A cybersecurity career path involves protecting an organization’s systems, networks, and data from cyberattacks. This can include a wide range of tasks, such as monitoring networks for security threats, implementing security measures, and responding to incidents when they occur.
If you’re interested in cybersecurity and want to know more about the career path, this guide covers cybersecurity roles at every level, typical salaries, industry outlook, and more.
- Cybersecurity Career Path
- Cybersecurity Certifications, Skills, and Education
- Cybersecurity Salary
- Cybersecurity Jobs Outlook
Cybersecurity Career Path
The cybersecurity field is constantly adapting to keep up with current threats and new technology. Fortunately, this means there are a variety of roles to pursue, no matter your experience level.
The possibilities are endless. You usually start as an analyst, whether it’s general security or IT help desk. Eventually, you begin to develop a specialty or niche based on what it is you prefer to do. Perhaps you want to focus on incident response, identity, access management, or resiliency.
Note that an executive cybersecurity path is available to those who want to keep advancing to the top. The highest-ranking cybersecurity professional is usually the Chief Information Security Officer, and it takes years of technical and nontechnical experience to get there.
CyberSeek, a project from the National Initiative for Cybersecurity Education (NICE), has created an interactive career pathway site for job seekers, with information on cybersecurity jobs, average salaries, and feeder roles that are good transitions into a cybersecurity career. Jobs without feeder roles listed generally require prior cybersecurity experience.
Entry-Level Cybersecurity Roles
Cybersecurity Specialist
- Average salary: $106,810
- Feeder roles: networking, systems engineering, financial and risk analysis, security intelligence, IT support
- Moves into: any mid-level roles
Cyber Crime Analyst
- Average salary: $100,000
- Feeder roles: networking, systems engineering, financial and risk analysis, security intelligence, IT support
- Moves into: any mid-level roles
Incident and Intrusion Analyst
- Average salary: $86,428
- Feeder roles: networking, systems engineering, financial and risk analysis, security intelligence, IT support
- Moves into: any mid-level roles
IT Auditor
- Average salary: $110,000
- Feeder roles: networking, systems engineering, financial and risk analysis
- Moves into cybersecurity consultant or penetration and vulnerability tester roles
Mid-Level Cybersecurity Roles
Cybersecurity Analyst
- Average salary: $107,500
- Feeder roles: networking, software development, systems engineering
- Moves into: any advanced-level roles
Cybersecurity Consultant
- Average salary: $93,067
- Moves into: any advanced-level roles
Penetration and Vulnerability Tester
- Average salary: $101,662
- Feeder roles: networking, software development, systems engineering
- Moves into cybersecurity engineer or cybersecurity architect roles
Advanced-Level Cybersecurity Roles
Cybersecurity Manager
- Average salary: $136,236
- Cybersecurity Engineer
- Average salary: $113,758
- Feeder roles: networking, software development, systems engineering
Cybersecurity Architect
- Average salary: $163,121
- Feeder roles: networking, software development, systems engineering
According to CyberSeek, most job openings are for advanced-level cybersecurity engineers, followed by mid-level cybersecurity analysts, penetration and vulnerability testers, and cybersecurity consultants.
Cybersecurity Certifications, Skills, and Education
While education and certifications are vital for cybersecurity careers, skills and work experience are starting to pull ahead in terms of what employers seek.
Certifications
Regarding certifications, it depends on what route you want to take. Initial certifications for people looking to start would be the CompTIA Security + or CSX-P, the CRISC or CISM certification offered by ISACA for the risk management side.
The CISSP is an excellent certification across the board but may only be for some due to its very technical nature. Indeed, CyberSeek includes CISSP as a top certification for advanced-level positions.
While certifications are tremendous and prove your dedication to the craft, nothing will surpass real experience, so always seek to supplement your certificates with experience when you can.
Skills
Strong strategic thinking and adaptability skills are essential as cybersecurity professionals must continually adapt to prevent and respond to new threats. Problem-solving skills are also crucial soft skills — ranked in the (ISC)² survey as the second most important qualification for cybersecurity employment.
However, communication skills are paramount for aspiring cybersecurity workers and those already in the field who want to advance their careers. The ability to communicate with nontechnical professionals sets security professionals apart from their peers.
Nontechnical business units fund security functions, so you will find yourself in situations where you are requesting funding for a critical project, but the person approving the funds doesn’t necessarily understand what you are doing. You will quickly advance if you can successfully explain what you do and why it’s critical to the business.
Some of the top specific hard skills for entry-level cybersecurity positions are:
- Information security/assurance
- Security operations
- Cryptography
- Risk assessment and management
- Threat analysis
Education
Your college education can help you gain the skills you need to find entry-level cybersecurity jobs, such as a solid understanding of technology and the technology stack. Cybersecurity will always have some technical component or implication, so knowing what you are protecting is essential.
Slightly more than half (51%) of surveyed cybersecurity professionals pursued bachelor’s degrees in computer and information sciences, followed by engineering degrees (19%) and non-IT degrees (30%), according to (ISC)².
However, younger generations are forging new cybersecurity career paths. Just 50% of cybersecurity professionals under age 30 started with a career in IT before moving into cybersecurity, compared to 77% of those aged 50-54.
In addition, 23% of under-30s pursued cybersecurity education before getting their first cybersecurity job, 14% moved into cybersecurity from a different field, and 12% explored cybersecurity training on their own before being recruited — vs. 4%, 13%, and 4%, respectively, for ages 50-54.
Cybersecurity Salary
The median annual salary for cybersecurity professionals in 2022 was $134,800 in North America, according to (ISC)². Cybersecurity workers in the U.S. earn up to $150,000 a year with a doctorate, $142,00 with a master’s degree, $130,000 with a bachelor’s degree, and $127,750 with an associate degree.
Information security analysts earned annual average salaries of $113,270 in 2021, with the top 10% earning more than $165,920. California and New York are the top-paying states for this role.
Cybersecurity Jobs Outlook
As innovation in technology progresses at a dizzying pace and the threat landscape continues to grow, cybersecurity jobs will remain in high demand. For example, the Bureau of Labor Statistics estimates that job openings for information security analysts will increase by 35% from 2021 to 2031 — much faster than average.
According to CyberSeek, there were 1.1 million cybersecurity workers in the U.S. in 2022. However, only enough U.S. cybersecurity professionals can fill 65% of available jobs.
This “cybersecurity workforce gap” left more than 410,000 cybersecurity jobs unfilled in the U.S. (3.4 million worldwide) in 2022, according to (ISC)². Globally, the gap has grown over twice as much as the workforce, and Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity positions by 2025.