How to get into cybersecurity
Cybersecurity is one of the most important professions in the modern business landscape. The vast majority of businesses that are connected to the internet need some sort of protection. And even companies that aren’t yet undergoing full digitization of their business model still need to guard against security threats.
Read on to learn how to get into cybersecurity, the kind of salary you can expect, exactly what cybersecurity professionals do, the skills you need, and how we can help you meet your career goals.
What a cybersecurity professional does
Cybersecurity is all about protecting people and organizations from online threats. It also intersects with information security, or InfoSec. InfoSec involves protecting sensitive and valuable information in general, including information that’s not connected to a network.
But because cybercriminals can use the internet and other forms of network-capable technology to penetrate even physical security mechanisms, InfoSec and cybersecurity have become inextricably linked. So, as a cybersecurity professional, you can expect to be involved in guarding all of the information, networks, systems, applications, and devices of an organization.
You can also expect to devise and deploy solutions to protect the devices of people who connect to the organization’s network. And, similar to how cybersecurity also includes general InfoSec, as a cybersecurity professional, you also have to protect the personal data of users who connect to your network, even if this data has nothing to do with the business you’re conducting with them.
Cybersecurity is unique from many other kinds of security in that every aspect of an organization’s digital infrastructure needs to be guarded, as do the activities and information of those who come across it.
Here’s a real-world example to help explain: if a policeman in a park were like a cybersecurity professional, they’d have to simultaneously prevent all robberies, vandals, “peeping Toms,” and assaults. At the same time, they’d also have to control where each pedestrian walked, ran, or biked, as well as the games they played, exercises they performed, and what they ate and drank.
To bring this back to what a cybersecurity professional does— they need to create a safe environment for everyone interacting with an organization’s digital resources, including customers and random passersby.
The first “step” in getting into cybersecurity is embracing this unique and valuable challenge. A great place to start your journey is our catalog of cybersecurity-related courses. These courses will give you the background you need to be a useful member of an organization’s cyber defense team.
Cybersecurity salary overview
Given the wide variety of responsibilities a cybersecurity pro has, it’s no surprise that their salaries can climb well into the six-figure range. The average salary for cybersecurity professionals is between $90,000 and $160,000, without including bonuses or shares of company stock.
The pay of a cybersecurity professional climbs quickly as the years go by. For example, when you go from having less than a year of experience to between one and four years of experience, your pay increases by about 13%.
The amount you make also goes up according to your title and responsibilities. A Chief Information Security Officer can make as much as $420,000, and a Lead Software Security Engineer can easily make more than $225,000 a year.
The key to accessing these levels of pay is to build a solid foundation of skills and experience. Our Introduction to Cybersecurity course is a great place to start. Here, you’ll gain a broad understanding of cybersecurity that can serve as your foundation for branching off towards a specific discipline or becoming a cybersecurity manager.
The different roles involved in cybersecurity
While cybersecurity involves a vast number of solutions and technologies, the roles of cybersecurity workers generally fall into one or more of the following categories:
You can’t do everything on your own, and, in most cases, it’s best to leave certain technologies and solutions up to those who have specialized in using or creating them for years. So one of the primary roles of a cybersecurity professional is managing the different vendors providing security services to the organization.
For example, several companies provide security incident and event management (SIEM) services. These vendors have a digital infrastructure already set up that can keep track of security events, organize them according to severity and risk profile, and advise or execute mitigation efforts. As a cybersecurity expert, you may be charged with choosing the right company for SIEM and working with them to ensure their solution is customized to your company’s needs.
Customizing vendors’ services is a primary element of your job as a cybersecurity pro because it’s never a one-size-fits-all scenario. For instance, there could be two large organizations that store the bulk of their data in the cloud. They may also have cloud-based apps handling some core aspects of their businesses.
But, if one company is storing customer payment data and the other is storing architectural plans and blueprints, they’ll have vastly different security needs. The frequency of backups, the access permissions, and ensuring all legislative regulations are satisfied would require completely different procedures, tools, and maintenance routines. It’s up to you to decide how to ensure all vendors meet those needs.
Intelligence analysis involves looking at the profiles and behaviors of specific threats and then using that information to come up with mitigation and prevention solutions. Cybersecurity intelligence is very similar to what is used in the military or crime prevention. You assess the threats on the landscape, how they may impact the business, and then find ways to limit vulnerabilities that make your organization an easy target.
For example, even if the organization you work for has defense mechanisms to prevent ransomware attacks, a new threat may appear in the global threat landscape. You have to then ask:
Is the organization already protected from the malware that propagates this kind of ransomware?What technologies are needed to ensure we are ready to block it?If the threat were to successfully get into our system, what would be the steps we’d have to take to get back up and running as soon as possible?
In this way, you can put the organization in a strong position to protect itself or recover from new and existing threats.
Network support involves ensuring the network and the devices on it can handle regular requests and the computational demands of day-to-day business activities. While this may sound like a responsibility of a Network Architect, it’s equally important for a cybersecurity expert.
This is because cybercriminals and hackers will often try to find vulnerabilities in networks, devices, or applications when they’re overburdened by the processes they have to manage. Ensuring the network has the throughput and stability it needs can prevent a variety of security events down the road.
In many situations, software solutions are already available, and a cybersecurity expert just has to locate them, configure them to suit the organization’s needs, then deploy and manage them. But, because certain types of malware and other threats are specifically designed to take advantage of vulnerabilities found in code, cybersecurity may involve finding and fixing code vulnerabilities within applications.
A common example is when you’re working with a database. Databases can contain large volumes of sensitive information about the company, employees, and customers that cybercriminals would love to get their hands on. A vulnerability in the way a database processes a request, for instance, can make it relatively easy to hack into. As a Cybersecurity Specialist, you may have to go in and change the code to prevent an intruder from gaining access.
Software development is also key when you have to work with a DevOps team to ensure the security of the application they’re creating. You may have to know the basics of how the code works, how the application works with dependencies, and the resources it consumes while it performs different functions. This way, you can quickly spot potential security vulnerabilities.
Basic knowledge of a variety of programming languages can benefit cybersecurity professionals. Our courses can help you get started learning a new language, or build on your existing skills. These include the:
A Cybersecurity Specialist often works within cloud environments to secure cloud-native applications, processes, and resources. Also, as an organization connects physical resources and devices to the cloud, certain vulnerabilities may arise if the network’s security isn’t adequate. Understanding the threats that come with cloud computing, and those that could impact the networks used to connect to the cloud, is essential to a cybersecurity pro’s job.
Cybersecurity may also involve assessing the risks presented by applications designed to either run in the cloud or manage cloud-based systems. For example, the programming language Go, short for “Golang,” is used to design cloud-native applications. Our Learn Go course can provide you with an understanding of how Go works and cover cloud computing app design principles that apply to other languages that are used in cybersecurity.
As customer and employee information moves more and more in a digital direction, cybersecurity plays an increasingly important role. In some organizations, like hospitals, law enforcement institutions, and any company that may do business with a government, conforming to identity management protocols can make the difference between business as usual and having to deal with hefty fines and reputation-destroying headlines.
Identity management typically involves:
Protecting customer informationGuarding payment detailsEnsuring the login and access credentials of employees and other workers is secureProtecting the private information of executives and other key stakeholdersEnsuring each member in the organization understands their responsibilities when it comes to managing their identity information
The tools of cybersecurity
Because there are so many threats and different types of digital ecosystems, there is no shortage of tools available for use. In some cases, such as with some antivirus software, a tool may need minimal configuration to perform its duties.
In other situations, deep knowledge of a tool’s settings, potential, and processing requirements is needed to get the most out of it. This is where a cybersecurity expert plays a vital role. Here are some of the tools cybersecurity professionals need to be comfortable with:
Firewalls. Firewalls filter data going in and out of a network or device. They’re used to detect and discard data packets that contain threats, set up secure networks, and prevent access to potentially harmful websites.Antivirus software. Antivirus software blocks viruses and malware while also providing options for quarantining threats and logging information about them for further analysis.Network security monitoring tools. These continuously scan your network for known threats as well as abnormal behavior that may signify danger.Encryption tools. These tools encrypt data and transmissions, so even if a hacker were to steal the information or eavesdrop on the connection, they wouldn’t be able to use what they got.Packet sniffers. Packet sniffers perform a similar function as firewalls, but they can be deployed across an entire network to analyze all data moving to and from different endpoints. A firewall typically is put in a single position to guard against dangers at that specific point.Penetration testing tools. These include a variety of hardware and software technologies used to test how successfully a system can defend against threats. A cybersecurity expert would use them to try to impact a network, device, or network segment with a specific kind of threat. They’d then provide a report to the organization about the results.Public Key Infrastructure (PKI) tools. PKI systems use keys to secure information as it’s transmitted between systems or users. They’re used to secure sensitive transmissions over cloud networks, virtual private networks (VPNs), through email, and more. They also ensure user authentication procedures are protected.
The technical skills you need for cybersecurity
To succeed in cybersecurity, you need to have at least a foundational knowledge of several technical disciplines, primarily because there are so many technologies and digital environments you have to protect. Some of the most important technical skills include the following:
An understanding of how software works and is developed
Knowledge of software for a cybersecurity expert is like knowledge of human biology for a doctor. While you may be able to throw technology to temporarily address symptoms of a weakness in the network or an application, only with a basic knowledge of how software works can you mitigate the real cause of the problem.
When the question, What languages do I need to learn for cybersecurity? was asked in our Codecademy Forums, community member Astv99, who used to work in cybersecurity as an ethical hacker, said:
“Malware most often runs on Windows PCs (although there are certainly ones that run on Mac and Linux now), and because of that, you absolutely should understand x86 Assembly because you’re going to see it a lot… it might be beneficial to learn C as well. You’ll learn more about the stack and heap that way…if you’re not already familiar with how to read binary and hexadecimal numbers, that’s very important too.”
We have a number of courses to help you gain the foundational knowledge you need to succeed in cybersecurity. With courses like Learn C#, Learn Python 2, and Learn Java you can walk away with a grasp of how thousands of applications work from the inside out. This empowers you to be a digital surgeon, as opposed to slapping temporary Band-Aids on issues.
Working knowledge of network architecture
As a cybersecurity expert, you need to understand how networks process and transmit information, as well as how web-based applications function. This involves understanding:
How data goes from one place to the nextThe hardware needed to transmit dataHow the capabilities of hardware and software impact data transmissionFactors that affect throughputs, such as processing power and physical limitations
An understanding of how operating systems work
An operating system processes and responds to requests from users while interfacing with software and different kinds of data. So, a cybersecurity expert needs to know what different operating systems, like Windows, Linux, macOS, iOS, and Android, do with data and how they do it. This is primarily because hackers love to hone in on vulnerabilities caused by how operating systems process information and tasks.
Presentation skills using PowerPoint, Excel, and other apps
Effectively presenting ideas is often as — or more — important than coming up with them. While you don’t necessarily have to grasp every feature of apps like PowerPoint, Excel, and Microsoft Word, you should be comfortable using them to put together something that can be easily understood by a variety of audiences — both those with and without technical knowledge.
The soft skills you need for cybersecurity
Soft skills in cybersecurity are just as important as hard — or technical — skills because your job centers around learning about problems and conveying solutions to stakeholders. With this in mind, you’ll need to be able to:
Listen empatheticallyProblem-solveFollow through on solutions you or others come up withUnderstand how small challenges interface with high-level objectivesLead others on a teamTake feedback from team members and managers
If you’re ready to learn more about cybersecurity and potentially pursue a career in this exciting field, check out our Introduction to Cybersecurity course. Our courses arm you with a solid understanding of the role of a cybersecurity professional and a deep portfolio of skills that can position you to be an effective cybersecurity professional.
We also have several resources to help you with your job search, including what questions to expect during a cybersecurity interview. Also, you’ll have the chance to create projects to include in your portfolio to present to potential employers during your online courses.