People in the Information Security (InfoSec) field protect their employer’s computer systems from cyberattacks. The Bureau of Labor Statistics generally classifies these professionals as Information Security Analysts. The government expects this field to grow by 18% from 2014-2024. That means the economy will add close to 15,000 jobs in this area of Information Technology.
- 1 Job Title & Role Overview
- 2 Career Paths in IT Security
- 3 IT Security Salary Expectations
- 4 Education for IT Security
- 5 IT Security Career Outlook
Job Title & Role Overview
Information Security Analysts perform a wide range of duties to prevent cyberattacks. They must constantly look for security breaches and take steps to minimize the damage from a cyberattack. Researching the latest trends and installing new software to protect data are critical responsibilities too.
Information Security positions often have a consulting component. Many InfoSec professionals develop best practices and make recommendations to improve security.
IT Security Sample Positions
There are a wide number of positions available to aspiring InfoSec professionals. In addition to the Information Security Analyst, InfoSec job titles include:
A Network and Systems Administrator position is one place where they can begin a career. This type of job involves duties such as installing hardware and software, adding users to a network, and collecting data on network performance. You gain a great foundation of IT knowledge.
Computer Security Specialists monitor, test, and perform trouble-shooting on security systems. People with this job title earn an average of $74,000 per year. Computer Security Specialists report that risk management and auditing skills enhanced their pay.
Information Assurance Engineers analyze networks to identify vulnerabilities, respond to breaches, and works to continuously improve network control. The median income is over $87,000 per year, and people in this field report high job satisfaction.
Career Paths in IT Security
There are numerous career paths available to people who want to combine IT security with a business focus. Computer and Information Systems Managers are one type of position. These experienced professionals establish goals and implement new systems. They earn a median income of $135,800 per year.
A Chief Information Security Officer is the executive in charge of an organization’s information security. Their responsibilities include IT security strategy development, system implementation, and regulatory compliance. These IT executives earn a median income of $156,000+ per year. However, Chiefs in cities such as Chicago report much higher median incomes.
A Master’s degree helps you advance in this field. An MBA is beneficial for people who want to move into leadership positions that establish InfoSec strategy, manage budgets, and direct large-scale projects.
IT Security Salary Expectations
The Bureau of Labor Statistics reports that the median salary for Information Security Analysts is $92,600 annually. Entry-level Information Security Analysts, those in the bottom 10% of earners, make slightly under $54,000 annually while executives, those in the top 10% of earners bring home over $147,000 per year. As noted earlier, job title and experience greatly influence these figures.
The earnings potential for Information Security Analyst positions varies greatly by location. These professionals earn the most in Washington D.C. where the annual mean wage is just under $124,000 per year. New York, New Jersey, California, and New Mexico are the best paying states.
Education for IT Security
Many companies require a Bachelor’s degree for an entry-level cybersecurity position. One survey of Information Security Analysts found that 65% had at least a Bachelor’s degree while the remaining 35% had training beyond high school. There are online and traditional setting degree programs available.
Computer Science, Information Technology, Cybersecurity, and Information Assurance are some of the recommended majors for aspiring InfoSec professionals. Coursework in Disaster Recovery, Digital Forensics, Compliance, and Risk Management provides crucial training for entry-level positions.
Special recommendation: Look for Bachelor’s degree programs at universities that the DHS (Department of Homeland Security) and NSA (National Security Agency) recognized as a Center of Academic Excellence. This achievement separates the best-regarded Information Security programs from others that people find during Google searches.
Entering the Profession
Bachelor’s degree programs, whether online or in a traditional setting, often require an internship for graduation. It is important to make a great impression by showing up on time, performing well, and taking the initiative to ask for more work once you finish a project. If the organization does not have any full-time jobs once you complete the internship, ask for a LinkedIn recommendation.
Professional organizations such as the ISSA (Information Systems Security Association) offer networking and career assistance to members. These features help you discover new openings. InfoSec volunteer opportunities also allow you to build your resume and make professional contacts.
IT Security Certifications for Early Career Professionals
Earning a well-respected certification is also important to entering the InfoSec field. Hiring managers look for certifications so that applicants prove they meet certain standards. There are a wide variety of certifications in the InfoSec field.
The Systems Security Certified Practitioner (SSCP) is for professionals with at least 1 year of full-time cybersecurity experience in at least one the following 7 domains:
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring, and Analysis
- Incident Response and Recovery
- Network and Communications Security
- Systems and Application Security
The exam tests your expertise the aforementioned domains. This certification qualifies you for positions implementing and administering security procedures.
CompTIA Security+ is another great certification for early career IT professionals. There is no specific prerequisite to sit for the exam; however, CompTIA notes that is beneficial to earn the CompTIA Network+ certification and have at least two years of experience in the IT security field before taking the test.
Some of the world’s most recognized employers such as Apple, Dell, and Intel use CompTIA Security+ as a baseline certification. U.S. government agencies such as the Department of Defense, the Justice Department and the State Department look for professionals with this certification.
IT Security Certifications for Mid-Career and Senior Professionals
Certifications are also critical for career advancement. If you are a mid-level security professional, you need to consider The Certified Information Systems Security Professional (CISSP®). It is one of the most widely known certifications. The CISSP tests your knowledge of the following 8 domains:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
An IT security professional must have 5 years of full-time work experience in at least two domains of cybersecurity. You can take the test after 4 years of professional experience if you have a Bachelor’s degree.
The Certified Information Security Manager (CISM) is a well-regarded certification for senior InfoSec professionals offered by ISACA (Information Systems Audit and Control Association). To earn this designation, a person must demonstrate an understanding of how information security relates to broader business challenges. There are strict requirements for this certification that include:
- 5 years (minimum) of information security work experience
- 3 years (minimum) experience in information security management
- Experience in at least 3 of the 4 domains covered by the exam (information security governance, information risk management, information security program development and management, and information security incident management)
- All work experience must be within a 10 year timeframe
- Complying with ISACA’s rigorous continuing education and ethics policies
IT Security Specialty Certifications
There are a variety of specialty InfoSec certifications. One of the best known is the Certified Ethical Hacker (CEH). Hacking is a major concern for the U.S. government and private companies. Therefore, they need people to identify vulnerabilities and prevent cyberattacks.
The purpose of the test is for the CEH to demonstrate competence in hacking topics that include, but are not limited to:
- Worms and viruses
- Denial-of-service attacks
- Penetration testing
- Scanning networks
- Reconnaissance and footprinting
- Hacking web servers and mobile platforms
The CEH is a four-hour test with 125 questions. To qualify for the exam, you must have formal training or at least two-years of work experience in cybersecurity. Organizations such as the EC-Council, Pluralsight, and 360training.com offer training courses in ethical hacking. You need to examine the course content and method of instruction (instructor or online based) to find the right preparation program for you.
The Certified Information Systems Auditor (CISA) is a specialty designation for auditing information technology. To sit for the exam, you must have at least five years of experience in information system (IS) auditing, control, and/or security. ISACA, the organization that offers the CISA certification, allows certain substitutions. For instance, you can take the exam if you have a Master’s degree and four years of work experience.
The certification covers five domains. They are:
- The Process of Auditing Information Systems
- Government and Management of IT
- Information Systems Acquisitions, Development, and Implementation
- Information Systems Operations, Maintenance, and Service Management
- Protection of Information Assets
To maintain certification, auditors must commit to ISACA’s Code of Ethics, auditing standards, and continuing education requirements.
IT Security Career Outlook
The InfoSec field offers financially and intellectually rewarding career paths. These jobs involve problem solving, working with data and details, and developing practical solutions to information security problems. Whether you want a job in the public or private sector, there is a great need for people with the education and talent to prevent cybersecurity attacks.
Certifications are crucial to advancement in this field. If you are an aspiring InfoSec professional, make sure you earn and maintain relevant certifications. These designations are important for obtaining the most lucrative and interesting job opportunities.