People talk about the cybersecurity job market like it’s a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do.
Similarly, OnGig.com, a company that helps firms write their job ads, analyzed 150 cybersecurity job titles and came up with its own top 30 list. This article is based on research I did with Springboard, one of the first cybersecurity bootcamps with a job guarantee and 1:1 mentorship.
In particular, CyberSeek.org, a joint industry initiative looking at the cybersecurity job market, offers an interactive list of not only the various positions within cybersecurity but offers you a career path showing how you can get promoted.
The complicated part is that these titles and roles generally aren’t standardized, plus they constantly change as the industry itself evolves. The National Institute for Science and Technology, in its National Initiative for Cybersecurity Education workforce framework, does try to standardize positions using the notions of:
- Tasks (the action the person performs)
- Knowledge (the concepts the person has to know)
- Skills (the capability of performing an action)
Organizations can use these concepts to create roles and teams to perform the tasks they need.
Something else to keep in mind: Human resources departments may not understand the cybersecurity job market or how to hire people in that field, according to the 2020 SOC Skills Survey from Cyberbit.
There are a few distinctions we have to draw here. Cybersecurity job roles are differentiated by the level of experience required, but also whether or not you’re red-team (offensive) or blue-team (defensive). Offensive roles (like penetration testers) will typically require more experience as you build your understanding of the defensive practice.
So what are some of the most common cybersecurity job roles, and how are they different from each other?
Some more entry-level positions, typically requiring a certification such as a CompTIA Security+, include:
- Cybersecurity Analyst: The cybersecurity analyst is responsible for protecting both company networks and data. In addition to managing all ongoing security measures, the analyst is also responsible for responding to security breaches and protecting company hardware, such as employee computers.
- Security Engineer: Security engineers are tasked with planning and executing a company’s information security strategy and maintaining all security solutions. They can also be responsible for documenting the security posture of their company and any issues or measures taken under their watch. Security engineers tend to be more defensive than their analyst peers.
- Security Consultant: The security consultant is responsible for evaluating a company’s security posture on a contract basis, while also serving as an advisor to other IT employees. The goal of the consultant is threat management, and they will often plan, test, and manage the initial iterations of a company’s security protocols. Consultants tend to be outside of an organization, while cybersecurity analysts will be internal.
More mid-level roles and more offensive roles, typically requiring a certification such as a Certified Ethical Hacker, include
- Advanced Threat Analyst: The advanced threat analyst will monitor computer networks with the goal of preventing unauthorized access to files and systems. They also provide reports to senior leadership involving the technical defense capabilities of the company.
- Information Security Assessor: The information security assessor reviews and makes recommendations about the security posture of a company. They do this by interviewing IT employees, reviewing the security of the network, and testing for vulnerabilities. The assessor also reviews the security policies and procedures of the company.
- Penetration Tester: The penetration tester is hired to hack the company’s computer networks legally. Testers may also use social engineering tactics and attempt to gain information by pretending to be someone of trust verbally. If vulnerabilities are found, the penetration tester will make recommendations to heighten security.
Higher-level positions, typically requiring a certification such as Certified Information Systems Security Professional (CISSP) and at least five years of experience, include:
- Information Security Analyst: The information security analyst is responsible for protecting the company network and maintaining all defenses against an attack. The analyst may also implement the company’s disaster recovery plan in the event of network outages. Incidentally, according to OnGig, this is the most-requested cybersecurity job description by employers.
- Information Security Manager: The information security manager develops policies and procedures aimed at securing the company network. They oversee information security analysts while ensuring that the company complies with information security standards and norms. As a manager, they are responsible for hiring and training new information security analysts.
Finally, there’s the Chief Information Security Officer. This is a mid-level executive position, often reporting to the Chief Technical Officer, Chief Information Officer, Chief Financial Officer, or even the Chief Executive Officer, and oftentimes represents the end-goal of cybersecurity career paths.
The CISO is responsible for overseeing the company’s overall security plan. They are ultimately responsible for network security breaches and work with other executives to ensure departments comply with security standards.
As you can see, there are many possible titles for cybersecurity jobs, and it’s important to know the most common ones. At the same time, it’s also important to pay attention to how a particular company defines the role, so you end up in the right job for you.