Information assurance (cyber security) continues to be one of the most valued and critical elements of every individual's and organization's digital assets. Currently, our personal information seems to be under constant attack; everything from the photos on our smartphones, to the credit card numbers kept on file by the merchants we buy from, to the income tax and medical records stored by our governments, is all being sought out by criminals looking to capture and exploit this data.
Cyber security professionals are responsible for designing, implementing, and maintaining secure countermeasures against hacking attacks and exploits. They create secure networks and data storage solutions, implement fixes to address new vulnerabilities, and investigate IT security-related crimes when they occur.
Cyber Security Specialist Job Descriptions
- Network Security Job Description
- Network Security Specialist
- Computer Security Specialist
- Information Security Analyst Job Description
Network security admins do much of their work with devices including routers, switches and servers, but the job also has a human element. The design and implementation of policies and training programs can help keep fellow employees informed of proper network security practices, which contributes immensely to an organization's overall security.
Staying informed about the newest solutions, threats and advisories known to the industry is a large part of the job of a security admin. In order to remain on the cutting edge, network security administrators often travel to industry conferences or events hosted by professional associations in the information security field. A fair amount of technical reading is usually required as well.
Network security specialists use software programs and analysis techniques to assess data networks and determine the right ways to handle or prevent security threats.
Monitoring software helps network security specialists stay on top of the type and amount of usage taking place on enterprise network systems. The growing reliance on client-server applications and the demand for secure business intranet systems make these monitoring tasks increasingly important, especially on wireless and virtual networks.
Network security specialists also deploy, maintain and occasionally update the suite of network management and directory services software that watches over their systems' data lines, and communicate with IT managers regularly about system issues and strategies.
Computer security specialists configure access to computer systems as well as planning and coordinating information security protocols.
The role of a security specialist usually includes some network monitoring tasks and the installation of security software on a company's computer terminals. Performing risk assessments, developing effective system-wide security plans and staying informed about the latest trends in computer virus and malware deployment are also principal components of the position.
In the event of an attempted breach or network attack, these specialists are on the front lines of response and defense. Sometimes an attack includes malicious code to be rooted out and removed or quarantined, and quick action can help prevent intruders from viewing protected information or sabotaging the system. Information must also be gathered on breach events in order to help protect the system against future intrusion.
There may also be a training element to the position. Security specialists often help instruct employees on basic preventative measures in cyber security. Senior members of an IT security team are frequently counted on to educate new recruits on the particulars of a company's security setup.
What does a IT security analyst do?
An IT security analyst examines information systems and determines the best security solution for each system. Security analysts are also sometimes referred to as security architects. They design and implement solutions made up of security protocols, hardware devices and software components. These security solutions are based on the requirements discovered during the analyst's examination of an organization. Security analysts often test existing security systems in order to find potential vulnerabilities. They may also assist with the creation of internal standard operating procedures (SOPs) that support and reinforce system security.
A key proficiency required by every security analyst is an ability to communicate with software developers, corporate management, legal staff and other colleagues to build their awareness of any holes in the company's incoming and outgoing data network connections. Breaches in security are inevitable in a connected world; threats could just as easily come from within the company as from a remote source.
Knowing what can destroy a network begins with knowing what builds a network. A basic familiarity with information architecture is essential. Recognizing not only code, but also inconsistent patterns in code behavior, paves the way to tracing faults and responsibility. Technical ability, however, counts for nothing if information is not properly communicated to those not schooled in all things technical. Finally, a security analyst must be prepared to draw upon historic experience, recognize available resources and initiate responses that prevent incident repetitions.
Cyber Security Degrees
Cyber security education in-depth
Employers of IT security professionals usually require potential employees to have at least a Bachelor's degree in a computer technology field. Some employers will accept a bachelor's in computer science or computer engineering. However, because of the increasing importance of (and media focus placed on) IT security, many employers now prefer a specialized degree such as a B.S. in information systems security, or a variation of this (e.g., IT -- Security; Information Security; Information Assurance, etc.).
There are also several associate's degrees in IT security available from technical schools, junior colleges and other schools. These degrees often require less time to earn than a bachelor's degree, and can help a candidate earn an entry-level position as an IT security professional, or enable them to start their own business as an IT security consultant.
For those looking to enter the industry at a higher level or to improve their chances of advancement, there are a number of universities and colleges that offer a master's degree in IT security. These post-graduate programs often include more advanced business management education in order to give graduates an advantage when it comes to advancing into leadership positions offered by employers.
Earning a cyber security degree
As described by the U.S. Bureau of Labor Statistics (BLS), information security analysts plan, implement, upgrade and monitor security measures for the protection of computer networks and data. They ensure that appropriate security controls are in place to safeguard digital files and vital electronic infrastructure, and respond to computer security breaches and viruses. Security professionals may also gather the evidence needed to prosecute cyber-crimes.
Most employers of computer security specialists require potential employees hold at least a bachelor's degree in computer science or a related field. However, because of the increasing complexity of online attacks, many employers may prefer a specialized degree such as a B.S. in information cyber security or advanced information security training, such as those leading to CISSP or CEH certifications. While in school, students can expect to take courses covering the following topics:
- Network monitoring software
- Authentication server software
- Transaction security and virus protection software
- Communications and media
- Business administration and management
Ensuring security for mobile and wireless devices is a particularly hot topic in the wake of the consumerization of IT and the flood of users bringing their own iPhones, Android phones and iPads into the enterprise space. As a company's list of approved or managed platforms increases, so do its security responsibilities.
Information systems security professionals have watched their jobs weather radical changes over the past two decades. When businesses first connected their offices to the Internet, information security rarely showed up on departmental budgets until companies faced threats from hackers, criminals or bad public relations. According to a 2015 PricewaterhouseCoopers survey, companies have ramped up their IT security spending to meet global compliance standards, usually under client or government pressure.
Ideal candidates for information systems security training
According to PricewaterhouseCoopers, the top concerns of CIOs and other information systems managers are "breaches" and "benches" -- data invasions and people on call to deal with them. Thanks to enhanced intrusion detection and more rigorous logging, the reported number of information technology system breaches at large companies has risen sharply since 2008. Though the overall number of security incidents at a typical company has declined during the same time, more businesses than ever understand the need for dedicated IT security policies and personnel.
Meanwhile, current and former employees cause roughly half of the security breaches reported in the PwC survey. Those results point to a need for stronger information systems security training throughout most organizations. Learning baseline IT security measures can build a bench of talent that managers can draw upon for future, dedicated positions. However, the PwC survey indicates that many employers would prefer to build security training into the professional development programs of most workers.
Ideally, information systems security training programs blend classroom learning with lab work, sometimes enabling students to gain credit for projects carried out for their employers. Aspiring IT professionals can use information systems security courses to gain a competitive advantage in the job market, especially if they combine technical expertise with subject matter knowledge from earlier in their careers. Professionals should expect ongoing security training to become an essential element of their professional development.
Numbers don't lie: Even though economic woes have slowed growth in many different sectors over the past few years, figures prove that opportunities for those with cyber security training are on the rise.
Data from the BLS shows employment for network and computer systems administrators is expected to grow much faster than average over the next decade, with excellent prospects for those with security skills. Not only can the right cyber security training help one get a job; it can also boost paychecks and earning potential.
Why is cyber security training important?
Security is a hot topic, and it's easy to see why. Today people from all walks of life the Internet and computers for all sorts of tasks: Communication, including email, SMS and MMS, cellphones and more; online business like shopping, banking and bill payment; management of medical records and information; entertainment, including downloading music, movies and books; research and more.
All of these transactions involve sharing some kind of personal information, and it's scary to think about the consequences of a security breach in any case. Cyber security, according to the Department of Homeland Security's U.S. Computer Response Readiness Team (US-CERT), involves protecting that information by "preventing, detecting and responding to attacks."
Simply put, computer users rely on professionals with cyber security training to keep their personal information secure.
What are the training options?
Professionals interested in cyber security courses and training will find there are many options. The Department of Homeland Security recommends cyber security training programs teach professionals how to detect and stop threats including:
- Hacker and intruder attacks
- Malicious code, including viruses and worms
- Vulnerability in software and coding
Information assurance describes the wide range of standards, skills, knowledge and practices necessary to maintain healthy data networks. Students can find training for information assurance at several different types of institutions, including online colleges, traditional universities, government organizations and Army Signal Corps training centers.
With the elevated level of security necessary to protect the sensitive intelligence networks used by the military and government agencies, professionals with appropriate training for information assurance tasks may find themselves in high demand for state and federal jobs.
Who is best suited for information assurance training?
Individuals with a strong background in computer science stand to fare well in this field. Professionals with experience or interest in network architecture, forensic science, risk management and systems engineering might be better suited for information assurance careers than those without it.
Information assurance typically requires a sharp analytical mind and the ability to spot small inconsistencies in complex systems. Good communication skills can also help, since a large number of human users are likely to interact with the system. Also, because information assurance training covers some areas outside of general data security, experience with domains such as interface design can be a plus.
What skills does information assurance training cover?
Here are a few of the duties of an information assurance professional, according to the Committee on National Security Systems in their National Information Assurance Training Standard for Information Systems Security Officers:
- Ensure the information system is maintained and operated in accordance with established policies
- Enforce appropriate security policies and safeguards to personnel with access to the system
- Initiate protective or corrective measures when necessary
- Evaluate known vulnerabilities and determine if additional security measures must be added
- Analyze cyber security policies and technologies and process the training requirements necessary to operate the system at a desired assurance level
Like many other administrative positions in the IT market, network security administrator jobs typically require a four-year bachelor's degree. Common subjects of study for network security administrators include computer science, computer engineering, software development and management information systems (MIS). Degrees earned in other fields may satisfy the educational requirement, if a candidate possesses an appropriate level of knowledge and skill for the position.
Professional certification courses and exams can help round out the qualifications of an aspiring network security administrator. Here are just a few of the certification paths available:
- CompTIA Security+
- CheckPoint Certified Security Administrator (CCSA)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Network Professional (CCNP)
- Information Systems Security (INFOSEC) Professional
- Certified Information Systems Security Professional (CISSP)
Certifications available from solutions vendors like Cisco tend to focus on the finer points of particular hardware and software solutions. Vendor-neutral certifications, from organizations such as CompTIA and (ISC)², often concentrate on the big picture of best practices and how to integrate various solutions into a comprehensive information security system.
The Occupational Information Network reports 88 percent of information security specialist positions are held by individuals with post-secondary degrees. About 65 percent of workers hold bachelor's degrees and 23 percent had completed graduate work. The report also shows that 11 of the remaining 12 percent had attended some college or university work.
Several certifications also exist to help broaden and solidify the skillsets of network security professionals. One source for these certifications is the International Information Systems Security Certification Consortium, or (ISC)². Of the several credentials offered by (ISC)², the most relevant to network security specialists are Systems Security Certified Practitioner (SSCP), which requires one year of experience in a data security field, and Certified Information Systems Security Professional (CISSP), which is an upper-level certification and usually requires five years' work experience before beginning the certification process.
Formal education isn't typically required by employers, but a degree in computer science, information security or a related field can boost a candidate's chances. Professional certifications, such as Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP) and Certified Authorization Professional (CAP), can also serve to demonstrate information security expertise to potential employers.
The demands of the IT world are changing every day, and computer security specialists who continue to train and study the details and dynamics of their field tend to rise to the top of the heap. Information security is an ongoing fight, and although training is certainly useful to someone trying to become a computer security specialist, it can be especially useful to an established professional who wants to stay on top.
Security professionals typically have at least a bachelor's degree, although a few have only some technical education. Specific courses are available for fast-growing fields and emerging security issues, for example, configuration management, security information and event management, storage security, and wireless security solutions. Basic courses focus on subjects such as ethical hacking, penetration testing, incident response, computer forensics and reverse engineering.
Some professionals working in the field do not hold an actual information security degree. That said, training and certification are often required. The nature of security is fast-changing; therefore training may have a short shelf life. Training in basics like Microsoft Windows, programming and network issues is only the beginning for most security analysts.
Cyber Security Salary and Job Outlook
The IT admin sector is projected to see growth in the near future. Growth is expected to be much faster than the national average for all occupations, and job prospects should be excellent for candidates with the right experience and training.
|Job Title||Projected 2012-2022 Growth|
|Information Security Analysts-U.S.||36.5|
What sort of salary can a network security administrator expect?
Salary expectations for network security administrators can vary significantly based on responsibility level and network size:
According to the BLS, the career super sector that contains network security specialists is projected to grow:
|Job Title||Projected 2012-2022 Growth|
|Network and Computer Systems Administrators-U.S.||11.7|
What sort of salary can a network security specialist expect?
The industry in which a network security specialist is employed can also influence salary expectations. The BLS counts network security specialists among network and computer systems administrators:
As businesses come to rely increasingly on new technologies, computer security specialists are enjoying greater and greater demand in the career marketplace:
|Job Title||Projected 2012-2022 Growth|
|Computer Network Architects-U.S.||14.6|
What sort of salary can a computer support specialist expect?
The broad salary range among computer security specialist jobs may also be due in part to the influence of geographical location and industry standards on wage expectations:
|Job Title||Bottom 10% Annual Wage||Annual Median Wage||Top 10% Annual Wage|
|Computer Network Architects-U.S.||55160||98430||150460|
Data has become the lifeblood of corporate vitality, and any reversal of cyber fortune can impugn the company reputation, or destroy company resources. Consequently, there is a high demand for technically schooled and certified security analysts:
|Job Title||Projected 2012-2022 Growth|
|Information Security Analysts-U.S.||36.5|
What's a typical information security analyst salary?
The BLS groups information security analysts with Web developers and computer network architects. Here are the median salary numbers for that category of IT professionals:
Cyber Security Certifications
IT security professionals looking to add credentials to their resume should consider earning one or more IT security certifications. There are a number of security certifications available from a wide variety of vendors and industry associations, including the following:
- Global Information Assurance Certification (GIAC)
- Shared Assessments
"15-1152.00 – Computer Network Support Specialists," O*NET OnLine, 2015, https://www.onetonline.org/link/summary/15-1152.00
"15-112.00 – Information Security Analysts," O*NET OnLine, 2015, https://www.onetonline.org/link/summary/15-1122.00
Committee on National Security Systems, 2013, https://www.cnss.gov/CNSS/index.cfm
"Network and Computer Systems Administrators," U.S. Bureau of Labor Statistics, Occupational Outlook Handbook, 2014, http://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm
"Information Security Analysts," U.S. Bureau of Labor Statistics, Occupational Outlook Handbook, 2014, http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
United States Computer Emergency Readiness Team, 2015, https://www.us-cert.gov/
"Global Information Security Survey 2015: Key Findings by Region," PricewaterhouseCoopers, 2015, http://www.pwc.com/gx/en/consulting-services/information-security-survey/territory-focus.jhtml