.avif)
Take a second and think about all the information about you that’s now digital. You’ve probably bought something online, so your credit card data ended up logged. Maybe you used online tax software to file last year, so you ended up sharing how much you made and your social security number. And maybe your GP has entered the digital age, so they’re sending summaries and follow-ups through an app, meaning even information about your health is now made up of zeros and ones.
Your personal data is at risk, always. The average person in the US received 2.4 data breach notices in the last 12 months. That’s why people such as network security engineers, information security engineers, and all other types of cyber security professionals are vital in our current digital age. The stats back this up:
- 45% of surveyed risk management experts said they most fear cyber incidents — significantly more than those who reported their main concerns were natural catastrophes, energy crises, or fires or explosions.
- 4.8 million cyber security jobs are unfilled globally, meaning companies are clamoring for talent that can close the workforce gap.
- 29% more information security roles will be created by 2034, far outstripping the 9% for computer occupations in general and the economy-wide estimation of 3%.
It’s vital work, there aren’t enough security engineer workers currently, and demand is expected to grow faster than that for most roles throughout the economy. The conclusion is clear: it’s a good field to dive into. Want to know how? Read on.
What is a security engineer?
Cyber security analyst vs. engineer
Typically, roles that fall underneath the cyber security engineer umbrella — think software security engineer, IT security engineer, system security engineer, etc. — are more focused on the development side of things. They craft and implement the digital systems that keep organizations safe from threats. Think of them as the ones building the walls around the castle.
Cyber security analysts, on the other hand, are typically more on the monitoring and investigating side of things. They look into alerts, respond to incidents, and spot potential vulnerabilities in security systems and protocols. They tend to be the ones keeping watch and figuring out what went wrong when something goes awry. Think of them as the inspectors and guards patrolling the walls of the castle.
Both are vital in an organization’s digital defense strategy. Engineers are usually proactive, and analysts are more often reactive, but both work in harmony (and the roles can regularly overlap) to protect vital digital assets.
What do people in cyber security actually do?
People in cyber security will have different responsibilities depending on their jobs, but they typically:
Protect infrastructure and data
This is the overarching work of people in these positions. It can take the form of building security systems or using those systems to monitor the security of sensitive systems and information.
Detect and respond to threats
If those systems flag a threat, cyber security specialists will look into what happened, stop any lingering threat in its tracks, mitigate any problems, and figure out how to prevent similar issues from arising in the future.
Design and implement security architecture
Not everyone in cyber security will be on the design side of things, but some positions are all about building digital defenses against threats. This can take the form of crafting these systems from scratch or adopting existing security tech.
Assist with compliance and governance
Regulations make sure companies meet strict standards when it comes to data security, and since security is crucial to keeping companies compliant with these regulations, cyber security professionals can craft security policies as well as lead audits to ensure their organizations meet requirements.
Check system robustness with tests
Not every cyber security worker will end up doing ethical hacking, but those who do will try to proactively discover weaknesses in security systems and report them to the company so the vulnerabilities are patched before they’re discovered by bad actors.
Defensive cyber security
This is the domain we’ve been discussing so far in terms of cyber security engineering and analysis. To get into more detail, we’ll introduce an initialism you’ll end up encountering over and over again in cyber security: SIEM (security information and event management), basically a catch-all for digital security processes. This is the system that the engineer sets up and the analyst uses.
For a sense of what this looks like, here are some overarching tendencies you might expect to encounter on this side of cyber security.
Areas of responsibility and key tasks
Building, maintaining, and managing security systems and protocols
Example key tasks: Configuring digital protections such as firewalls and intrusion detection systems and updating them as necessary
Threat detection and mitigation
Example key tasks: Monitoring for SIEM alerts, investigating incidents, carrying out forensic analysis, patching the vulnerabilities exploited
Seeing to compliance with security regulations (e.g., HIPAA, PCI-DSS, GDPR)
Example key tasks: Maintaining documentation of incidents and responses, reviewing and revising security policies, staying informed on new relevant legislation
Training people throughout the organization on security awareness
Example key tasks: Staying up-to-date on the latest threats, developing company-wide security communications, guiding annual security recertification trainings
Offensive cyber security
So far, we’ve been talking about the people who build the defenses, use them, guard them, and make sure they’re up to code. But still, that’s not the full picture of cyber security. Now we get to the other side of things, and we’ll introduce a bit more jargon: blue team vs. red team. So far, we’ve been talking about the blue team: defensive players. Now, we get to the red team — the people who test these defenses.
Areas of responsibility and key tasks
Simulating real-world cyber attacks
Example key tasks: Running security drills that can be either announced or unexpected, leading entirely simulated breaches, attempting to gain access to planted test data protected by blue-team systems
Testing systems for vulnerabilities
Example key tasks: Conducting social engineering and phishing tests, reviewing configurations and code, attempting to gain physical access to secure office areas
Developing custom ethical hacking tools
Example key tasks: Crafting applications that can carry out cyber assaults at-scale, writing scripts that can plant harmless payloads, coding threats in-house to demonstrate potential vulnerabilities
Documenting findings
Example key tasks: Using tracking systems such as Jira to log every stage of an ethical hacking attack and communicating results and recommendations to tech teams and other stakeholders
How to become a cyber security engineer
To become a cyber security engineer, you typically will need a degree, usually a bachelor’s in a field such as computer science. Following that, you’ll need to gain practical experience via an internship or entry-level role. However, as we’ve been discussing, there’s no one way to work in cyber security engineering, so likewise there’s no one end-all and be-all set of cyber security engineer requirements. Let’s get into some detail.
Background: Do you need a degree?
No, you don’t need a degree to get into cyber security. So if you already have a bachelor’s in philosophy, for example, you don’t need to spend more money and potentially get into even more student debt. And even if you don’t have a degree whatsoever, you still don’t necessarily need to enroll in an expensive four-year program to become a cyber security engineer.
But before you start applying for entry-level cyber security jobs thinking you don’t need anything more than your determination, hold on. You’re still going to need some qualifications. In fact, even people who do aim on going for security roles after college often need to augment their know-how with programs that will teach them the cyber security engineer skills they need. And so:
Cyber security engineer skills: What hard and soft skills do you need?
In any cyber security position, you’re going to need real, practical skills that’ll serve you throughout your career and ensure you fit the security engineer job descriptions that you’re aspiring to fill. What skills exactly? Well, once again, we’re going to be a little broad because there are so many different roles to fill, but in general, you’ll encounter skill expectations similar to these:
Once again, we didn’t list any of the more job-specific skills that you’ll likely encounter in job descriptions in the wild, but this gives you a general overview.
But one thing to point out is that many of these skills are transferable. Risk management? That’s something everyone from project managers to law enforcement professionals are already actively practicing. Communication skills? Teachers and salespeople have them down. This is all to say you likely already have many of the skills that will serve you in a cyber security job. And the ones you don’t have? You can learn.
Importantly: we don’t mean you can just gain skills on YouTube. This is a field that, as we’ve mentioned, is closely related to compliance. This means when a company brings on a new specialist, they want to have some proof of your bona fides. This comes in the form of a portfolio of projects, but also crucially in the form of cyber security engineer certifications.
Security engineer certifications
You’re going to see a bunch of certifications you can go for. Instead of giving a full run-down of each, we’ll focus on the certifications that’ll serve you best earlier in a career.
In terms of someone just starting their cyber security career, a good place to start might be the Google Cybersecurity Certificate. It’s offered through Coursera, meaning it’ll cost $49 a month, and it’ll ask you to spend 10 hours a week studying for three to six months.
Now, that’s great, but the golden standard for intro cyber security certifications is CompTIA Security+. Like we said, there are tons of certifications, but this one is the most commonly recognized and respected. In fact, many government jobs require it. Now, to be fair, Google’s certificate does set you up to earn this certificate, but you won’t necessarily finish the program with that potent certification in hand.
If you’re really job-focused, look for a program that’ll make sure you graduate with a CompTIA Security+ certificate — it’s applicable across a wide swath of fields, and once you start your cyber security career, you can then specialize.
Speaking of, we do recommend continual certification as you progress in your cyber security career. For example, if you find yourself attracted to the ethical hacking we mentioned above as you advance, you can even get recognized as a certified ethical hacker via the aptly named Certified Ethical Hacker (CEH) qualification. Or, if you get more into information systems, you can also specialize by becoming a Certified Information Systems Auditor (CISA).
And that’s just the beginning. The more you find yourself advancing through cyber security, the more you’ll find certificates fueling and verifying your growth. But before all that, you need to start somewhere. Here’s what your first role might look like:
Entry-level cyber security jobs and salaries
Security analyst
Entry-level salary: $82,000 to $133,000 according to Glassdoor as of the time of this writing.
This is what we’ve already been discussing in detail. You’re going to be the one responding to threats and incidents and making sure the defenses built by the engineers are staying strong and keeping bad actors away from sensitive systems and data.
Cyber security engineer
Entry-level salary: $97,000 to $154,000 according to Glassdoor as of the time of this writing.
This is the other role we’ve been diving into in some detail so far. In this job, you’re going to be building the protective systems that security analysts are going to be using to keep digital assets safe. Importantly, we listed the cyber security engineer salary from an entry-level perspective, but the median salary of a cyber security engineer across all levels is $157,000, and it can even grow significantly with experience.
Threat researcher
Entry-level salary: $72,000 to $132,000 according to Glassdoor as of the time of this writing.
This is pretty self-explanatory; in this role, you’ll, well, research threats. You’ll investigate digital risks, uncover new methods of attack, and identify new bad actors in the space, anticipating how to head them off. That makes it somewhat proactive, even if it typically does fall more on the blue team side of things.
Security administrator
Entry-level salary: $64,000 to $110,000 according to Glassdoor as of the time of this writing.
Take a security analyst, revamp it with operations know-how, and you’ll have a security administrator. They oversee and maintain a company’s security systems and controls. It’s very hands-on and, unsurprisingly, focused on implementation and administration, i.e., making sure that the analysts and engineers can keep doing their work without interruption.
Vulnerability management analyst
Entry-level salary: $83,000 to $127,000 according to Glassdoor as of the time of this writing.
This is akin to a security analyst, but as the name indicates, it’s more specific. Again, it’s pretty self-explanatory: You’ll run vulnerability scans, look into the results, determine which findings need to be followed up, work with other functions to remediate any spotted issues, and track efforts.
Cyber security engineer career path
So we’ve got all this info. What could it look like for you, though? Here’s a general outline that you might end up following.
Stage 1: The beginning
Salary: $122,000 median according to Glassdoor as of the time of this writing.
During this time, you’ll start off learning, typically starting with some self-study to see if the field is right for you. Once you’ve confirmed it’s right for you, you’ll need to gain skills in the field and certification (probably CompTIA Security+). After all, there are cyber security engineer education requirements — namely, certification. Then, you launch your career with your first entry-level job.
Stage 2: Building experience
Salary: $132,000 median according to Glassdoor as of the time of this writing.
You’re in the field. You’re gaining experience implementing and maintaining the cyber security tools your organization is using, and you’re supervised by a more seasoned cyber security pro. This is also when you’ll spend time naturally discovering your aptitudes and interests in the field, so you’ll use this to inform the next certifications you pursue such as the ones mentioned above or even vendor-specific ones.
Stage 3: Independence
Salary: $147,000 median according to Glassdoor as of the time of this writing.
You’ll be taking on similar responsibilities, only now you’ll be under less supervision. You’ll likely have gained a specific area you’re most knowledgeable in, and you’ll start becoming the person people come to when they have questions about your area. You’re helping build, evaluate, and select tools, and might even mentor junior engineers. Naturally, there’ll be more certifications to go for here, maybe even the next steps from CompTIA such as CompTIA Advanced Security Practitioner.
Stage 4: Seniority
Salary: $159,000 median according to Glassdoor as of the time of this writing.
You’re going to be the person tackling the most complex technical challenges. Your whole enterprise needs a new security architecture? You just might be the one designing it or leading the team crafting it. You’re making major decisions affecting the whole organization, mentoring engineers with less experience, and taking leadership roles on security projects. At this stage, you might be going for more prestigious certifications such as becoming a GIAC Security Expert.
Stage 5: Directing
Salary: $168,000 median according to Glassdoor as of the time of this writing.
This is where paths might diverge. You might become the principal security engineer, in which case you’ll be interfacing with top company officials to guide the security strategy, not just the design and implementation of the system. You’ll be the top person people come to with questions about security.
Otherwise, you might be in management at this point, and you might have already been tapped for this path after proving your people or project management skills. In that case, you might even find yourself progressing to roles such as VP of security or chief information security officer. These roles really prioritize leadership skills, so if you’ve gained any in a previous role, make sure you don’t let them fall by the wayside — when combined with technical know-how, they can take you far.
Note: This has all just been following Glassdoor’s data for the very specific role of cyber security engineer through its years of experience. With enough know-how and a penchant for leadership, you might even end up as VP of security, earning a $331,000 median annual salary.
FAQ
Am I a fit for a career in cyber security?
You are a fit for a career in cyber security if you like digging into knotty cases and coming up with creative solutions, are curious about how tech works, and if you’re eager to keep learning. Keep that last element in mind — if you want to continuously upgrade your knowledge, this is the field for you, as you’re going to be regularly certifying your skills.
Will AI replace cyber security jobs?
No, AI will not replace cyber security jobs. In this field, the human factor will remain crucial. For example, consider social engineering attacks. Preventing these attacks requires an understanding of attacker and target behavior. AI will likely augment what cyber security professionals can do, but it won’t replace them.
Is cyber security still worth it in 2025?
Yes, cyber security is still worth it in 2025. In fact, it is more worth it than ever, and will only become more important as an increasing share of our lives is put online. Not only that, but the United States Bureau of Labor Statistics estimates information security analyst pay at $124,910, nearly 3x the average for all occupations.
Is it hard to become a cyber security engineer?
It is not effortless to become a cyber security engineer, but it is eminently possible. Think about it like gaining know-how in any field — you’re going to have to learn first, but you absolutely can learn. After all, the skills required for cyber security engineer careers can be taught like any others.
Do you need a degree to become a cyber security engineer?
No, you don’t need a degree to become a cyber security engineer, but you will need some certification such as CompTIA Security+ to get started. You will also need some hard and soft skills, but all of this can be gained through a bootcamp such as TripleTen’s Cyber Security Bootcamp.
How long does it take to become a cyber security engineer?
It takes either three months or seven months to learn the skills to become a cyber security engineer, depending on whether you choose to go for the full-time or part-time version of TripleTen’s Cyber Security Bootcamp. Following that, grads land jobs within ten months or get their tuition refunded.
Do security engineers code?
Security engineers may code, but this all depends on the role. You don’t need to have in-depth software expertise to excel in this field. However, if people in these roles do code, they tend to use languages such as Python to automate things such as log analysis, configuration, vulnerability scans, or reports.
Is cyber security a good career for introverts?
Yes, cyber security is a great career for introverts. You’ll find yourself diving deep into technical tasks, and even when you have a supervisor in your early career, you’ll be mostly taking on tasks solo. Of course, you’ll need to check in throughout the week, but the focus of the role is not talking to others — it’s all about the actual tasks.
How should I write an entry-level cyber security resume?
To write a good entry-level cyber security resume, highlight three things: interest, aptitude, and experience. Your interest can be expressed in your “about me” section: what brought you to the field, what drives you. Then, include your certifications as attestations of your aptitude and describe your experience via projects you’ve worked on (like the ones you tackled at a bootcamp) to verify your bona fides.
What’s the best online degree for cyber security?
The best online degree for cyber security depends on the outcomes you’re looking for, but if you’re interested in getting an education in the field that focuses on helping you land a job and not just giving you decontextualized information, go for a bootcamp such as TripleTen’s Cyber Security Bootcamp. You’ll learn in-demand skills as well as get career coaching and other employment-focused training.
Is cyber security harder than computer science?
Cyber security is generally considered less technically intensive than computer science, but the difficulty varies significantly from role to role. Some cyber security roles, such as advanced red team ones, require in-depth technical knowledge, and some computer science roles such as front-end design don’t demand that comp sci workers have any familiarity with server-side programming at all.
.avif)
