less defined, and you’re likely to have multiple responsibilities.

You may find that your duties range from cyber strategy, generally reserved for Cyber Security Directors or CISOs, to cyber development and integration, usually performed by security engineers.

In larger organizations, the position is much more defined because the information systems are highly scaled and much more complex. You may have several security architects, each responsible for their own areas of specialization such as: cloud security architect, data security architect, network security architect, etc.

Research & Strategy

As part of implementing any new or updated infrastructure, you’ll need to evaluate the business requirements, resource constraints, security technology, and threat landscape to determine a solution that will work best for the organization. Due to the evolving threat landscape, keep yourself updated with the latest knowledge. By understanding having this knowledge in the background, you’re able to offer employers and clients with the most technologically sound and cost-effective solutions.

Document everything

At the onset of any new implementation, you’ll participate in design or structural change-related activities. Heavy amounts of documentation (drawing, reading, writing, reviewing, and approving) are expected at nearly every point of the design lifecycle. The image below should give you a brief understanding of the types of documentation required to implement a successful security architecture.

Content Metamodel Overview
Content MetaModel Overview is reproduced with permission granted from The Open Group, L.L.C.

Implementation & Test

Security solutions sometimes presents a challenge (or aren’t usable at all) and require a modification to the environment. As such, you’ll work directly with the security team, engineers, and analysts throughout the development process. These team members will work with you to implement and test these modifications.

Attend project reviews

Project meetings and reviews to discuss strategy, documentation, and implementation occur daily. During this time, you’ll provide guidance on all security-related matters. Expect to spend time reviewing the security architecture with stakeholders, vendors, and engineering teams to explain technical details.

How Much Does a Cyber Security Architect Make?

Considering the salary displayed by the following websites, the average salary of a security architect is around $135k ($65/hour).

Keep in mind, this is this the medium value, the upper and lower range can vary significantly.

Salary.com: $141,000 or $68/hour

PayScale: $131,000 or $63/hour

ZipRecruiter: $146,000 or $70/hour

Glassdoor: $120,000 or $58/hour

Do I Need a Degree for Cyber Security?

Yes, because you’re now the SME, your looked upon as the expert by most employers.

Employers want to ensure the architect being hired is fully capable of taking on the responsibilities of this role and have the academic background to prove it.

Therefore, having a bachelor’s degree is a minimum requirement at this level. While it’s difficult to find a “security architect” degree, you can research several alternatives to get your foot in the door:

  • Information Technology (with a concentration in security, administration, or development)
  • Network Administration
  • System Administration
  • Computer Science
  • Computer Engineering
  • Network Engineering
  • Software Engineering
  • Cyber Security
  • Information Security

Cyber Security Engineer Vs Cyber Security Architect

Security engineers and architects, though highly skilled, have very different roles.

Cyber security engineers work to ensure the safety of a company’s information systems from a technical aspect. They implement solutions, developed by the architect, by applying their knowledge of computer science and engineering. A cyber security engineer develops, troubleshoots, manages and maintains various information systems in order to keep them secure.

Cyber security architects focus on the business aspects of security by designing the overall security architecture to withstand an attack. While there is a heavy technical component to this role, it’s more managerial in nature.

A cyber security engineer does not need to have a background in business or management, although it can help, but a cyber security architect must understand these topics before entering this role.

How to Become a Security Architect?

Look at the steps below to help you get started on your security architect career path:

  1. Determine what line of security architect do you prefer? Interested in application-based security, or more infrastructure-based security? Do some research into the requirements and responsibilities of job descriptions that match those interests.
  2. Explore the two separate routes to become a security architect: Security Engineer or System Administrator. Determine how to can obtain one of these positions; either one is fine if you can stick with it. Expect to spend around four to five years in this line of work.
  3. If you’re a security engineer or system administrator, don’t stick with your current set of responsibilities for too long. You’ll need a broad amount of experience while you’re here so seek out opportunities to learn new things. If you’re finding that difficult, start looking for jobs that do allow you to grow. In the meantime, start really working on those soft skills.
  4. Study for the security certifications and architectural frameworks that will help you learn the necessities of becoming a security architect. Passing these certifications shows employers you’re technically qualified to move toward a higher role.
  5. If you have the time and resources, you might consider getting your MBA. It’ll teach you some of the business aspects of becoming a security architect and looks great on your resume. Some MBAs offer concentrations in IT or information systems which is even more beneficial.

Can I Take a Security Architect Training Course?

Yes, you can take a security architect course but be warned!

It isn’t a substitute for the experience and the exposure requirements discussed above.

Because a security architect position is not an entry-level position, I was able to find only two security architect bootcamps provided by Udacity and SANS.

Fair warning, the SANS course is a prep course specifically designed to help pass the GIAC Defensible Security Architecture (GDSA) exam, but it’s still an option to think about.

Interested in More…

Cyber Security vs Computer Science: Know the Difference!

What Is the Best Job in Cyber Security?

The Best Method to Become a Security Auditor!

Wondering How to Be a SOC Analyst?

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

Read more
Cyber Security vs Computer Science: Know the Difference!

Cyber Security vs Computer Science: Know the Difference!

Trying to decide which career path to take? The truth is, there are some similarities between cyber security vs computer science but also some key differences. In today’s article, we’ll discuss both to help you make the right choice.

Table of Contents

Interested in learning more about cyber security vs computer science. Click below to find out!

Is Computer Science the Same as Cyber Security?

What’s The Difference Between Cyber Security and Computer Science?

Is Computer Science Needed for Cyber Security?

Can You Do Cyber Security with A Computer Science Degree?

Can I Do Master’s in Cyber Security After a Bachelor’s in Computer Science?

Which Degree Is Better Computer Science or Cyber Security?

Is Computer Science the Same as Cyber Security?

Is cyber security computer science or does cyber security fall under compute science? The answer is… it depends.

It’s true that some of the concepts behind cyber security are shared with computer science, like coding and programming.

But at its core, cyber security is about protecting data—and there’s a lot more to protecting data than just being able to code; there’s a certain psychology involved in cyber security.

For example, if you’re trying to protect a computer from getting hacked, you need to know the various ways hackers might attempt to breach a system. One such method, which often has nothing to do with computer science, is social engineering (think email or phishing scams).

Physical security, such as locking an office which may contain sensitive information, is also another example where computer science has no bearing.

Security concepts such as access control may require coding to grant a user access to a specific system but is also as simple as determining who is allowed to have access which doesn’t require coding.

What’s The Difference Between Cyber Security and Computer Science?

What is Cyber Security?

Cyber security is a multi-faceted and rapidly growing field that involves protecting information systems to ensure the confidentiality, integrity, and the availability of such information (commonly known as the “CIA Triad”) through various means.

There are many different types of jobs in this field, but all of them deal with protecting against threats, either internal or external.

As a cyber security professional, you would usually find yourself working as part of a larger team, and your job could be anything from securing a specific system to managing the security of the entire corporate infrastructure.

And What Can You Do with A Cyber Security Degree?

With a cyber security degree you’re open to nearly any job in cyber security. Here’s a list of the 11 cyber security domains in which you can excel:

  • Security Frameworks and Standards
  • Application Security
  • Security Risk Assessment
  • Enterprise Risk Management
  • Security Governance
  • Threat Intelligence
  • Security Training
  • Security Operations
  • Physical Security
  • Career Development
  • Security Architecture
  • Want to know if a cyber security degree is worth it?

    What is Computer Science?

    Britannica defines the field of computer science as, “the study of computers and computing, including their theoretical and algorithmic foundations, hardware and software, and their uses for processing information. The discipline of computer science includes the study of algorithms and data structures, computer and network design, modeling data and information processes, and artificial intelligence”.

    It’s a popular technology field that utilizes Python, Java, and multitude of other computer languages used to program information systems.

    And What Can You Do with A Computer Science Degree?

    With a computer science degree you can have your choice of jobs in over 100 different careers.

    Read below to help you discover exactly how to start your cyber security career with a computer science degree.

    Is Computer Science Needed for Cyber Security?

    “Do I need a computer science degree for cyber security?”…”maybe!”

    Cyber security is a multidisciplinary field that requires skills from many different disciplines, including computer science, but the answer to whether you need a computer science degree depends on what kind of job you want in this field.

    There are plenty of jobs available in the industry for non-programmers (read further to get an idea of which type of job might suit you better); however, most of the time, when people ask this question, they’re trying to figure out if they should get an undergraduate degree in computer science, software engineering, or some other IT degree. And most of the time, the answer is “it doesn’t matter.”

    Even if you decide not to pursue a computer science degree, you’ll still need to know how computers work, the basics of computer programming, how they communicate with each other, and how they store and process information.

    Is Cyber Security Easier Than Computer Science?

    Or is…“Is cyber security harder than computer science?” No, cyber security is not any easier or harder than computer science. Although some overlap exists between these fields, the two are quite different and require different skill sets.

    Can You Do Cyber Security with A Computer Science Degree?

    Is computer science a good degree for cyber security? Yes, you can do cyber security with a computer science degree. Read each step below to get you on the right path…

    There’s No Perfect Degree

    The first thing you should know is that there is no single, specific degree or certification that will teach you how to do cyber security. You’ll need to start by working towards an undergraduate degree in computer science. This will give you the foundation for understanding how computers work, how they’re vulnerable, and how you can protect them from threats.

    Take a Few Security Courses

    You’ll want to consider taking a few courses in security or information assurance. Get the best use of your credits by taking electives in any of the security courses available to you. Even if you exceed the number of credits required to graduate by a little bit, that’s okay. With enough credits, you may even qualify for a minor in cyber security. With this, you’ll be more likely prepared for careers in digital forensics, incident response management, cybercrime investigation and prevention, cryptography, network security administration, etc.

    Start Attending Cyber Security Conferences

    Infosec-Conferences.com has an amazing user-submitted list of nearly every security conference available. You will have to do some research to determine if student discounts are available; however, you can also find low cost or free opportunities with your local technology council, university cyber club, BSides, Eventbrite, or Meetup.

    Get Experience Quickly!

    Earning a computer science degree is important and will help you get your foot in the door, but it won’t get you far on its own. The reality is that most companies are looking for people who have both technical skills and real-world experience. This means you need to take every opportunity to gain experience whether that’s through an internship, volunteering your IT knowledge, solving people’s personal computer issues…anything! The one advantage you have with a comp sci degree is that it’ll be much easier for you to land a job versus an infosec degree.

    Marketing is Everything!

    How do you expect to land a job if no one knows you exist? In the end, you’ll need to network with people. Post your resume on websites…such as MyTurn (coming soon) and get a LinkedIn profile going. But having a profile isn’t enough, you need to cut through the clutter just to be seen. Start writing meaningful LinkedIn articles, participating in security discussion in your local security conferences or groups, have a GitHub profile started! Do everything you can just to be seen!

    Seek Out Security Certifications

    Once you’ve got your undergraduate degree, then it’s time for some hands-on training through certifications. There are two good certifications available for starting out, including: CompTIA Security+ or ISC2 “Certified In Cybersecurity”. Pick one start out with. You’ll need to get a few different certifications and maybe attend some security bootcamps, but all these things can be done with a computer science degree.

    To recap, can you work in cyber security with a computer science degree? Yes, you can! But it’s not as easy as you may think. As long as you’re willing to put in some hard work and dedication, there’s no reason why you shouldn’t be able to find employment!

    Can I Do Master’s in Cyber Security After a Bachelor’s in Computer Science?

    Absolutely! To pursue a master’s degree in cyber security, it’s worth looking into these two pathways…

    Online Program: One of the most common options is an online program. These programs typically take one to two years to complete and can be completed on your own schedule. Online programs are great because they allow students to continue working while they study. That way you don’t have to worry about missing out on opportunities because of your education.

    Campus-based Program: Another option is a campus-based program—these courses are taught by professors who work at local colleges or universities, so you’ll be able to see them in person whenever necessary. Campus-based programs are often more expensive than online programs because they include other fees associated with attending school on campus (meals, housing costs). However, they also offer academic support services like counseling and tutoring services that might not be available through online schools.

    Wondering how long it takes to complete a cyber security degree?

    Which Degree Is Better Computer Science or Cyber Security?

    Cyber security vs computer science, which is better?…Neither. The core difference is how technical you want to get when it comes to security.

    More Technical: If you’re interested in the technical side of things, then computer science would probably be more appropriate for you. With a computer science degree, you’ll have the foundational knowledge to understand security from a coding perspective. You’ll learn about different programming languages, coding techniques, and integration methods while developing software and applications for securing information systems.

    Additionally, with a computer science degree, you have a certain amount of flexibility that you’re not going to get with a cyber security degree, making it easier to enter the infosec industry. The same can’t be said for a cyber security degree; you can’t suddenly become a python developer with a cyber degree.

    A computer science degree is good if you’re looking to get into Application Security, Security Operations, and Security Architecture.

    Less Technical: On the other hand, if you’re leaning towards the less technical side, getting a cyber security degree is probably a better option. With this degree, you’ll learn about the various types of network infrastructures and their security vulnerabilities, offensive and defensive security measures, security risks, policies and procedures, social engineering techniques, as well as encryption methods (like public key cryptography).

    A cyber security degree is perfect if your area of interest is Security Frameworks and Standards, Security Risk Assessment, Enterprise Risk Management, Governance, Security Training, Physical Security, Threat Intelligence, or Career Development.

    Still Having Trouble Deciding Which Is Better Computer Science or Cyber Security?

    Still having difficulty in making a choice between cyber security vs computer science, then let me help you out. If you’re more technically inclined, go with the computer science. For the less tech savvy, not that there aren’t some technical aspects to the degree, then go for the cyber security degree.

    With a cyber security degree, you’re saying to yourself that security is the career path I want to take. With a computer science degree you’re provided a wide variety of fields from which to choose.

    Ultimately, the final decision is yours. But, it’s probably a lot easier to move from a more technical degree to a less technical degree. If you’re ambitious enough, you can do both!

    Interested in More…

    What Is the Best Job in Cyber Security?

    The Best Method to Become a Security Auditor!

    Wondering How to Be a SOC Analyst?

    Choose the Right Career, Cyber Security vs Ethical Hacking

    by Amit Doshi

    If you enjoyed reading today’s article please subscribe here.

    Read more
    What Is the Best Job in Cyber Security?

    What Is the Best Job in Cyber Security?

    What is the best job in cyber security? Well, that really depends on your interests and experience.

    If your real question is, what is the best job for me to get my foot into cyber security…then maybe we can answer that in today’s article.

    I do want to warn you. Cyber security is generally not considered an entry level career; however, that doesn’t mean you can’t find a job as an entry-level candidate if you’re willing to work hard.

    Table of Contents

    What is the best job in cyber security?…Click below to find out!

    What Are Some Entry Level Cyber Security Jobs?

    What Is the Easiest Cyber Security Job?

    Can I Get a Cyber Security Job Without a Degree

    Cyber Security Jobs That Don’t Require a Degree

    What To Study for Cyber Security Jobs?

    What Do You Major in For Cyber Security?

    Is It Easy to Get a Cyber Security Job

    Is It Hard to Get a Job in Cyber Security

    How Competitive Is Cyber Security?

    How Many Cybersecurity Jobs Are There?

    What Companies Hire Cyber Security Professionals?

    Where to Start Cyber Security Career?

    What Is the Easiest Cyber Security Certification?

    What Skills Are Necessary for Cyber Security?

    What Soft Skills Are Necessary for Cyber Security?

    Are Cyber Security Jobs in Demand?

    Do Cyber Security Jobs Pay Well?

    What Are Some Entry Level Cyber Security Jobs?

    When looking for cyber security beginner jobs, you’ll come across many roles. So many in fact, that it would be difficult to really tell you which role is the best role.

    I can say for sure that trying to become a penetration tester or red teamer right out of school is probably not the best way if you don’t already have the necessary background.

    These positions are extremely competitive and quite honestly very boring, nothing like you see on TV or in the movies.

    A good job title for entry-level cyber security graduates is “cyber security analyst” (aka information security analyst).

    The below list is a variation of the analyst roles that are great to seek out:

    Cyber Security Analyst, Information Security Analyst, Threat Analyst, Security Risk Analyst, Security Compliance Analyst, Security GRC Analyst, Security Risk and Compliance Analyst, Network Security Analyst, Network Defense Analyst, Cyber Defense Analyst, Forensic Analyst, Blue Team Junior Analyst, Cyber Detection Analyst, Security Operations Analyst, Cyber Intelligence Analyst, Cyber Operations Analyst, Cyber Policy Analyst, Incident Response Analyst, SOC Analyst, Cloud Defense Analyst, Cloud Security Analyst, IT Security Analyst, Security Audit Analyst, Audit and Compliance Analyst, Systems Security Analyst, Identity Access Analyst, Product Security Analyst, Network Exploitation Analyst, etc.

    What Is the Easiest Cyber Security Job?

    The easiest job title is again based on the type of work you like to do and your existing background.

    A specific job title doesn’t have only one set of responsibilities. The position of cyber security analyst, for example, is a broad field that carries many different responsibilities depending on which organization you’re employed with.

    However, if you have no technical experience or knowledge of computer languages, then the “easiest” cyber security job for you to consider is in the field of security governance, risk, and compliance (GRC).

    I’m not saying this field isn’t a challenge, but you’ll find that it’s not reliant on technical skills to gain entry.

    Read here if you want know more about how to get into cyber with no experience.

    Can I Get a Cyber Security Job Without a Degree?

    Yes, you can get a cyber security job without a degree. But it’s more challenging to find a job without a formal education so be prepared to do an extensive amount of studying on your own.

    Cyber Security Jobs That Don’t Require a Degree

    With little exception, entry-level cyber analyst positions don’t need a degree.

    There are some organizations that request a degree, such as government or government contracting companies; otherwise, there’s really no reason why an employer needs a candidate with a degree.

    If that’s the only thing holding you back, go ahead and apply anyways.

    Most often, many employers will substitute an education for someone with solid project or work experience.

    What To Study for Cyber Security Jobs?

    Getting a degree is different than asking what to study for a cyber security job. That’s because one is independent of the other. Let’s talk about a couple things you can do to study for a security role:

    College Degree. As previously discussed, a college degree is always a good option if you have the time, money, and patience to see it through to the end. An employer is primarily concerned with your foundational knowledge, your lab/project experience, and how well you finished your degree program (i.e. were you an ‘A’ student or ‘C’ student). That last piece demonstrates how well you can assimilate information and your work ethic.

    Security Certification. Certifications are an important asset in your cyber security journey. Currently, about 2/3rds of job postings request security certifications as part of the job description. So, if you want to be taken seriously as a security professional, regardless of whether you possess a degree, having up-to-date security certifications are important. They do a great job of keeping you updated on the latest security trends and knowledge, whether by taking the exam or by forcing certificate holders to maintain the required educational credits.

    What Do You Major in For Cyber Security?

    Have you decided on the college route? Today, most major universities will offer cyber security degree programs.

    Unfortunately, many of those programs are still in their infancy.

    It’s not uncommon to find two of the same cyber security degree programs with differences in the quality of their education.

    That doesn’t mean you still shouldn’t strive for a degree, given the opportunity. It just means, you need to be more discerning about your choices.

    A much more practical option is to get an IT degree, then obtain a security certification to move into cyber security.

    The benefit here is that it’ll be easier for you to get an IT job, which will make it much easier for you to move into cyber security.

    Regardless, trying to determine what major is best for your security career really depends on what area you want to specialize in.

    If you’re interested, read here if want to learn more about what to study.

    For example, if you’re interest is in network security, then get a degree in network security; or you can get a degree in network engineering or network administration with a security certification.

    Either way, it’ll achieve the same result.

    Is It Easy to Get a Cyber Security Job?

    No, it’s not easy to get a cyber security job because many companies are having difficulty in finding qualified talent.

    One of the main reasons why people might perceive a difficulty in getting hired in cyber security is that often companies are looking for experienced personnel to manage the security of their information systems.

    What compounds the problem is that many recruiters and hiring managers don’t understand what to look for when it comes to hiring security personnel.

    In other words, they need experienced personnel but don’t know what an experienced person looks like!

    From their perspective, hiring the wrong person can have significant ramifications to their bottom line.

    Therefore, you can certainly understand why companies are often unwilling to hand over such great responsibility to recent graduates or untried talent.

    Is It Hard to Get a Job in Cyber Security?

    No, just as with any other industry, if you have little-to-no background in IT or security and possess no education or certifications, you can certainly expect some hesitation by companies to hire you.

    However, you do need to work to get your foot in the door.

    Take a look at my LinkedIn article that talks about how often you should be applying for a job.

    In other words, applying for a job, is a job in-itself!

    How Competitive Is Cyber Security?

    Organizations such as Cyberseek, supported by the National Initiative for Cybersecurity Education (NICE), approximates “that there are only enough cybersecurity workers in the United States to fill 68% of the cybersecurity jobs that employers demand.”

    This means that cyber security, as a whole, is not a very competitive field; it only seems that way for a couple reasons.

    First, as we previously mentioned is because of the bottlenecks in the corporate hiring process. But the second reason is because many young students tend to think that cyber security means penetration testing or ethical hacking and believe this is the only route into the industry, when in reality there’s so much more!

    So, while everyone’s competing for those cyber positions that seem glamorous, I suggest you go after those positions that seem less glamorous and have less competition.

    How Many Cybersecurity Jobs Are There?

    68% is a really good number considering the total number of cyber security job openings is well over 700,000 jobs!

    This means that cyber security has a “0%” unemployment rate; there’s no shortage of cyber security jobs available!

    What Companies Hire Cyber Security Professionals?

    Companies in nearly every industry have a need for cyber security professionals. However, you will tend to find about 30% of cyber security hiring takes place in the professional services industry (i.e. consulting, staffing, and third-party security providers).

    These are companies that hire cyber security personnel to perform security services for other businesses.

    For example, if a company needed to develop a cyber security program, they would either hire a Chief Information Security Officer (CISO) to develop a program from the ground up, or outsource their corporate security to a third-party company, or use a cyber security resume database to search for potential candidates themselves.

    Where to Start Cyber Security Career?

    If I’m being completely honest, the best place to start your cyber security career is by looking for jobs in IT, as I previously mentioned.

    As you gain some knowledge, start learning the security aspects of your role, get a security certification, set yourself up with a LinkedIn profile, and eventually make the move into more cyber related roles.

    However, if IT isn’t the direction you want to start from, then you need to be tenacious and patient. It’s not uncommon for it take a minimum of 6 months before you get your first offer or even interview.

    What Is the Easiest Cyber Security Certification?

    The easiest cyber security certification that will lead you down the path of getting the best cyber security job is the CompTIA Security+.

    Another is ISC2 Certified in Cybersecurity (CC).

    The Security+ has been around for a while and will be one of the first certifications that many technical recruiters look for on your resume. However, the CC is also just as comparable and backed by a very reputable organization.

    It’ll take a bit of study depending on how quickly you’re able to absorb the material.

    On average, it can take anywhere from a couple of weeks to a month to study for.

    Either certification is good enough to get your foot in the door, and they’re also vendor neutral; meaning they don’t just apply to one company, business model, or cyber security tool.

    I recommended either cert as being the first security certification you should obtain.

    What Skills Are Necessary for Cyber Security?

    If you want to know technical specifics, that’s usually dependent upon the field of interest. There’s no one area of technical proficiency that will lead you to the best job.

    The Cyber Career Pathways Tool provided by the National Initiative for Cybersecurity Careers And Studies (NICCS) is an amazing source to determine the technical skillset you’ll need for more than 50 different cyber security job titles!

    What Soft Skills Are Necessary for Cyber Security?

    You’ll be surprised to find out that there aren’t any specific skills for cyber security other than soft skills.

    Common soft skills include critical thinking, analytical problem solving, persistence, communication, interpersonal skills, patience, etc.

    And don’t think soft skills aren’t important! Being able to interact with your peers, leaders, and even clients is a highly prized skill that not every person possesses.

    Be prepared to go through a rigorous behavioral interview process that tests how you manage to navigate hypothetical scenarios, or how you’ve dealt with previous situations.

    Are Cyber Security Jobs in Demand?

    Yes, cyber security jobs are in demand.

    According to the US Bureau of Labor and Statistics, the demand for information security analyst alone will increase by 35% between 2021 and 2031.

    The great thing about cyber security is that you’ll find people that have migrated from many different backgrounds.

    Do Cyber Security Jobs Pay Well?

    Yes, cyber security jobs pay very well. Many entry-level security jobs can pay upwards of $70k.

    After about a year of experience, you can find jobs that pay over $85k.

    Websites such as PayScale, ZipRecruiter, Glassdoor, and Salary.com can give you a general idea of the approximate pay range that can be expected.

    I’ve tried to do some of the hard work for you by finding the approximate averages according to job title in some of my other posts.

    As an example, the average salary for a cyber security auditor is about $108k. Not bad!

    Interested in More…

    The Best Method to Become a Security Auditor!

    Wondering How to Be a SOC Analyst?

    Choose the Right Career, Cyber Security vs Ethical Hacking

    Cyber Security vs Data Science: Which Is Better?

    by Amit Doshi

    If you enjoyed reading today’s article please subscribe here.

    Read more
    The Best Method to Become a Security Auditor!

    The Best Method to Become a Security Auditor!

    Interested in learning how to become a cyber security auditor! Read on as you learn everything to get your auditing career started!

    Table of Contents

    Start your career in cyber security and auditing! Click below to find out more…

    What Is a Cyber Security Auditor?

    What Does a Cyber Security Auditor Do?

    Information Systems Auditor vs Information Security Auditor

    Internal Security Auditor vs External Security Auditor

    Compliance Standards for Security Auditors

    Information Security Auditor Job Description

    Auditing Tools for Information Security

    Cyber Security Auditor Skills

    Cyber Security Auditor Salary

    How to Become a Cyber Security Auditor?

    IT Security Auditor Career Path


    What Is a Cyber Security Auditor?

    A cyber security auditor assesses an organization’s information security program from a top-down perspective to ensure compliance with a specified cyber security framework.

    What Does a Cyber Security Auditor Do?

    The auditor will analyze the presence of an enterprise’s data and information to determine if it is protected appropriately by:

    1) Assessing whether the organization has proper controls in place to regulate data access

    2) Determining if those controls are appropriate based on its policies and procedures

    3) Ensuring that the controls being implemented to protect their data and assets are effective

    4) If weaknesses are found, the auditor will make recommendations regarding what corrective actions should be taken, normally involving documenting processes and procedures, additional training for employees or upgrades to hardware or software.

    Information Systems Auditor vs Information Security Auditor

    It’s important to understand that both job titles are not interchangeable. In general, there are many similarities between the two roles: both positions involve auditing computer systems for the purpose of ensuring accuracy and risk reduction. However, the key difference is the nature of their roles:

    Information Systems Auditor (aka IT Auditor)

    During an information systems audit, the auditor is concerned with the efficiency of the company’s information systems.

    Information Security Auditor

    During IT security auditing, the auditor is concerned with the security of the company’s information systems and not its efficiency.

    Internal Security Auditor vs External Security Auditor

    There are two types of security auditors, external and internal. Let’s look at both:

    External Security Auditor

    An external auditor is a third-party agent whose purpose is to validate a company’s compliance with a government or regulatory requirement.

    Internal Security Auditor

    An internal auditor can either be an employee or third-party consultant hired to perform audit functions to help the organization maintain compliance with an external audit.

    For example, if a company wants to be ISO 27001 certified, they may hire an internal auditor to identify deficiencies in their IT policies, procedures, and controls, who then works with the company to bring them into compliance. The external auditor would then validate that the company has made the necessary adjustments to their information system practices to meet the requirements of ISO 27001 certification.

    Compliance Standards for Security Auditors

    While a company can choose from any set of cyber security frameworks to adhere, they might be required by law to follow a specific framework. For instance, medical facilities are required by law to follow the Health Insurance Portability and Accountability Act (HIPAA) dictating how personally identifiable information should be maintained by the healthcare industry.

    While there are many frameworks or laws for which a company may follow, some of the more common ones are:

    ISO/IEC 27001

    NIST Cyber Security Framework (CSF)

    NIST Special Publication (SP) 800-53

    CIS Critical Security Controls

    As an auditor in the US, you’ll find that these four frameworks are worth learning. To make it easier, you’ll find some overlap between them.

    Information Security Auditor Job Description

    While information security auditor responsibilities will often vary from role-to-role, the following lists your daily activities in four steps:

    Security Assessment Plan Preparation

    Prior to conducting an audit, the auditor must prepare for the assessment. You’ll need to be familiar with the organization’s operation and structure as well as the key stakeholders involved in the audit. Additionally, you’ll need to work with executive teams to determine the objective, scope, and length of the assessment. Be prepared to gather all the necessary documentation, status of operations, and other facts required to consider as part of the assessment.

    Security Assessment Plan Development

    During the development of a security assessment plan, the auditor will determine what security controls are to be included as part of the audit. The procedures for the assessment are selected and tailored to the environment, even if that means developing new procedures. Assessment procedures are then optimized and finalized with organizational approval.

    The assessment plan will include any vulnerabilities or security gaps that you’ve identified, measures that can be implemented to mitigate those vulnerabilities and gaps, as well as reporting procedures.

    Security Assessment Plan Performance

    After the plan’s development, you’ll begin auditing the system for those controls having been identified as part of the assessment plan. This includes documenting the outcome of the controls’ effectiveness and any deficiencies.

    Security Assessment Performance Review

    During the review period, the findings of the assessment report are reviewed. At this time, auditors will collaborate with the executive team to understand and formally plan for methods to address deficiencies and manage the organization’s risk. As needed, the auditor may be required to run through multiple iterations of these four steps.

    While the above four steps were sampled from NIST, you can be sure that these steps are common to any IT security job description.

    Auditing Tools for Information Security

    There are multiple cyber security audit and compliance tools that are used to provide reports for your audit. Each tool serves a specific purpose within the information system. Here are the common tools used by security auditors:

    Code Scanning Tools scan for broken or low-quality coding issues that may cause vulnerabilities to arise.

    Network Scanning Tools scan the network for vulnerabilities as well as network traffic for possible security threats.

    Vulnerability Scanning Tools checks the system for any potential points of unauthorized access that will allow the possibility of a security breach.

    SIEM Tools integrate multiple security tools and are able to correlate security events to alert users to real-time threats.

    Though you’re not required to know how to use these tools, you do need to understand how to interpret the reports generated from such tools.

    Cyber Security Auditor Skills

    The skills needed for a cyber security auditor job can be broken down into several categories.

    Interpersonal Skills

    While evaluating the company’s security posture, you’ll be working with multiple personnel, some of whom are used to doing things a different way. Unfortunately, your role is somewhat intrusive in nature which may not be appreciated by all those involved. As a result, having empathy is essential in your role, especially for those with limited resources or lack of knowledge in your area of expertise.

    Technical Skills

    Being technically savvy is part of the job. Information security is highly technical in nature, so you’ll need a deep understanding of how information systems operate as well as a solid understanding of how to interpret security audit tools.

    Analytical Skills

    Vital when performing your role as an auditor as you need to have a keen eye for details and be inquisitive. You’ll be required to gather and analyze information from various sources such as information systems; security documentation; personnel interviews; and security procedures, processes, and controls to understand where deficiencies are present.

    Presentation Skills

    Expect to present your findings to leadership regardless of the outcome. The ability to present usually requires a bit of finesse; you’ll be speaking to personnel that may not understand the technical language or might have difficulty in accepting your findings.


    Conducting an audit can take a few weeks to months. Leadership teams will expect you to provide them with continuous status updates. During that time, you’ll have an enormous amount of information from which to gather and process which can be tedious.

    Cyber Security Auditor Salary

    Based on the average “information security auditor” salary for the first three websites listed below, you can expect to earn an average of $108k/year.

    Salary.com: Salary range falls between $100k to $142k and averages $114k

    ZipRecruiter: Salary range falls between $63k to $124k and averages $93k

    Glassdoor: Salary range falls between $78k to $194k and averages $117k

    PayScale: Salary range falls between $55k to $103k and averages $72k (for IT Auditor)

    How to Become a Cyber Security Auditor?

    If you’re truly interested in learning how to become an information security auditor, one of the best methods to get a job is to gain experience first. Regardless of whether you have a degree or any other certification, experience is an absolute must!

    And, while you might get lucky and obtain a junior or associate level cyber security auditing position, you’ll always be second best to someone that already has a background in IT auditing. If you’re having trouble finding a role, look below at an alternative step to become a security auditor.

    IT Security Auditor Career Path

    Apply for an IT Audit Role

    If you can’t find a job as an information security auditor, then don’t waste too much time. The next best method, as counter intuitive as it may seem, is to find a job working in IT auditing, not information security.

    Is IT audit a good career? Yes, as an IT auditor, you’ll gain enough experience to pick up some security knowledge along the way. As an added benefit, there are more job opportunities as an IT auditor then IS auditing. For example, a quick search of Indeed showed approximately 750 jobs for “Information Systems Auditor -security” vs ~100 jobs available for “Information Security Auditor”.

    Get Your Security+ Certification

    Before you even think about moving into information security, you’ll need your very first certification, the CompTIA Security+. The good thing about this certification is that it doesn’t require any experience and immediately gives you some infosec credibility.

    Become a Certified Cyber Security Auditor

    Once you’ve had sufficient experience as an IT auditor and have passed the Security+ exam, you’ll want to make the move into information security and audit. It’s at this point you’ll want to consider taking one of the following certifications to appear more serious about your auditing career:

    Certified Information Systems Auditor (CISA)

    GIAC Systems and Network Auditor (GSNA)

    Certified Internal Auditor (CIA)

    Information Security Audit Training

    Though it’s not required, you might want to take a security audit course if you’re having trouble getting certified. There you’ll be trained to understand the security aspect of auditing which may or may not be associated with any certification program. Here are a few programs to get you started in the right direction:

    Information Systems Audit and Control Association (ISACA)

    The SANS Institute

    The Institute of Internal Auditors (IIA)

    Information Security Management System (ISMS)

    Regardless of your choice, as always, I recommend going with an officially authorized information security auditor training program if you’re goal is to pass a certification exam; otherwise find a program that’s been certified by an accredited body. You can find a list of accreditation bodies by country along with the certification body listed here:

    IAF Certification Validation – IAF CertSearch

    Apply for Security-Focused IT Audit Roles

    If at this point you’re still having trouble obtaining infosec auditing roles, start by making the move into IT auditing roles that have some focus on security. By doing this you now get to work with a mix of responsibilities. Then, if you feel successful at the job, you’re now only a step away from getting a full information security auditing role!

    Interested in More…

    Wondering How to Be a SOC Analyst?

    Choose the Right Career, Cyber Security vs Ethical Hacking

    Cyber Security vs Data Science: Which Is Better?

    Difference Between Cyber Security vs Cloud Security

    by Amit Doshi

    If you enjoyed reading today’s article please subscribe here.

    Read more
    Wondering How to Be a SOC Analyst?

    Wondering How to Be a SOC Analyst?

    Wondering how to be a SOC analyst? Read below to understand what SOC analyst do and how to get your first job.

    Table of Contents

    How to become a SOC analyst! Click below to find out more…

    What Is a SOC Security Analyst?

    SOC Analyst vs Security Analyst

    Why Do You Want to Be a SOC Analyst?

    What Is the Average SOC Analyst Salary?

    SOC Analyst Roles and Responsibilities

    Determine Your SOC Analyst Role

    How to Be a SOC Analyst?

    SOC Analyst Job Requirements

    How to Become a SOC Analyst Without a Degree?

    What Degree Do I Need to Be a SOC Analyst?

    Will a SOC Analyst Certification Help?

    What Is the Best SOC Analyst Certification?

    Is SOC Analyst a Good Job?

    What Is a SOC Security Analyst?

    A SOC analyst is a person who studies and analyzes information security threats and vulnerabilities. They examine data from both internal and external sources, as well as analyze data to find patterns and trends that could be useful for assessing risks. By reviewing these patterns of activity, they can determine whether there’s a security risk—and if so, how serious it is.

    SOC Analyst vs Security Analyst

    Security analyst roles come with a variety of titles. Let’s take a look at a couple other types of roles:

    Security Compliance Analyst. This is a person that doesn’t analyze threat data but is more focused upon the security governance, risk, and compliance (“GRC”) of the organization. Depending on the nature of the role, they implement or examine current security policy, standards, controls, and procedures to determine whether they’re compliant with the intended security goals of the organization. This type of analysis isn’t dependent on log monitoring; rather, the intent is more “compliance monitoring”. Though non-technical in nature, a security compliance analyst does need to be familiar with the technical aspects of the profession.

    Information Security Analyst. Technically speaking, the term “cyber” in cyber security deals with digital information. However, an organization may define an “information security analyst” for individuals responsible for analyzing the security of all information, including physical paper that’s been locked away. You may hear the terms “cyber security analyst” and “information security analyst” used interchangeably. If an organization does make a distinction, you might expect additional analysis regarding their physical security measures.

    Although today’s article is more heavily focused on the SOC analyst type of role, some aspects are applicable to all cyber analysts roles in general.

    Why Do You Want to Be a SOC Analyst?

    While SOC analyst is a good place to start your career, there are points you need to consider before diving right in!

    If you’re getting into cyber security because you think being an analyst is an easy job, it’s time to start looking into another industry. This is a challenging job just like any other cyber career with its own set of pros and cons. Expect to spend long hours staring at data in front of a computer screen while performing research on the side.

    If you want to enter this career as a steppingstone to another security position, it’s doable provided you’re not trying to make a leap from analyst to red teamer! If you can handle that, then you’re on the right path!

    What Is the Average SOC Analyst Salary?

    Wondering how much do SOC analyst make? Below are listed the base pay hourly rates from select websites within the Washington DC region.

  • Payscale: $86,628/year or $42/hour *Cyber security analyst
  • Salary.com: $77,884/year or $37/hour
  • Glassdoor: $67,380/year or $32/hour
  • ZipRecruiter: $106,259/year or $51/hour
  • SOC Analyst Roles and Responsibilities

    What do SOC analyst do? Each security analyst role will have varying degrees of responsibility so it’s up to you to check out the job description and make your own comparisons. Let’s look at some of the common SOC analyst day to day activities:

    Network Monitoring. Use and configuration of network defense tools to monitor for system anomalies that might be indicative of a breach.

    Detection and Event Correlation. Use of security incident and event management (SIEM) tools to identify threat activity from multiple sources across the network.

    Threat Research. Maintain awareness of the most current threats, vulnerabilities, attack methods as well as detection techniques using common threat lists such as the CVE.

    Event Documentation. Log alerts and threat data from detection events as well as collaborate with customers and various security team members to create incident and remediation reports.

    Custom Support. Provide customers with incident response support such as: creating tickets, tracking investigations, upholding remediation efforts, and any other threat mitigating activities.

    Technical Documentation Support. Analysts may also be asked to develop plans for implementing new processes or technologies within an organization’s infrastructure; they may also be responsible for training employees on how best to protect themselves from cyber threats.

    SOC analyst duties involve roles such as: threat hunting, SIEM monitoring, incident response, network troubleshooting, system hardening, vulnerability scanning, etc.

    Determine Your SOC Analyst Role

    It’s hard to say what exactly you’ll be required to learn because there are many types of SOC analyst roles!

    To give you an idea, here are some of the categories different roles may cover:

    • Access to Cloud Services
    • Endpoint Detection and Response
    • Firewalls (Next-Generation or Web Application)
    • Forensic Analysis
    • Identity and Access Management
    • Intrusion Prevention and Detection Systems
    • Managed Detection and Response
    • Network Access Control
    • Security Information and Event Management
    • Simulated Breach and Attacks

    These are by no means exhaustive, and each one of these is a specialized area of security analysis with their own specific tools. It’s not realistic to believe you’re going to know all of them; however, if you have a particular niche that you can focus on, you’ll be better off.

    How to Be a SOC Analyst?

    It’s said that cyber security is not an entry level career; in a sense that’s very true. You’ll be competing against professionals with years of experience in IT wanting to make a switch. So, give yourself a chance by taking advantage of every learning opportunity!

    Additionally, if you’ve participated in any security bootcamp, freelance work, or any college laboratory/project work, list it on your resume! Interested in more tips to upgrade your cyber security resume?

    Most importantly, experience counts above all else. If you have any real-world IT experience, or can find ways to get some, you’ll be ahead of the curve. Check out some of these freelance sites to help you gain some experience:

    • Upwork – Great freelance site for technical workers.
    • Freelancer – Another really good option for showcasing your talent.
    • Guru – Great spot to freelance your IT experience.
    • Fiverr – My personal favorite to find gig work.
    • TopTal – Job portal designed for the best of the best.
    • FlexJobs – Here you’ll find a mix of gig work and full-time employment.
    • JoinHandshake – An extremely popular site for college students and graduates.
    • Internships – An amazing website with lists of many internship opportunities.

    Every cyber graduate struggles for months to get a first-time job. Be prepared to receive many no responses and rejections before you even have a chance to sit down for your first interview. Remember, motivation only turns the car on, but it’s your perseverance that will see you through to the finish line!

    In the next section, I’ll discuss the required skills for SOC analyst.

    SOC Analyst Job Requirements

    If you’re wondering how to get a SOC analyst job, let’s look at the prerequisites:

    Critical Thinking. The most important qualification for this position is the ability to think critically. You’ll be looking at a tremendous amount of data, which means you’ll need to be able to tell what’s important and what isn’t.

    Decision Making. You’ll come across many false positives, or even false negatives (i.e. anomalies that show up as negative, but are real threats). You must make decisions quickly, based on the facts at hand and in an environment where there are no right answers. Being an analyst is labor intensive and while security tools are available to help, don’t expect it to automate the decision-making process for you!

    Communication. You’re expected to attend meetings as the subject matter expert; as such, you’ll need excellent communication skills. As part of your job, you’ll have to explain your findings to other people who might not understand them as well as you do.

    Sales. This is an odd skill to possess; however, I’m not talking about selling a tool or product; instead, I’m referring to your ability to sell yourself. There’ll be times when you believe implementing certain security solutions are appropriate but would require additional cost and cause disruption to the company’s productivity. Be prepared to defend your reasoning as this can include communicating with executives and making sure they understand the importance of your work on their business bottom line.

    Sociability. Ironically, the technical aspect of being a SOC analyst isn’t as crucial as being able to interact with your teammates. You’ll be working alongside other colleagues for long periods of time, and if you can’t get along with one another, the entire team will suffer!

    Curiosity. There’s a lot that’ll be thrown at you, and you’ve got to be willing to do the research necessary to make sense of the information. Be prepared to undertake the responsibility of researching the who/what/when/where/why and how of the threat data and vulnerabilities.

    Being Adaptable. With the cyber industry in a constant state of flux, you’ll need to adapt your approach as new information and events unfold around you. This means quickly processing new threats, monitoring techniques, security tools, etc.

    In the next several sections I’ll discuss SOC analyst qualifications, including whether a degree is necessary.

    How to Become a SOC Analyst Without a Degree?

    Yes, it is possible to get a job in cyber security without a degree; however, that’s entirely dependent on the organization’s experience and education requirements.

    A degree will give you an advantage when applying for jobs, especially true if you have no IT experience at all. Your resume will stand out among other applicants and may even earn you more interviews than someone without a degree.

    Of course, there is a trend toward substituting education for those with sufficient experience; but in almost any case, obtaining security certifications are a must!

    What Degree Do I Need to Be a SOC Analyst?

    If you’re planning to go into cyber security and wondering what degree you need to become a SOC analyst, there’s some good news!

    There are no specific cyber security degrees required for this position. If you have a formal education in cyber security, software, computer science or engineering, or information technology (IT), you shouldn’t have any issues transitioning into cyber security.

    The college electives you take also matter. Some companies may prefer applicants who have taken additional course work in computer science or computer engineering, while others may be looking for a concentration in business administration or information technology.

    If you’re trying to figure out which degree and concentration works best for your career goals, it’s important to consider your future goals and what kind of job opportunities are available in your area.

    Sure, there are some positions that may require more education and experience, but for most entry-level positions, you should be able to get away with having a bachelor’s degree and no experience. However, as I mentioned earlier, without experience, it’ll take time to get your foot in the door.

    Will a SOC Analyst Certification Help?

    Yes, regardless of whether you decide to get a college degree, or receive any type of formal training, getting a SOC analyst certification will help your career goals.

    Below I’ve linked to some of the best SOC analyst certifications to get you started down the right path.

    What Is the Best SOC Analyst Certification?

    There are multiple paths to becoming a certified SOC analyst!

    First and foremost, the best certification for SOC analyst is the CompTIA Security+. This security certification is an absolute must for anyone attempting to enter the field of cyber security.

    After you’ve successfully passed the Security+ exam, you have several options from the most well-known certifying agencies (GIAC, ISC2, CREST, and EC Council):

    Some of you will ask about ISACA; while they do offer some very good security certifications, there didn’t appear to be any dedicated to cyber security analysis.

    Is SOC Analyst a Good Job?

    Depends. As you probably realize by now, the role of SOC analyst is broad in scope and so are the responsibilities associated with it. So, it’s hard to guess if you’re going to have a tough time with the role.

    Some claim that being a SOC analyst is very demanding while others will say it was easy. In fact, for a SOC analyst, burnout isn’t uncommon due to the constant vigilance required of the job.

    Ultimately, your best bet is check or ask those questions on sites such as Quora or Reddit to get the best opinion!

    by Amit Doshi

    If you enjoyed reading today’s article please subscribe here.

    Read more
    Choose the Right Career, Cyber Security vs Ethical Hacking

    Choose the Right Career, Cyber Security vs Ethical Hacking

    Deciding between cyber security vs ethical hacking? Read on as I describe the similarities and differences between them to get your career headed in the right direction!

    What Is Ethical Hacking?

    Ethical hacking is not just a bunch of people who hack into websites to steal information.

    It’s a form of computer security testing that involves professionals (aka “white hat hackers”) who have been trained to test a system or network to find vulnerabilities.

    The goal of ethical hacking is to find and fix flaws before they can be exploited, rather than after the fact.

    Ethical hackers have a set of ethics they adhere to while they’re working on a project—they only hack systems or networks with permission from their owners, and they always supposed to follow organizational guidelines for reporting the who/what/when/where/how of any discovered vulnerabilities.

    Those companies can then fix any issues before they’re exploited.

    Is Ethical Hacking and Cyber Security Same?

    Both ethical hacking and cyber security are focused on protecting computers and networks from malicious attacks.

    Ethical hackers use their knowledge to find vulnerabilities in systems and networks so that they can be patched up before real attackers take advantage of them.

    In doing so, ethical hackers are helping companies avoid having their data stolen or their reputation ruined by hackers.

    Cyber security professionals also have this same goal—they just go about it in slightly different ways.

    The biggest similarity between these two fields is that both require a deep understanding of computer science as well as a strong grasp of network administration principles (e.g. routing protocols, encryption methods, etc.).

    What’s the Difference Between Cyber Security and Ethical Hacking?

    Cyber security vs ethical hacking, let’s look at the real difference:

    Ethical hacking is the practice of testing a network or an information system for vulnerabilities before they can be exploited.

    Cyber security is a more holistic approach to ensuring the confidentiality, integrity, and availability of the organization’s information systems and data which involves many aspects, including ethical hacking. If you’re interested, you can read about all 11 cyber security domains here.

    Ethical hacking is a preventative approach to protecting information systems against intentional threats; on the other hand, cyber security is a preventative and responsive (i.e. once a security breach has occurred) approach that protects against both intentional and unintentional security breaches (ex. user clicks a button causing system to crash).

    This means knowing how to protect an organization against physical threats like fires or floods, internal vulnerabilities like poor employee practices, external threats like hacking attempts or network intrusions into your system.

    Ethical hacking doesn’t require knowledge of programming languages to start hacking; however, if you want to become an advanced ethical hacker, it does require solid knowledge of several programming languages.

    Cyber security is such a vast field, that programming is not required to succeed.

    If you’re interested in cyber security but don’t want to learning programming languages, consider a career as a cyber security analyst.

    As an ethical hacker, unless you decide to work in teams, you’re pretty much on your own; however, cyber security requires you to work in teams to ensure compliance with all areas of security.

    Which Is Better Ethical Hacking or Cyber Security?

    It’s a tough decision to make. On the one hand, cyber security is a field that’s growing rapidly, with plenty of opportunities for people with the right skills to get their start.

    On the other hand, ethical hacking is portrayed as the “cool” and specialized field that requires a lot of training and experience.

    If you’re not sure which path to take, here are some things to think about:

    Teamwork. If you’re interested in working with people, cyber security might be the better choice for you. If you’re interested in working autonomously (not alone), ethical hacking is better way to go.

    Technical Skills. You need a lot of technical skills to be an ethical hacker! You’ll want to be familiar with programming languages such as Python, C++, Java, SQL, etc., as well as operating systems such as Linux or Windows. But, if you choose to work in cyber security, you still need a heavy amount of technical knowledge, just in different areas. For example, if you choose a career in GRC (governance, risk, and compliance) you’d be required to understand the risk management framework along with applicable security control, policies, and procedures.

    Job Growth. Ethical hacking is a very specialized field within the cyber security industry. You’ll need to understand that the only growth in this field would be your breadth of knowledge and the speed of your skills. Beyond that, I wouldn’t expect much growth beyond the job title “Senior Ethical Hacker”. Growth after that may require you to become red team/blue team lead or switch into an engineering-type role (if you’re looking to stay technical). If we look at cyber security, growth has a much more natural progression. On the technical side, you can advance from cyber analyst to engineer to architect if you maintain your security certifications and learn to stay relevant.

    Job Availability. One of the biggest downsides to a career in ethical hacking is the severe lack of need. Most companies hire only one ethical hacker (or none). So, if you’re prepared to be the best of the best, then go for it; otherwise, there are plenty of jobs available right now for cyber security professionals who want to bring their knowledge and skills into the workforce quickly.

    Job Stability. Even if you do get hired, it may not be on a permanent position. You may be hired on a contractual basis where the scope of your position is to test a new software application or feature for vulnerabilities. As more security patches are implemented, fewer and fewer vulnerabilities become apparent. It may not be surprising to have your job eventually outsourced to a bug bounty program. By contrast, cyber security has very good job longevity. Once, you enter the field, there’s a very good chance, you’ll be here to stay for quite some time, assuming you don’t burn out!

    Cyber Security and Ethical Hacking Salary Differences

    The following shows the average and base salary of an ethical hacker from four separate sources.

    Depending on the source, the range may represent base salaries between the 25th – 75th percentile.

    Ethical Hacker:

    • PayScale: Base salary $49k – $112k and averages $80k
    • Salary.com: Base salary $83k – $132k and averages $104k
    • Glassdoor: Base salary $80k – $196k and averages $119k
    • ZipRecruiter: Base salary $127 – $142k and averages $135k

    Cyber Security:

    • PayScale: Average salary $92k (salary range not given)
    • Salary.com: (salary range not given and dependent upon exact job title)
    • Glassdoor: Base salary $62k – $180k and averages $98k
    • ZipRecruiter: Base salary $60k – $146k and averages $113k

    Unfortunately, the salary ranges and averages don’t align very well together, so a real determination can’t be made just from income alone.

    Just as a reminder, salary ranges and average are dependent on the sources input and method of calculation.

    As a reader, you’re cautioned to use additional sources to educate yourself on the total compensation.

    Is Ethical Hacking a Good Career?

    Hacking is fun and exciting. You get to learn about all kinds of new things, and it’s easy to feel like you’ve made the right choice if you’re just starting out.

    However, it’s not all fun and games—it’s actually hard work! You’ll spend hours researching different vulnerabilities and figuring out how they work, as well as actually finding them in real-world systems.

    This can be extremely tedious and boring at times, so make sure that this is something you’re willing to put up with before pursuing this career path.

    It’s a great career if you manage to get your foot in the door, but the lack of job opportunities should make you think twice before you decide to step into ethical hacking! While it’s ultimately dependent on your skills and interest, you might have a better chance of success looking at other career paths in cyber security.

    Create a Roadmap for Your Cyber Security Career!


    Cyber security vs ethical hacking, which career is right for you?…Click below to read more!

    What Is Ethical Hacking?
    Is Ethical Hacking and Cyber Security Same?
    What’s the Difference Between Cyber Security and Ethical Hacking?
    Which Is Better Ethical Hacking or Cyber Security?
    Cyber Security and Ethical Hacking Salary Differences
    Is Ethical Hacking a Good Career?

    by Amit Doshi

    Ready to Find the Cyber Career That Works for You?

    Read more