Cybersecurity is a fresh and rapidly evolving field. A career started today literally has no limits. When deciding to switch careers to cybersecurity jobs or to begin your professional life in this field, you need to understand the different careers pathways.  You want to match different career tracks to your interests, skills and goals in order to get the right training, gain the most knowledge and experience and develop the appropriate and critical professional networks.

At CyberWarrior Academy we want to help you understand the options you have in the field. For those entering the field there are typically three  common entry-level jobs in cybersecurity, their daily tasks, estimated salaries, the skills needed to be successful, and which states have the most job openings.  

Most Common Entry-Level Cybersecurity Jobs 

Junior Penetration Tester

Average salary in the US $67,550 

Also known as a “white hat hacker” or a “good hacker”, the goal of this role is to help improve the security of a computer network. A penetration tester is constantly trying to defeat their company’s security control to test how effective their defense systems are, and find out their weak spots.

Some of the most common tasks performed by this role are:  

1. Conduct IT/Cybersecurity assessments and penetration tests.
2. Document findings for management and technical staff and recommend actions to mitigate the risks found.
3. Search for vulnerabilities in network devices, applications, and operating systems.

As a Penetration Tester you need to master different skills that will help you perform and deliver better results. On the technical side you should have a deep knowledge of exploits and vulnerabilities, understand scripting and coding, have advanced knowledge of the operating system you will be working with, and understand networking and network protocols such as TCP/IP, UDP, ARP, DNS, and DHCP.

In the soft skills side you need to have a great desire to learn, master working as part of a team, be able to communicate to non–technical people and have strong writing skills to present easy to understand reports and recommendations to mitigate risks. You will also need strong customer interfacing skills.

If you are on the look for jobs in this area, you might want to consider the top paying cities: Washington DC, Seattle WA, Chicago IL, and Atlanta GA.

Information Security Analyst 

Average salary in the US $59,668 

A security analyst’s main goals are to identify weaknesses in a network’s security systems, to patch and respond to issues, and to prevent future incidents from happening. A person in this role helps their organization to have better systems to protect their customers data, their assets and their reputation.

The most common tasks you could perform when working as entry-level information security analyst handles are: 

1. To document, prioritize and analyze security threats and incidents.
2. Review data on a daily basis to identify, report, and remediate any possible vulnerability.
3. Configure security tools and software.
4. To be the link between IT and end users to guarantee best practices are taking place and minimize disruptions.

There are certain skills that can ease the work for a security analyst. The technical skills that will help the most are to be able to gain knowledge and experience in different systems and networks, to be able to understand and work with computer scripts, to understand how to prevent and block cyberattacks, and to be able to work with any operating system. While on the soft skills side we highlight that a great candidate must have a strong critical thinking, be able to work with a team, have great verbal and written communications, and have the willingness to be constantly learning.

When considering this job for you make sure you take a look at options in the cities that offer the top paying salaries: Washington DC, New York NY, Dallas TX, Boston MA, and Atlanta GA.

Network and Computer System Administrator 

Average salary in the US $50,593

A person in this job is responsible for maintaining the technological systems of an organization. He/she will be the one in charge of installing, configuring and maintaining the operating system in place, any applications, and any other system, as well as troubleshooting problems that could happen with hardware and software.  

On a regular basis, a network and computer system admin, will: 

1. Supervise the correctly functioning of networks and computers in the organization they work.
2. Organize, install and support an organization’s computer system.
3. Support any data communication systems such as LANs, WLANs, intranets, network segments.
4. Quickly arrange or repair hardware in case of a failure.
5. Evaluate and optimize network or systems performance.
6. Train users in best practices for the use of hardware and software.

Anyone looking to get a job as a system administrator should be flexible in their routine, work schedule and way of work, must be able to manage multiple tasks at the same time, have amazing troubleshooting skills, as well as to be able to communicate (verbal and written) technical matters to non-technical people.

San Jose CA, Baltimore MD, San Francisco CA, Bridgeport-CT are the top cities for this role.

And remember, your career pathway will be determined by every action, certification and training you get.  

Much has been written about the growing talent gap in cybersecurity.  Why in such a lucrative and rewarding career field is there so much need for additional and more qualified talent? And what can actually be done to fill this gap?  

Just a few weeks ago the International Information System Security Certification Consortium (ISC2) published a report showing that in 2020 there were 700,000 cybersecurity professionals added to the labor force. That is an increase of 25% from 2019 payroll numbers. However, to meet security requirements and staffing needs the field still needs to grow by an additional 89% worldwide.  

With such a large talent need it makes you wonder what it happening in the marketplace. What is the real reason there is a huge gap to be filled? Is it because the demand for talent simply outpaces the number of people wanting to work in cybersecurity? Is it because the available talent isn’t adequately trained? Or could it be related to companies not understanding their true cybersecurity needs? Is the current data breach of United States government computer systems that have impacted more agencies across the federal government and more than 50 companies, an example of how we simply don’t realize our true needs when it comes to keeping our information secure? 

Over the past year, we’ve been monitoring job postings on the web or social media, especially those looking to hire for entry-level positions, such as cybersecurity analysts. Many of them, though not all, have requirements that are far beyond the possibilities of someone who is just starting their career. Among the most common job requirements are candidates who have: a bachelor’s degree, several years of experience, and knowledge in advanced cyber skills. In practice, however, a cybersecurity analyst or Jr. Engineer should have skills and knowledge of how operating systems work, an understanding of hacking processes, computer scripts, and diverse systems, as well as network administration.

Most industries have figured out what the background requirements are for their entry-level jobs.  Most career paths have entry-level requirements of one or two years of experience that can be traded for certain education accomplishments.  But in cybersecurity, we know many who are wondering why there truly is no such thing as an entry-level job.  Perhaps we need to re-think this model. 

Here is a typical job posting for an entry-level cyber analyst. 

How does someone get experience as a cybersecurity architect in a large corporate environment if that very same experience is necessary to get your foot in the door in the first place? 

As an industry we need to have a better understanding of what our skill needs are and how to hire for those skill needs. Just like other industries we need to train from the ground up and prepare our employees for more complicated job functions later in their career.  If we don’t give our cyber professionals time to grow into their jobs, we are destined to continue to be staffed with individuals who aren’t prepared for pending attacks, and simply not enough people in the cybersecurity workforce.  

There is little doubt that we need to collectively dig deeper into organizational and industry needs and better understand what skills a person has to have in order to be successful in an entry-level job and then those jobs to follow as their skills and experience expand. Is it possible that job postings like the above should be different?  

As cybersecurity architects and trainers  we need to help create more realistic expectations, more effective training programs and have a better sense of what cyber threats are out there and how we combat them.  We need to know what our needs are so that we can close the talent gap in a faster and more effective way. We believe there are at least two ways we can help: 

1. We mentioned it before, creating an industry and organizational awareness of what cybersecurity needs exist and what a cybersecurity entry-level role means and what a typical career path looks like. What are the hard and soft skills set associated these roles and typical career paths?  

1. Promote apprenticeship programs that offer on-the-job experience and cybersecurity certifications. We need to let people grow into their jobs. To do this, we need new career development programs that both help an employee grow while also ensuring that employees have the skills to protect his or her organization.  

We don’t know if this will be easy or hard, but we do know that we can’t continue with our current skill training model.  The cybersecurity demands are growing much faster than our current talent pool is.  It’s time to look in the mirror and figure it out. 

Cybersecurity is a field with an increasing talent gap, as we’ve explained in the past one of the reasons why this is happening is because companies are looking for candidates for entry-level positions that have a degree, experience, and certifications. When in reality, any candidate with a certain degree of studies could earn the experience and certifications while doing the job.

Probably you are convinced that you need a bachelor’s to succeed in the field. Honestly, it is not necessary. Anyone with the right skill set, training, and experience can achieve a top-level management role in cybersecurity.

In this blog post, we want to help you understand what are the main differences between a Cybersecurity Bootcamp and a bachelor’s degree so you can take an informed decision of which way you would like to take as the starting point of your career.

Cybersecurity Bachelor’s Degree vs Cybersecurity Bootcamp

The main difference between a bachelor’s degree and a Bootcamp is that while the first one is focused mainly on providing theoretical knowledge, the Bootcamp offers both the conceptual and practical learning experience, that can benefit you when looking for a job in the field and experience is a must-have.

Analyzing deeper the differences between both study programs we can point out three main items that can help you decide what path you want to choose. Keep in mind that if you decide to start with a bachelor’s degree you can strengthen your knowledge later in your career with a Bootcamp specialized in the area of cybersecurity you are most interested in. This also works the other way around, you can begin with a Bootcamp and later on get a degree that demonstrates your level of commitment to the field.

1- Time to be Invested

A bachelor’s degree will take longer to be completed than a Bootcamp. The average time needed to finish a degree is 4 years, in that time you are probably not earning any money rather than just investing in your education, while on average a Cybersecurity Bootcamp can last from 4 to 6 months, granting you hands-on experience that will open the doors to new job opportunities.

2- Education Funding

Not only does a bachelor’s degree take longer to be achieved than a Bootcamp, but it also requires a higher money investment. The ultimate cost of a degree may exceed $400,000 yet it does not provide enough on the field expertise to make it easier to get hired for an entry-level role. We don’t want to lie, a degree does look good in your resume, but it takes more than just that to make your profile catch the attention of a recruiter.

On average a Cybersecurity Bootcamp costs $16,000. Its pricing will vary depending on who is promoting it (a private organization, community colleges, etc.) and what it includes: which cybersecurity certifications you can get after finishing classes if it includes or not the voucher to take the certifications tests, hours to be invested in the class and in lab experience.

3- The Return of Investment

As we mentioned before a bachelor’s degree will grant you mainly the theoretical knowledge to understand what cybersecurity is all about. It will also introduce you to emerging technologies and guide you through management best practices. But this is not enough. Recruiters are looking for candidates with experience that understand how the theory is applied in the real world, that is why every day they are being more and more specific about the certifications a candidate must have to be able to handle the work.

A cybersecurity Bootcamp not only will need an investment of less time and money than a bachelor’s degree, but also should grant you the knowledge necessary to achieve certifications needed for any entry-level position in the field.

With this we are not saying a degree is not valid, it is. But we strongly suggest you consider getting started with a Bootcamp and once you start working in the field then you could start your degree, that way you will complement your experience with more in-depth knowledge, and you will understand all the theories you are getting at classes with your work experience. It is a win-win situation.

Organizations are struggling to find the right candidates to handle their cybersecurity needs not only because of the increasing talent gap in the field but because many professionals are focused on improving their technical abilities and they forget for many employers “soft skills” are as important, if not more important, than an employee’s technical capacity.

CyberWarrior Academy speaks with hundreds of cybersecurity companies and all too often we hear from a CISO, “I can teach certain technical skills to a new hire.  What is more difficult is teaching them the soft skills necessary to function in a team and for customer interface.”

So you can keep straight all the various skills (technical and non-technical) you need, here is a summary that you might find helpful. 

At CyberWarrior Academy we like to think that technical skills can be split into two main subcategories: technical knowledge and practical skills. 

Technical Ability 

Naturally, there are foundational skills in cybersecurity and also more defined skills you will need as you determine your specific cybersecurity career pathway. So be sure to spend time and learn about your options and what you really enjoy doing. 

But at the outset, here are some foundational technical skills you will need to have. 

1. Understanding the architecture, administration, and management of the different operating systems, such as Linux, Microsoft Windows, macOS.
2. Knowledge of common programming and scripting languages (we recommend you get started with Python).
3. Getting skill certificates such as Security+, Certified Ethical Hacker (CEH) and others. Passing these certifications demonstrates a certain level of knowledge and your ambition to succeed in the field. 

Practical Skills 

Hands-on lab experience defending, attacking and all practical cybersecurity experiences are critical.  Working both in a team environment and independently to tackle cyber threats is also vital. You also need to understand how the theory learned in a classroom actually applies to real-life experiences. A great way to demonstrate to a prospective employer that you have practical application abilities is to have Capstone Projects in your portfolio that you can easily show to people in your network and talk about in an interview.  

Soft Skills

Anyone looking to get started in cybersecurity needs to master two main areas of soft/professional skills: communication and work habits. Having both will make your profile stand out from the pack to recruiters. At CyberWarrior Academy we understand the value these skills bring to the workplace. From the start of our Bootcamp to the very last day, we introduce periodic “career hacks” that help a student understand the “do’s and don’ts” of a cybersecurity work floor.  We introduce cybersecurity talent acquisition specialists that discuss soft skill needs and expectations and participate in role-playing to ensure that each student is continuously improving their interactive skills.  We also work to help a student polish their interviewing skills and make sure students understand acceptable work etiquette in all phases of a workday. Simply, it is important! 

Communication Skills

There is a common belief that people in cybersecurity workers don’t need to interact with others in their organization or outside. The common stereotype is of a person who lacks many social skills sitting in front of a computer in isolation.  The truth is that to succeed you will constantly need to interact with others.  Depending on your specific job and set of responsibilities, you will be interacting with vendors, clients, team members, subordinates, and executives on a day to day basis.

It’s also important to communicate technical information to non-technical people, even potentially your boss. You also need communications skills to ensure best practices are implemented throughout the organization, and to explain any concerns or findings that could threaten your organization. 

Some of the communication skills you might want to practice are things as simple as not looking at your phone constantly in the middle of meetings.  You would be amazed at how many people do that.  It isn’t good! 

Other communication skills include conflict resolution, anger management, group presentations, walking meetings, writing emails and text messaging, Zoom behavior, and many others.  Remember, ways to communicate with others is a life-long skill that doesn’t stop at your cybersecurity office or workstation. 

Work Habits

In most entry and intermediate level roles you will get paid for your ability to solve problems and get the job done. No organization is willing to hire someone they need to guide through every process. This is why you need to demonstrate you are a self-starter and have a high degree of adaptability.  Remember also that cyber threats and attacks are not things that happen always during a nine-to-five workday.  They can happen at all hours and on weekends. You need to demonstrate your work schedule flexibility and your ability to work as a team in a professional and constructive way.

Cybersecurity professionals must be eager to dig into technical questions, have strong analytical skills, and must be willing to constantly learn new web vulnerabilities and security practices.

At CyberWarrior Academy we believe that entry and intermediate level professionals can achieve success thanks to a combination of great training, sound technical skills with logical thinking, ability to work independently, and excellent communication abilities (verbal and written).

It’s up to you to make sure you have all these skills and know-how to show it.  But don’t be afraid to find the help and training you need to make these skills a reality. 

For all of you out there who are considering a career switch to cybersecurity but are afraid to do it, you might want to consider these timeless words of advice:

It’s never too late!

We are not just saying this, we’ve helped many transition into a new cybersecurity career, and their successful careers prove that with passion, dedication, and the right mindset you can switch to cybersecurity at any age.

There are many reasons to consider cybersecurity as your next career. Cybersecurity has had a 0% unemployment rate since 2010 so there are tremendous opportunities and job security, and the COVID era and remote working has increased the immediate and increased need for businesses and organizations to hire engineers and analysts in the field and keep their assets safe from any cyber-attack.

Do you want a job in a relatively secure field?  Do you want a job that gives you the reward of knowing you protected the data of millions of people or government secrets?  Do you want a job that is growing rapidly with endless career growth opportunities?  Do you want a salary that is among the highest to be found?

You might want to say “yes”.  But before you do, you might want to consider the following.

The “Ugly” Truth About Cybersecurity 

What you are about to read is not intended to discourage you from starting a journey into the cybersecurity field. Rather it is to present you with real-world facts that will help you understand what you are getting into and if you have the skills (soft and hard) to dedicate your professional life to it. 

1- Cybersecurity Offers Many Career Paths so Choose Wisely 

Choosing a career pathway in cybersecurity can be overwhelming. There are a lot of cybersecurity career tracks and each one requires specific knowledge, training, and experience.

For example, if you are interested in networking as your area of experience you could start your career working as a Cybersecurity Specialist, a role that requires skills such as information security, information systems, information assurance, and network security. From there you could become either a Cybersecurity Analyst or a Penetration Tester. A Cyber Analyst will ideally have specific training and experience in network security, threat analysis, security operations, and vulnerability assessment. If you choose a role as a Penetration Tester you would need to learn about Pen Testing, Java, Python, and software development.

So before you decide to jump into the field, make sure you take time to review the most common career pathways, the transition opportunities they offer, salaries, and most importantly the skills, certifications, knowledge, and experience associated with each role.

2- You Can’t Avoid it. There is a lot of Dull Office Work. 

Movies have made everyone believe that cybersecurity is all about catching the bad guy who tried hacking into a government or corporate system. Truth is, cybersecurity professionals are spending most of their time doing office work: meetings, paperwork, professional training, working on different projects, and so on. The adrenaline rush happens from time to time when a vulnerability is detected and requires your attention and skills, but that is not the day to day.  And by the way, if it is the day-to-day, your defense systems are a real problem.

3- Cybersecurity Professionals Are Always Learning Something New 

Anyone who works in this field has to be willing to be constantly learning. Getting certified in different areas is just one step to make your resume more attractive. The truth is every day there is a new attack, a new vulnerability, and a new way to solve things. Cybercriminals could be compared to an evil machine that is constantly working to create different ways to achieve its mission of a cyber-attack. So, cybersecurity professionals need to keep pace and develop new ways to detect, prevent, and tackle those attacks. This requires constant monitoring, training, and acting as the ”bad guy” to test the controls and defense systems in place.

4- The Job Is Never Truly Done 

There is no such thing as a completely secure system. As we mentioned before, attackers are always developing new ways to break into systems. People interested in cybersecurity work need to understand that their work schedule is not usually limited to office hours and that there is always something that needs to be done, tested, patched, or created.

Cybersecurity professionals report a high level of satisfaction with their job, and the career offers attractive compensation packages, but before you make this career decision, we encourage you to research what cybersecurity actually means, the different roles you could get into, and how to start your career.

But we hope you do finally act. The industry needs you! 

Most people wonder if it’s actually worth investing time and money in cybersecurity certifications. When searching the web for answers you are going to find a handful of articles explaining why it is not necessary to get certified to succeed in this field. The truth is, they aren’t wrong or right.

Having certifications on your resume will only let employers know you have subject matter knowledge, but it is not a reflection of experience or skills with practical application. These aren’t necessarily more or less important than the certifications, but they are critical when an employer is choosing among different candidates for a job opening.

So, Why Get Certified?

Because you have to. Just like eating fruits and vegetables is important for your overall health, certificates are important for your overall cybersecurity career and professional health. Are they absolutely critical? No. Will they help you overall? Absolutely.

Adding certifications to your resume will help make it stand out from your competition when applying to a job, it will also demonstrate your level of commitment and can be very helpful to negotiate for a higher salary. It also will frequently serve as a minimum qualification that a hiring manager feels new talent must have.

At CyberWarrior Academy, we are firm believers that cybersecurity certifications are worth the effort because they work as a complement to the work experience you have and more importantly to the instruction you also need to get through other training opportunities. Getting certified is a critical way to further your expertise and understanding in the dynamic world of cybersecurity. It is also a way to demonstrate to a hiring manager that you know what it takes to succeed and be a part of a team.

There are different certifications out there. But, before you choose which one to pursue first, you need to understand that not all certifications serve the same purpose. You need to train for those certifications that hiring managers are looking for in the cybersecurity career track you want to pursue.

There are also foundational cybersecurity certifications that we believe are critical as building blocks to launch your career and ensure success.

CompTIA A+

A must-have credential that qualifies you for technical support and IT operational roles. As explained by CompTIA, the certification prepares anyone who is the “go-to person in endpoint management and technical support roles”, by giving the skills and knowledge necessary to perform critical IT support tasks.  

CompTIA Network+

The best starting point for beginners that want to work as a system engineer, network support specialist or network analyst. Network+ ensures you have the knowledge and skills to design and implement functional networks; configure, manage and maintain network devices; identify benefits and drawbacks of existing network configurations; implement network security and troubleshoot problems. 

CompTIA Security+

This is one of the must-have certifications as it teaches you the skills and knowledge required in any cybersecurity role. Among the skills you will develop are: detect indicators of compromise, understand penetration testing, install and configure systems to secure applications, implement secure network architecture concepts, install and configure identity and access services, implement risk management best practices. This is considered the first step into cybersecurity, from here you can build upon your resume move from an entry-level position to a more intermediate job.  

CEH: Certified Ethical Hacker 

Becoming a CEH will help you understand how a hacker thinks and acts in order to prevent and protect your organization from their malicious techniques. This certification will guide you through a broad area of hacking practices and different types of cyber-attacks, including areas as network scanning, pen testing, cryptography, viruses, trojans, social engineering.