With data breaches and headline-grabbing ransomware attacks becoming more common and increasingly sophisticated, cyber security professionals have never been in higher demand
Salaries across the sector are rising and by 2022 there will be 100,000 unfilled cyber security jobs in the UK alone. Right now, cyber security is a brilliant career path - whether you're technical or not.
Find out what skills, experience and qualifications you'll need to work in cyber security, a cutting-edge industry that's crying out for skilled professionals.
Graduate entry into cyber security
Because of the relatively young age of the cyber security industry, career paths are not always clear. Graduates have two primary routes: specialising their knowledge through a cyber security Masters degree or starting a junior role.
'For most graduates, a junior role with on-the-job experience is often the better option,' says Richard Diston, senior cyber security instructor at Firebrand Training. 'Not only will you be learning, but you'll be gaining invaluable experience that is essential for many industry-recognised certifications.'
By starting a junior role after graduation, you'll get the opportunity to build your hands-on cyber security expertise sooner. Not only will this help you find work if you decide to move to a new company, but by working on the frontlines you'll meet certification prerequisites faster.
That's not to say taking a cyber security Masters will affect you negatively. Employers are ultimately looking for a balance of practical skills backed up by qualifications.
A Masters is a fantastic way to study the wider cyber security landscape - ideal if you're unsure where you'd like to specialise or want a solid foundation of knowledge before you join the job market. Search for Masters degrees in cyber security.
It's worth noting that a degree in computer science is not essential for a job in cyber security. Non-technical professionals often have a range of transferable skills that are essential in cyber security, especially in the realms of management and training.
Cyber security apprenticeships
Another great option for graduates aiming to break into the industry is to take a cyber security apprenticeship. You're eligible to apply if you don't hold a qualification in a technical field at a higher level - like a computer science degree.
On an apprenticeship, you'll receive training and certification from industry leading vendors, like Microsoft and (ISC)2. Training is provided through government-approved training providers.
'It's not uncommon for graduates with unrelated degrees to pursue a career in cyber security through apprenticeships. One of our recent cyber security apprentices holds a Masters in nuclear fission,' explains Gavin Freed, chairman of Firebrand Apprenticeships.
Apprenticeships are an ideal mix of on- and off-the-job learning, resulting in qualifications and masses of industry experience. For more information on the cyber security programmes currently available visit the Institute for Apprenticeships.
Cyber security career paths
Graduates can enter into entry-level security roles after university, while existing IT professionals can enter from IT support, networking or telecoms positions.
Cyber security is broad and provides opportunities for professionals with varying backgrounds, but there are some common career paths:
- Network security - network security specialists detect, prevent and resolve threats to computer networks, playing a key role in the protection of sensitive company data.
- Security management - security managers oversee the security strategies across an entire business, including risk management, data privacy and firewalls. 'It's a myth that you need to spend years on the shop floor,' says Richard. 'If you want to pursue a career in security management, the sooner you start working towards it the better - you don't necessarily need five years' basic experience if you can demonstrate business acumen.'
- Penetration tester - penetration testers (also known as ethical hackers) are hired by businesses to test their security systems. These professionals will safely and legally launch cyber-attacks on their clients. If vulnerabilities are found, they will be reported to the business alongside guidance on how they can be fixed.
Certifications for a career in cyber security
A degree can get your foot-in-the-door, but to progress your career and keep up-to-date with the latest technologies, certifications are key - especially within the IT and cyber security industries.
By achieving properly vetted and industry-recognised certifications you'll do more than just get a benchmark for your knowledge. Certifications are great tools for cyber security career progression and don't just build technical skills.
These qualifications will also teach you the value of your own expertise and build communication skills - crucial if you consider moving from a technical to a managerial role.
There are a number of well-regarded certifications that you should be aiming for as a cyber-security professional:
- Certified Ethical Hacker - the Certified Ethical Hacker is a popular entry-level cyber security certification that introduces you to the hacking tools and techniques used by real cyber criminals. By familiarising yourself with how hackers think, you'll be better at fixing vulnerabilities and flaws you might otherwise miss.
- CISM - there's growing recognition for the CISM (Certified Information Security Manager) offered by ISACA. As the name suggests, the CISM is designed for security managers. It's an expert-level certification that proves skills in risk management and enterprise security systems.
- CISSP - the CISSP (Certified Information Systems Security Professional) is among the most sought-after certifications in security. Achieving the CISSP certification is a career highlight and is aimed at the top-tier of cyber security professionals.
To even sit the exam, you'll need five years of cyber security work experience. Graduates that begin their career directly after university will be able to achieve this certification sooner.
When progressing your cyber security career, consider additional background qualifications you could earn to broaden your skillset:
- to build security basics - Security+
- to learn about network security - Certified Network Defender
- to build expert cloud security knowledge - CCSP
- for risk management professionals - CRISC.
The value of people skills
People skills and the ability to communicate are key within cyber security. 'Even if you're the smartest person in the room, you're at a disadvantage if you can't explain the importance of the flaw you've just uncovered,' says Richard.
Knowledge of the commercial aspects of the job and of the wider picture outside of IT is also advantageous. These skills can be taught through certifications, like the CISM, which also teaches the language of business.
Find out more
- Read the information security specialist job profile.