How to Start a Cybersecurity CareerOverview Training & Certification Skills, Knowledge & Attributes Career Paths Work Environment Compensation F.A.Q Explore Courses
How to Start a Cybersecurity Career
By: Gabriel Quiroz
Last updated: June 29, 2022
Gabriel Quiroz is the Academic Manager, IT Programs, at the Toronto School of Management (TSoM). He has worked internationally in IT roles in technology, health care and manufacturing sectors and is CompTIA Security+ certified.
Cybersecurity talent is expensive and hard to find. That is good news for anyone serious about a cybersecurity career, which offers good pay, high job growth and plenty of worthwhile challenges. Regardless of your reasons for pursuing a cybersecurity career – money, a more challenging job, or a genuine desire to protect critical information and infrastructure – opportunities in this field will only continue to grow.
But what is cybersecurity? Let us break it down: “cyber” is the medium and “security” is the practice. The action of “securing” has been done through the ages, but the “cyber” component is relatively new and fast-changing during this period of rapid technological advancement – what some are calling the “Fourth Industrial Revolution.” Your work as a cybersecurity professional will be to protect critical information or systems from digital attacks.
As more organizations operate with digital systems, it is necessary to protect those assets. Cybersecurity is comprised of three main components, known as the CIA triad: (1) Confidentiality, (2) Integrity, and (3) Availability. Within any part of cybersecurity, you will encounter each of these three components to varying degrees. Understanding them and their interrelationships will be essential to landing a job in this exciting field.
Training & Certification
The last five years have seen a proliferation in cybersecurity courses, cybersecurity certifications and even the emergence of cybersecurity degree programs. Yet despite growth in training opportunities, demand for cybersecurity talent continues to outpace supply.
There are various paths to take when it comes down to training and certification. It will depend on what career path you would like to take. Look at the CompTIA certification roadmap, it is a great visual tool to see different career paths and what kinds of certifications are needed for each. It is important to note that these are not set in stone and certain certifications are transferable.
If a job calls for a specific technology that you can get certified in, move forward with obtaining that certification. Other than those specific cases, a formal school setting will be useful in helping you navigate through critical concepts, tools and essential skills in cybersecurity.
The key thing to understand is that learning cybersecurity is an ongoing practice. Completing formal education is just the beginning. You must regularly contribute to and be up-to-date with the latest trends to maintain your certificate status (depending on the certification).
It is also important to carry a balance of formal education and training. A terrific way to get a combination of both learning and practice is through a co-op program or capstone project. Co-ops and capstones, like the Diploma in Cybersecurity Specialist Co-op where I teach, at the Toronto School of Management, are usually part of a school’s curriculum along with courses relevant to your degree.
This one-year Co-op diploma is ideal for students looking to acquire in-demand skills and specialized knowledge in all aspects of cybersecurity including blockchain, risk management, big data and the IoT (Internet of Things). The need for cybersecurity expertise is only … Continue reading →
Springboard has partnered with CompTIA, the world’s leading tech association, to create this program. CompTIA has developed certification exams that map directly to today’s current IT job roles. CompTIA’s Security+ certification lays the groundwork for specialized career paths in cybersecurity. … Continue reading →
In this certificate, you will learn about cyber crime – the latest evolution in criminal activity, as our world becomes increasingly digital. Various groups of hackers, criminals, organized crime and malicious insiders are utilizing new technologies to perpetrate criminal activity. … Continue reading →
Trebas Institute’s Computer Security Analyst program will train you in best practices in computer security. This will give you the tools and skills to participate in the development of models, systems, or resources to protect computer data. Our personal data … Continue reading →
BrainStation’s Cybersecurity Certificate Course is designed to provide individuals and organizations with a detailed understanding of how to protect mission-critical data and secure day-to-day operations. Taught by industry leaders, this course uses an applied, project-based learning model that ensures professionals … Continue reading →
The Bachelor of Computer Science (Honours) (BCS) degree is a four-year program, including three paid co-op work terms, which will prepare graduates for a number of progressive job opportunities as high quality software developers. Building upon the recognized foundations of … Continue reading →
Develop the skills you need to become a successful Cybersecurity Analyst with CCTB’s one-year post-secondary diploma. Through a mixture of in-class lessons and practical work experience, you will gain an expert knowledge of operating systems, data management and general system … Continue reading →
Protect the digital systems of today and beyond. Graduate with the essential skills for cyber threat detection and mitigation. Combine experiential learning in Mohawk’s cyber labs with independent online learning. Participate in simulation labs where you will defend against cyber … Continue reading →
The Cyber Security graduate certificate program at George Brown College is designed to meet the high demand for cyber security professionals and related IT security professionals across multiple sectors – including consulting services, finance and health care. Students begin with … Continue reading →
Cybersecurity is essential to protecting organizations, networks, applications and users from a world of online threats. You will gain advanced operational skills and security strategies to defend against attacks and manage risk. You will also learn about the technical, legal … Continue reading →
The Master of Cybersecurity and Threat Intelligence (MCTI) is a unique, cutting-edge program that offers professionals the potential for a demanding and exciting career in cybersecurity, cyber threat intelligence and digital forensics within the Canadian or global landscape. Graduates of … Continue reading →
Training and education in cybersecurity falls far short of current needs, and what will be required in the future. Worldwide by 2021, there will be 3.5 million unfilled cybersecurity positions. Such skills shortage leaves the public, private sectors, and governments … Continue reading →
The need for cybersecurity expertise is only going to increase as the technological industry continues to evolve and expand. Working professionals and recent graduates can advance their career goals by building on their previous education and experience with a Cybersecurity … Continue reading →
Skills, Knowledge & Attributes
To become a cybersecurity expert, you will need to have “soft” and “hard” technical skills. Depending on the situation (e.g., the practice, project, organizational needs, etc.), the required technical skills will vary. For example, database handling and creating a Virtual Private Network (VPN) are two very different technical skills. The size of the organization can also influence which technical skills you may need to acquire. Some jobs will expect you to possess specialized skills that push your technical understanding, while other, usually more junior roles, will provide the on-the-job training you need to perform your duties.
Within cybersecurity, there are certain technical skills that you should have to better understand industry standards and applications. These include:
- A basic understanding of cloud computing, networking and network topologies
- Familiarity with the Open Systems Interconnection (OSI) model and how operating systems work
- An understanding of program syntax
- Knowledge of advanced settings on operating systems (Windows and Linux, for example)
- Knowledge of how to evaluate network architecture
- Understanding of anti-virus principles, VPNs, firewalls
While you do not necessarily have to become a functional expert in these to begin your career, having a firm grasp on what they are and how they work will help give you a firm foundation for a cybersecurity career.
Soft skills are also applicable within any cybersecurity role. From Chief Information Security Officer (CISO) to staffing the Help Desk, you will need to collaborate with key stakeholders and be expected to distill technical information in ways that can be understood by non-technical audiences. The following are important soft skills to have and continuously develop:
Communication: A recent IBM Cyber Security Intelligence Index Report has shown that humans are responsible for 95 per cent of security breaches. Within cybersecurity, it is therefore important to remember that although we work with machines, human behaviour will always be a factor in keeping systems secure. Unlike the technologies that operate at nearly perfect levels of precision and predictability, people and organizations will need to be educated and managed accordingly.
Patience and Diplomacy: Not everyone is going to understand (or care) about what you do within cybersecurity. People will be your greatest weakness, as well as your greatest strength. Understanding that safe cybersecurity practices are everyone’s responsibility not only improves workplace culture but also ensures strong security – this is known as the “human firewall”. Finding ways to communicate across all levels of your organization while implementing practices that people will follow will be critical to your long-term success.
Collaboration: In cybersecurity, you are inevitably going to be working with other departments and stakeholders. It is important to be able to work with others inside and outside of your own department. You may work with engineers, executives, technical support staff, sales teams, vendors, and others. You will inevitably need to be able to work with others to achieve a common cybersecurity goal.
A Growth Mindset: A desire to learn continuously will be essential in this fast-changing field. Staying on top or ahead of industry trends and new technologies and practices will be a part of the job, because malicious actors themselves will continue to try new ways of exploiting systems.
There are many new and emerging career paths open to aspiring cybersecurity professionals. They include: Network Analyst, Auditor, Programmer, Cloud Architect, Penetration Tester, and Compliance Manager, among others.
One helpful way to simplify your understanding of potential cybersecurity career paths is to break them down into two main categories: (1) generalists and (2) specialists.
Generalists work in distilling technical information. They know enough about a wide variety of topics to perform multiple functions at once or to oversee the integration of multiple components. Examples are project managers, auditors, analysts, and support staff.
Specialists, on the other hand, focus on a specific industry or technology. Specialist roles may also require knowledge of specific tools. For example, you may need to use Microsoft Azure when working with Cloud Computing Systems; Cisco when working with a Network; or Siemens when working with the Industrial Internet of Things (IIoT). Every aspect of technology needs a specialist to come in and understand the fine details of technical specifications.
Some of the most common career paths for those getting started in the cybersecurity industry are:
IT Helpdesk (Tier 1)
“Some security operation centers (SOCs) are an extension of the help desk, or in some security-based companies, the SOC is the help desk,” according to a report by CompTIA. The point is that many cybersecurity careers continue to begin at the help desk, where you will have direct and daily contact with users and customers who are experiencing attacks. A good analogy would be to triage in a hospital, where you are the first point of contact and responsible for directing people to the right solution.
Entry Level Cybersecurity Analyst
In this role, you will need to monitor and understand your organization’s IT infrastructure — hardware, software and networks — to evaluate threats and work with other cybersecurity professionals to resolve them.
Junior Network Technician
This role will require you to understand and repair computers and network systems. Basic functions of the role include setting up internet connections and networks, but this, too, can serve as a natural stepping stone into an analyst role.
Junior Penetration Tester
In this role, you will help improve computer security by finding and exploiting vulnerabilities. The role may include planning and executing evaluation tests, programming software and monitoring reports of potentially relevant cybersecurity threats. This can be an excellent way to familiarize yourself with the tools and techniques used in cybersecurity before advancing into a specialist role.
An Incident Analyst diagnoses and documents cybersecurity events, reporting findings to senior technical leaders and management. An Incident Analyst may also be expected to develop and implement strategies for handling or safeguarding an organization from similar events in future.
Other areas and roles to be aware of as you progress in your career include: Chief Information Security Officer (CISO); Chief Privacy Officer; Computer Forensics; Cryptographer; Malware Analyst; Cybercrime Investigator; Security Architect; Security Consultant.
There are many different types of work environments in cybersecurity. Some are sedentary and independent, while others consist of large groups that require physical activity. For example, if you work at a large data center, you may need to work across large areas and in the field to support the organization’s systems.
On the contrary, if you are a cryptographer, you might be in front of your computer most of the day working with code and data. Considering whether you are someone that engages better with groups or works better alone will help you choose your best path forward and increase your chances of building a healthy relationship between you and your work.
Typical work hours will vary. Depending on your role or the sensitivity of the data you are working with you may be required to work overnight, weekends, and holidays. Understand that security is a 24/7 operation. With extremely sensitive data projects, you may be called to work additional hours. For example, if you are working with the government or military, you may be asked to work overtime in the event of a crisis.
The average salary of a Cybersecurity Analyst in Canada is $71,458 according to Glassdoor’s latest labour market data. Here is a breakdown of salary ranges for common roles across Canada organized by seniority:
|Computer Forensics Analyst||$47,000 - $134,000|
|Penetration Tester||$57,000 - $160,000|
|Malware Analyst||$71,000 - $165,000|
|Cybersecurity Engineer||$61,000 - $160,000|
|Security Analyst||$93,000 - $117,000|
|CISO (Chief Information Security Offier)||$142,000 - $245,000|
However, salary will vary depending on organization size, position, and location. Look at an employer’s overall compensation package and keep the big picture in mind throughout the hiring process. The salary at one job could be higher than another, for example, but the stress, qualifications and working hours at that job may be higher too.
Also, consider total compensation, which includes, in addition to salary, things such as the bonus structure, vacation time, health plans, and other employee benefits that come with a job.
Taking your own personal situation into account is important too (e.g., regularly working six days a week may not be desirable — or possible). Looking at the full employment package and determining whether it provides what you need to enjoy a fulfilling cybersecurity career will make all the difference.
Gabriel Quiroz is the Academic Manager, IT Programs, at the Toronto School of Management (TSoM). He has worked internationally in IT roles in technology, health care and manufacturing sectors. His licenses and certifications include: CompTIA Security +, Project Management Professional (PMP), PMI Agile Certified Practitioner (PMI-ACP), and Lean Six Sigma (Green Belt).