In this week’s post I want to continue last week’s theme of focusing on cyber-security but this from a career perspective. Cyber-security is and will remain one of the hottest fields around and having a cyber security career path is essential to long term success

The U.S. Bureau of Labor Statistics states “information security analyst” as the 10th fastest growing occupation over the next decade.

While very much in demand , this is also a very competitive field and you will not progress unless you have a career path in mind for the next 3 to 5 years. More and more specializations in Cyber-security are emerging and I wanted to highlight what career paths are available in 2022 if you have a few years experience in IT and now want to transition to cyber-security

Cyber security career path

If you are currently in the start of your IT career then you might be working as a network engineer or help desk officer or a software developer. Or maybe you have already started out in cyber-security in an entry level position but want to transition to a specialized cyber-security role for the added responsibilities and 💲💲💲

There are numerous specializations available for you to explore in order to take you career to the next level. Let us take a look at some of the most in-demand below :

  1. Security Operations Engineer / Incident Response
  2. Security Architecture
  3. Cloud Security Engineer
  4. Penetration testing / Red Teaming
  5. Management

Lets take a look at each in detail :

Security Operations / Incident Response

Data breaches are unfortunately a daily occurrence with news of DDOS , ransomware , data thefts all over the news. Companies cannot afford their name to show up on one of these headlines and this is where Security Operations Center Engineers show up. Incident Response is the name of the game and a SOC engineer needs to know where and how an event is happening and respond quickly.

Skills needed:

  • SIEM tools and configuration
  • Elastic Stash
  • Log Analysis ( Excel is still the king ! )
  • Forensic Analysis
  • Ability to work under pressure

🎓 Certifications : GIAC Certified Incident Handler (GCIH), EC-Council Certified Incident Handler (ECIH)

🔥 Future Career Path : SOC manager , Head of Incident Response , Independent Consultant

Cybersecurity Architect

As a security architect you will have responsibility to define the security architecture of a company and review projects to make sure that the new architecture does not introduce any risks. This role requires a deep understanding of system components, networking, APIs and a good handle on documentation and presentation skills. You usually need a few years experience of enterprise architecture before taking on this role

Skills needed:

  • Networking and security protocols
  • Threat modeling / Flow Charting
  • Presentation and documentation. You should be able to articulate complex techical issues to stakeholder in an easy to understand way
  • DevOps
  • Pragmatism ! You need to know when to be firm and when not to become a blocker for business

🎓 Certifications : I would suggest you go with TOGAF instead of a security cert. If you want to then do TOGAF with a CISSP and you will really stand out

🔥 Future Career Path : Cybersecurity Manager, Head of Security Engineering

TOGAF will teach you about architecture before security

Cloud Security Engineers

As a Cloud Security Engineer you can expect to do the below :

  • Identify threats to Cloud Infrastructure and application
  • Identity risks in migrations of critical cloud workloads
  • Implement cloud security controls as per best practices
  • Be able to identify opportunities for automation in security events.

Skills needed:

  • Cloud Platforms ( AWS , Azure, GCP )
  • Basic scripting and programming ( Python always a plus )
  • Automation and APIs

🎓 Certifications : Security cert of one cloud provider. I have discussed this in detail here

🔥 Future Career Path : Cloud Security Manager, Head of Cloud Security, Independent Consultant

I made a detailed video on this which you can watch below

Penetration testing / red teaming

By far one of the most exciting fields, penetration testers and ethical hackers are usually the “rock stars” of cybersecurity teams finding vulnerabilities where no one knew they existed. Offensive security and red teaming where you proactively try to bypass a company’s defenses by role-playing as an attacker remains one of the most sought after positions. Pen-testers also usually moonlight as bug bounty hunters and use this to augment their profiles.

As a penetration tester, you’ll seek to identify and exploit system weaknesses to help companies build more secure systems. As an ethical hacker, you can try out even more attack vectors (like social engineering) to reveal security weaknesses.

Skills needed:

  • Passion for this field . This is not your average 9 to 5 security job
  • Scripting and programming
  • Social Engineering skills ( technical skills are not enough )

🎓 Certifications : Certified Ethical Hacker (CEH), CompTIA PenTest+, GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP)

🔥 Future Career Path : Head of Security Assurance, Head of Security Testing, Independent Consultant

Management level

If you are passionate about cyber-security but want to move towards a more senior position and influence a team of people then this position is for you. You need to have the ability to interact with stakeholders across the organization and oversee teams. This job needs to juggle technical and managerial skills and be able to articulate complex issues easily to the C-level. This job is usually a stepping stone to becoming a CISO

Skills needed:

  • Communication and presentation skills
  • Team management
  • Budgeting ( yes there is no escape from that )
  • Vendor Management
  • Skill development

🎓 Certifications :Certified Information Security Manager (CISM), CISSP (Certified Information Systems Security Professional)

🔥 Future Career Path : Head of Cyber Security , Chief Information Security Officer ( CISO )

you will do a lot of this as a cyber security manager