Recent tech headlines have been dominated by one common theme: cyber security. From a devastating ransomware attack on Ireland’s health care system to valuable source code being stolen from the gaming giant EA, many companies from all kinds of industries have had to fight the increasing threat of hackers bringing down their systems and gaining sensitive information from these organisations and their clients. Governments across the world are recognising this threat, and the U.K. is no exception. Last summer, Downing Street announced a £10 million fund for the development of secure future technologies that will protect people and businesses from these malicious attacks. Considering the potential social, economical and political consequences of cyber crime, it’s no wonder that the cyber security sector continues to expand. However, industry jargon can be confusing for outsiders, so in this article we will go through some of what the different types of cyber security are, related job titles and their average annual salaries, what qualifications you might need to pursue a career in this exciting field, and our thoughts on the future of the sector.
What are the different areas of cyber security?
It’s important to know that none of these areas are exclusive to themselves; for cyber security to be maintained across an organisation, each area needs to be secure and regularly maintained to prevent a hacker from discovering a weakness that could bring down entire systems, or gaining access to sensitive and confidential information. Each of the following specialisations requires different skills and knowledge, and although this list isn’t exhaustive, these are some that you are most likely to come across in the headlines or as part of your cyber security job search.
Cloud security
Cloud-based software and data storage options have taken off in the last few years, especially in the wake of the Covid-19 pandemic as millions of us began working from home for the first time. However, although cloud technology has the benefit of giving us easy access to our documents, it can also be vulnerable to attacks both internally and externally, such as account hijacking and DDoS attacks. This is why it’s important for users to remain vigilant, for example by protecting important documents with a password. In addition, companies need to ensure their employees know how to carry out these data protection measures, and have support in place to address any software issues that could result in a breach. Skilled individuals are needed to develop secure technology that companies can use to ensure they are ahead of the curve of current and future threats, which will give users peace of mind knowing that their data is both accessible, protected, and safe to access.
Some job titles related to cloud security include:
- Cloud Security Engineer – £64,500
- Cloud Security Architect – £82,500
- AWS (Amazon Web Services) Cloud Architect – £94,400
Information/Data Security
Data or information security is perhaps one of the most essential aspects of cyber security; while the other areas on this list work to incorporate this, it’s important to also have people on your cyber security team who directly specialise in data protection, particularly in an industry such as banking, healthcare or anywhere else that has access to confidential or sensitive customer information or critical infrastructure. Data security skills incorporate similar cyber security methods as other areas, such as user authentication methods and firewalls, but organisations and businesses might want their data to be protected through additional means such as encryption and having secure back-ups in place in the event of data loss or corruption. According to a report by IBM and the Ponemon Institute, the average global cost of a data breach in 2020 was $3.86 million. These result in not only lost profits, but also a loss in trust from customers, which could cause long-term damage to a business. This is why data security professionals are needed to prevent this from occurring, and are consistently in demand in all industries.
If you want a career in information security, look for job titles like:
- Information Security Operations Manager – £40,800
- Data Security Analyst – £35,000
- Data Loss Prevention Engineer – £50,000
Network Security
Network security is quite a broad term. The SANS institute defines it as:
‘the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment.’ Network security is essentially the first line of defence: if hackers can’t access your network, they won’t be able to hack your computer.
If a virus or piece of malware infects one computer, it can quickly spread to other devices that share a network with it. An issue like this could disrupt a business for hours or days at a time as multiple computers are affected, such as when Colonial Pipeline, the United States’ largest fuel pipeline, was forced to cease operations for a week last month due to a malware attack. While implementing access control to networks and making employees aware of basic e-mail security can help maintain network security, skilled professionals need to maintain a combination of firewalls, VPNs and security information and event management (SIEM) programs to be able to detect any problems. They also need to have the knowledge to thwart any potential attacks, and quickly patch up any network weaknesses that are being exploited by hackers. Although network security is a high-stakes field, those who follow this career path are always in demand and are paid well for their work.
Jobs with a focus on network security include:
- Information Security Analyst – £40,000
- SOC Analyst (Security Operation Centre Analyst) – £42,500
- Network Engineer – £50,000
Application Security
Application security is the process of finding and resolving security flaws specific to a piece of software. Many amateur programmers make their own applications to practise their skills, but in many cases security concerns often go unconsidered due to other features being prioritised, or because of a lack of technical know-how on the programmers’ behalf. This can leave their programs vulnerable to unauthorised access, attacks that can result in memory corruption, and data breaches. Application security often works in tandem with cloud and network security, so having technical knowledge about these other areas is a definite advantage when working on this. Throughout the build, test and release cycle of a piece of software, application security needs to be regularly and thoroughly tested to stay up-to-date and protected from threats. To succeed in this area, you need a sharp eye for attention and strong communication skills to make sure issues are quickly identified and resolved.
There are a variety of jobs available in application security, such as:
- Application Security Risk Analyst – £35,000
- Application Security Engineer – £79,400
- Mobile Application Security Tester – £27,700
Internet of Things (IoT) security
Any physical device you own that uses an internet connection, such as a light that can be turned on or off using your phone or the smart speaker you have sitting on a shelf in your living room, is part of the Internet of Things (IoT). These objects communicate with each other across a wireless network, and this technology can be seen both in the home and at work in industries such as transport and healthcare. While this has helped industries develop more accessible technologies, such as by making everyday tasks easier for elderly people and those with disabilities, these come with their own unique security risks. As these objects have unprecedented access to our homes, some of which have had vulnerabilities discovered in the past, it’s only reasonable for one to be concerned about privacy and information security. That’s why trained professionals are needed to not only develop safer technology, but to discover, report and resolve any potential privacy issues in addition to other software and hardware concerns. As smart technologies that rely on the IoT are destined to become a more integral part of our lives, a career working in this sector of cybersecurity promises good job security during an era where other older industries are at risk of dying out.
IoT is a huge field in technology, with many jobs specific to its security demands. These include:
- Vulnerability Engineer – £60,000
- IoT Systems Administrator – £75,000
- Test Engineer – £49,200
What qualifications do I need for a career in cyber security?
Contrary to popular belief, you don’t necessarily need a degree in computer science or a related subject to pursue a career in cyber security. Although this would provide you with strong fundamental knowledge, these qualifications are recognised as industry standards and are certain to impress prospective employers, in addition to providing you with the knowledge for a range of cyber security roles.
- CompTIA
CompTIA offers courses for a range of skill levels, from IT newbies to experienced professionals who are looking to expand their skill set. Having one of their Security+, Cloud+, CySA+ or PenTest+ qualifications under your belt would be advantageous for a career in cyber security, if not essential. - Cisco
Cisco also has an impressive range of courses for all levels of expertise. Their cyber security certifications include CyberOps Associate, CyberOps Professional, CCNP Security and CCIE Security, and are certain to help you stand out from the crowd. - Certified Information Systems Security Professional (CISSP)
CiSSP certification is unique in that you can only receive it after completing five years of industry experience, so this qualification is best for those who already have some cyber security experience and are certain they want to make a career of it. The curriculum covers areas such as security and risk management, communication and network security, and software development security, which will give you a breadth of knowledge to draw upon in your career.
What does the future of cyber security look like?
The impact of the Covid-19 pandemic has been felt in industries across the world, and cyber security is no exception. Criminals have profited off the financial uncertainty caused by the lockdowns to target vulnerable people with bank scams, and the rise in the number of people working from home has made the need for secure cloud technology even more urgent – more urgent, still, is the need for those who are qualified to tackle these threats. The cyber security industry famously boasts an unemployment rate of 0%, which might be reassuring for job seekers, but has left businesses and employers desperately searching for the talent needed to fill what the New York Times predicts will be upwards of 3.5 million unfilled cyber security positions across the world by the end of this year. Job seekers have a wealth of options in terms of companies to work for and provide their expertise to (https://itcareerswap.com/top-10-uk-companies-to-work-at/) because of this talent gap, so now is the time to consider beginning or switching into a career in cyber security.
There are also longer-term issues to consider about the future of cyber security. As technological developments continue and more software and hardware options are developed, those that we currently use will soon be outdated. While many of us might be content with the current edition of Windows we complete work reports with, or with the current iPhone model we’re messaging our friends on, in a few short years many developers won’t have the financial incentive to keep these up-to-date in line with newer cyber security threats, making the technologies we use and the data we share vulnerable to these – as the infamous WannaCry ransom attack of 2017 proved. However, with basic essential cyber security education, many users can protect themselves from the most common threats and be able to recognise the signs of a potential cyber attack against them. With this, businesses could potentially avoid losing thousands or millions of pounds from cyber criminals if their workforce has this basic cyber security information. It’s likely that ethical hackers and social engineers will be particularly sought after, as their skills in detecting system faults can help prevent malicious actors from benefiting from these, but many other cyber security roles are sure to remain relevant and in high demand over the next few years, while other jobs and industries risk becoming obsolete.
To conclude, it’s clear that the cyber security industry is set to grow from strength to strength in the near future. With a range of inspiring roles available, it’s well worth considering a career in this exciting field.
At IT Career Swap, our specialist cyber security course will set you up with the knowledge you need to succeed in a cyber security career, including certifications in CompTIA Security+ and CySA+. Visit this link to find out more, or to arrange a call with one of our advisors.