How to Start a Cyber Security CareerOverview Training & Certification Skills, Knowledge & Attributes Career Paths Work Environment Compensation F.A.Q Explore Courses
How to Start a Cyber Security Career
By: Gabriel Quiroz
Last updated: November 12, 2022
Gabriel Quiroz is the Academic Manager, IT Programs, at the Toronto School of Management (TSoM). He has worked internationally in IT roles in technology, health care and manufacturing sectors and is CompTIA Security+ certified.
Cyber security talent is expensive and hard to find. That is good news for anyone serious about a cyber security career, which offers good pay, high job growth and plenty of worthwhile challenges. Regardless of your reasons for pursuing a cyber security career – money, a more challenging job, or a genuine desire to protect critical information and infrastructure – opportunities in this field will only continue to grow.
But what is cyber security? Let us break it down: “cyber” is the medium and “security” is the practice. The action of “securing” has been done through the ages, but the “cyber” component is relatively new and fast-changing during this period of rapid technological advancement – what some are calling the “Fourth Industrial Revolution.” Your work as a cyber security professional will be to protect critical information or systems from digital attacks.
As more organizations operate with digital systems, it is necessary to protect those assets. Cyber security is comprised of three main components, known as the CIA triad: (1) Confidentiality, (2) Integrity, and (3) Availability. Within any part of cyber security, you will encounter each of these three components to varying degrees. Understanding them and their interrelationships will be essential to landing a cyber security job in this exciting field.
Training & Certification
The last five years have seen a proliferation in cyber security courses, cyber security certifications and even the emergence of cyber security degree programs. Yet despite growth in training opportunities, demand for cybersecurity talent continues to outpace supply.
There are various paths to take when it comes down to training and certification. It will depend on what career path you would like to take. Look at the CompTIA certification roadmap, it is a great visual tool to see different career paths and what kinds of certifications are needed for each. It is important to note that these are not set in stone and certain certifications are transferable.
If a job calls for a specific technology that you can get certified in, move forward with obtaining that certification. Other than those specific cases, a formal school setting will be useful in helping you navigate through critical concepts, tools and essential skills in cyber security.
This one-year Co-op diploma is ideal for students looking to acquire in-demand skills and specialized knowledge in all aspects of cybersecurity including blockchain, risk management, big data and the IoT (Internet of Things). The need for cybersecurity expertise is only … Continue reading →
The internet is only as safe as the people, code and measures that defend it. This intensive 12-week gives you the fundamental knowledge, real-world experience, and critical soft skills you need to kickstart a rewarding career in cyber security. This … Continue reading →
Springboard has partnered with CompTIA, the world’s leading tech association, to create this program. CompTIA has developed certification exams that map directly to today’s current IT job roles. CompTIA’s Security+ certification lays the groundwork for specialized career paths in cybersecurity. … Continue reading →
Analyste en sécurité informatique Le programme d’Analyste en sécurité informatique de l’Institut Trebas vous formera aux meilleures pratiques en matière de sécurité informatique. Vous disposerez ainsi des outils et des compétences nécessaires pour participer à l’élaboration de modèles, de systèmes … Continue reading →
BrainStation’s Cybersecurity Certificate Course is designed to provide individuals and organizations with a detailed understanding of how to protect mission-critical data and secure day-to-day operations. Taught by industry leaders, this course uses an applied, project-based learning model that ensures professionals … Continue reading →
Jan 9 - Feb 27, 2024
Jan 24 - Mar 13 2024
Feb 8 - Mar 28 2024
Feb 22 - Apr 11 2024
Mar 5 - Apr 23 2024
Mar 19 - May 7 2024
Apr 4 - May 23 2024
The Bachelor of Computer Science (Honours) (BCS) degree is a four-year program, including three paid co-op work terms, which will prepare graduates for a number of progressive job opportunities as high quality software developers. Building upon the recognized foundations of … Continue reading →
Develop the skills you need to become a successful Cybersecurity Analyst with CCTB’s one-year post-secondary diploma. Through a mixture of in-class lessons and practical work experience, you will gain an expert knowledge of operating systems, data management and general system … Continue reading →
In this certificate, you will learn about cyber crime – the latest evolution in criminal activity, as our world becomes increasingly digital. Various groups of hackers, criminals, organized crime and malicious insiders are utilizing new technologies to perpetrate criminal activity. … Continue reading →
Protect the digital systems of today and beyond. Graduate with the essential skills for cyber threat detection and mitigation. Combine experiential learning in Mohawk’s cyber labs with independent online learning. Participate in simulation labs where you will defend against cyber … Continue reading →
The need for cybersecurity expertise is only going to increase as the technological industry continues to evolve and expand. Working professionals and recent graduates can advance their career goals by building on their previous education and experience with a Cybersecurity … Continue reading →
The key to truly learning cyber security is practice. Completing formal education is just the beginning. You must regularly contribute to and be up-to-date with the latest trends to maintain your certificate status (depending on the certification).
It is also important to carry a balance of formal education and training. A terrific way to get a combination of both learning and practice is through a co-op program or capstone project. Co-ops and capstones, like the Diploma in Cybersecurity Specialist Co-op where I teach, at the Toronto School of Management, are usually part of a school’s curriculum along with courses relevant to your degree.
Skills, Knowledge & Attributes
To become a cyber security expert, you will need to have “soft” and “hard” technical skills. Depending on the situation (e.g., the practice, project, organizational needs, etc.), the required technical skills will vary. For example, database handling and creating a Virtual Private Network (VPN) are two very different technical skills. The size of the organization can also influence which technical skills you may need to acquire. Some jobs will expect you to possess specialized skills that push your technical understanding, while other, usually more junior roles, will provide the on-the-job training you need to perform your duties.
Within cyber security, there are certain technical skills that you should have to better understand industry standards and applications. These include:
- A basic understanding of cloud computing, networking and network topologies
- Familiarity with the Open Systems Interconnection (OSI) model and how operating systems work
- An understanding of program syntax
- Knowledge of advanced settings on operating systems (Windows and Linux, for example)
- Knowledge of how to evaluate network architecture
- Understanding of anti-virus principles, VPNs, firewalls
While you do not necessarily have to become a functional expert in these to begin your career, having a firm grasp on what they are and how they work will help give you a firm foundation for a cyber security career.
Soft skills are also applicable within any cyber security role. From Chief Information Security Officer (CISO) to staffing the Help Desk, you will need to collaborate with key stakeholders and be expected to distill technical information in ways that can be understood by non-technical audiences. The following are important soft skills to have and continuously develop:
Communication: A recent IBM Cyber Security Intelligence Index Report has shown that humans are responsible for 95 per cent of security breaches. Within cyber security, it is therefore important to remember that although we work with machines, human behaviour will always be a factor in keeping systems secure. Unlike the technologies that operate at nearly perfect levels of precision and predictability, people and organizations will need to be educated and managed accordingly.
Patience and Diplomacy: Not everyone is going to understand (or care) about what you do within cyber security. People will be your greatest weakness, as well as your greatest strength. Understanding that safe cyber security practices are everyone’s responsibility not only improves workplace culture but also ensures strong security – this is known as the “human firewall”. Finding ways to communicate across all levels of your organization while implementing practices that people will follow will be critical to your long-term success.
Collaboration: In cyber security, you are inevitably going to be working with other departments and stakeholders. It is important to be able to work with others inside and outside of your own department. You may work with engineers, executives, technical support staff, sales teams, vendors, and others. You will inevitably need to be able to work with others to achieve a common cyber security goal.
A Growth Mindset: A desire to learn continuously will be essential in this fast-changing field. Staying on top or ahead of industry trends and new technologies and practices will be a part of the job, because malicious actors themselves will continue to try new ways of exploiting systems.
There are many new and emerging career paths open to aspiring cyber security professionals. They include: Network Analyst, Auditor, Programmer, Cloud Architect, Penetration Tester, and Compliance Manager, among others.
One helpful way to simplify your understanding of potential cyber security career paths is to break them down into two main categories: (1) generalists and (2) specialists.
Generalists work in distilling technical information. They know enough about a wide variety of topics to perform multiple functions at once or to oversee the integration of multiple components. Examples are project managers, auditors, analysts, and support staff.
Specialists, on the other hand, focus on a specific industry or technology. Specialist roles may also require knowledge of specific tools. For example, you may need to use Microsoft Azure when working with Cloud Computing Systems; Cisco when working with a Network; or Siemens when working with the Industrial Internet of Things (IIoT). Every aspect of technology needs a specialist to come in and understand the fine details of technical specifications.
Some of the most common career paths for those getting started in the cyber security industry are:
IT Helpdesk (Tier 1)
“Some security operation centers (SOCs) are an extension of the help desk, or in some security-based companies, the SOC is the help desk,” according to a report by CompTIA. The point is that many cyber security careers continue to begin at the help desk, where you will have direct and daily contact with users and customers who are experiencing attacks. A good analogy would be to triage in a hospital, where you are the first point of contact and responsible for directing people to the right solution.
Entry Level Cyber Security Analyst
In this role, you will need to monitor and understand your organization’s IT infrastructure — hardware, software and networks — to evaluate threats and work with other cyber security professionals to resolve them.
Junior Network Technician
This role will require you to understand and repair computers and network systems. Basic functions of the role include setting up internet connections and networks, but this, too, can serve as a natural stepping stone into an analyst role.
Junior Penetration Tester
In this role, you will help improve computer security by finding and exploiting vulnerabilities. The role may include planning and executing evaluation tests, programming software and monitoring reports of potentially relevant cyber security threats. This can be an excellent way to familiarize yourself with the tools and techniques used in cyber security before advancing into a specialist role.
An Incident Analyst diagnoses and documents cyber security events, reporting findings to senior technical leaders and management. An Incident Analyst may also be expected to develop and implement strategies for handling or safeguarding an organization from similar events in future.
Other areas and roles to be aware of as you progress in your career include: Chief Information Security Officer (CISO); Chief Privacy Officer; Computer Forensics; Cryptographer; Malware Analyst; Cybercrime Investigator; Security Architect; Security Consultant.
There are many different types of work environments in cyber security. Some are sedentary and independent, while others consist of large groups that require physical activity. For example, if you work at a large data center, you may need to work across large areas and in the field to support the organization’s systems.
On the contrary, if you are a cryptographer, you might be in front of your computer most of the day working with code and data. Considering whether you are someone that engages better with groups or works better alone will help you choose your best path forward and increase your chances of building a healthy relationship between you and your work.
Typical work hours will vary. Depending on your role or the sensitivity of the data you are working with you may be required to work overnight, weekends, and holidays. Understand that security is a 24/7 operation. With extremely sensitive data projects, you may be called to work additional hours. For example, if you are working with the government or military, you may be asked to work overtime in the event of a crisis.
The average salary of a Cybersecurity Analyst in Canada is $71,458 according to Glassdoor’s latest labour market data. Here is a breakdown of salary ranges for common roles across Canada organized by seniority:
|Computer Forensics Analyst||$47,000 - $134,000|
|Penetration Tester||$57,000 - $160,000|
|Malware Analyst||$71,000 - $165,000|
|Cybersecurity Engineer||$61,000 - $160,000|
|Security Analyst||$93,000 - $117,000|
|CISO (Chief Information Security Offier)||$142,000 - $245,000|
However, salary will vary depending on organization size, position, and location. Look at an employer’s overall compensation package and keep the big picture in mind throughout the hiring process. The salary at one job could be higher than another, for example, but the stress, qualifications and working hours at that job may be higher too.
Also, consider total compensation, which includes, in addition to salary, things such as the bonus structure, vacation time, health plans, and other employee benefits that come with a job.
Taking your own personal situation into account is important too (e.g., regularly working six days a week may not be desirable — or possible). Looking at the full employment package and determining whether it provides what you need to enjoy a fulfilling cyber security career will make all the difference.
Gabriel Quiroz is the Academic Manager, IT Programs, at the Toronto School of Management (TSoM). He has worked internationally in IT roles in technology, health care and manufacturing sectors. His licenses and certifications include: CompTIA Security +, Project Management Professional (PMP), PMI Agile Certified Practitioner (PMI-ACP), and Lean Six Sigma (Green Belt).