Pathway Overview
Why Cybersecurity?
- Gateway Field
- High demand
- Opportunity to advance
- Desirable payscale
The demand is high in this fast-paced and growing field with the increase in hacks and data incidents. Simply put, there are plenty of jobs out there; it’s about finding what position suits you best to excel and succeed. There are many entry level positions with further opportunity and a lot of crossover in cyber security positions. This is attractive whether you want to stay in the same role your entire career or build upon your experience to advance. Last but not least, the pay scale is desirable.
Note: Cyber security / Cybersecurity / Information Security / IT Security are used interchangeably in job postings.
Certifications
PATHWAY CERTIFICATIONS
*Note: Many employers are willing to help candidates attain certifications/clearance with strong soft skills. Further certifications differ based on specializations and role descriptions. Oftentimes certifications are not required but an added bonus to entry or mid-level positions.
| Certification | Definition/Purpose | Associated Roles |
| Security+ | CompTIA’s base level security certification | (Any Cyber role) |
| Network+ | CompTIA’s base level networking certification | (Any Network role) |
You receive access to the Security+ CertMaster practice tool to help you self study and get some exposure to CEH items. This will give a sense of what you may encounter if you take that test on your own. As you graduate in good standing, you will have the opportunity to request a voucher included in the program cost for the Security+ certification exam through CompTIA.
| Certification | Definition/Purpose | Associated Roles |
| Linux+ | CompTIA Linux+ validates the skills of IT professionals. (Any systems admin role) | (Any systems admin role) |
| Server+ | ComptTIA’s Server+ is a vendor-neutral certification for any environment | (Any server admin role) |
| Cloud+ | CompTIA Cloud+ validates the skills to maintain and optimize cloud infrastructure services. | (Any systems admin role) |
| OSCP | Offensive Security Certified Professional | (PenTester w/ CEH cert first, Cyber/Security Engineer, Analyst, Consultant) |
| CISSP | Certified Information Systems Security Professional | (Any Information Systems Security or technical role/job tasks) |
| SANS/GIAC | Global Information Assurance Certification | Specialized by role/job tasks) |
| CCNA | CISCO Certified Network Associate- Routing and Switching | Basic for Network Admin, Network Engineer, Network Security or Analyst) |
| CEH | Certified Ethical Hacker | (PenTester, Ethical Hacker, bonus for Incident Response, Network Security, Forensics, and Secure Programming) |
| CISA | Certified Information System Auditor | (IT Auditor, IT Consultant/Manager/, Chief Information Officer, IT Risk & Assurance) |
| CISM | Certified Information Security Manager | (Security Management positions) |
In-Demand Skills
*Ultimately, your ability to land a specific role will come down to your proficiency in these in-demand skills and your willingness to learn new ones. Specializations will depend on job tasks; refer to job description.
*List encompasses cybersecurity as a whole.
Transferable Skills and Qualities
- Adaptable/Flexible
- Attention To Detail
- Business Acumen
- Creative
- Passionate
- Problem – Solver
- Data-Driven
- Strong Oral/Written Communication
- High Ethical Standards
- Collaborative
- Strong Customer-Service
- Follow policy and procedures
Field-Specific Skills
- Network Security
- Network Fundamentals
- OS (Operating System)
- Vulnerabilities and Hardening
- Security Fundamentals
- Cryptography Principles
- Forensic Software Apps
- Incident Response
- Penetration Testing
Job Descriptions
*Note: This is a basic guide to kick-start exploration; not a complete list of all paths, specializations will depend on roles and tasks; refer to job postings.
Entry-Level:
Network Administrator
Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and systems. Responsible for setting up and maintaining a network or specific components of a system or network. Tags: IT Security, Systems Security, Security Admin.
Relevant Certifications: CCNA, CCNP, Microsoft OS, AWS.
Required Certifications: Often Security Clearance, CompTIA Security+/Network+/A+.
Previous Roles: IT Help Desk, IT Security, Security Analyst.
Future Roles: Security Consultant or Manager, Engineer/Architect.
IT Help Desk
Investigates and troubleshoots hardware/software problems and performs system hardware, software and network corrections. Configures computers, installs updates and provides end user support with adherence to policy and best practices. Also escalates issues and collects, reviews and inputs data. Tags: IT Service Desk, Technical Support, Help Desk Agent, Help Desk Technician.
Relevant Certifications: CompTIA Security+/Network+/A+.
Required Certifications: N/A, Possibly a Security Clearance.
Previous Roles: N/A or IT related.
Future Roles: Security Analyst, Network/Security Administrator.
Digital Forensics Examiner
Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability mitigation and/or criminal, fraud, counterintelligence, or law enforcement investigations. Tags: Computer Forensics, CyberCrime, Computer Crime, Digital Crime, Forensics Expert, Information Security Crime.
Relevant Certifications: GIAC Specialization Certifications, CompTIA Security+, OSCP.
Required Certifications: N/A or depends on job description, often Security Clearance.
Previous Roles: Computer Crime Specialist, Networks/Security/System Admin.
Future Roles: Cryptanalyst, Forensics Analyst, Incident Response, Forensics Manager, Security Analyst, Vulnerability Assessor.
Incident Response Analyst
Responding to crises or urgent situations mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
Tags: Computer Security Incident Response Team (CSIRT), Intrusion Analyst, Cyber Incident Responder, Incident Response Engineer, Computer Network Defense (CND) Incident Responder.
Relevant Certifications: CompTIA Security+/Network+/A+, CEH, CPT, SANS GIAC specialization.
Required Certifications: CISSP, CISM for leadership, and often at least one SANS GIAC.
Previous Roles: Network/Security/System Admin, Forensic Analyst.
Future Roles: Forensic Analyst, CSIRT Manager, Director of Incident Response.
Mid-Level:
Security Analyst
Information security analysts plan and carry out security measures to detect and protect an organization’s computer networks and systems. Experience will vary and are aligned to general implementation of cyber security best practices. Tags: Data Security, Information System Security, IT Security.
Relevant Certifications: CompTIA Security+, CCNA, CISSP, SANS GIAC cert; at least one.
Required Certifications: N/A or often a CompTIA Security+ and/or CISSP.
Previous Roles: IT/Network Security Specialist.
Future Roles: Network/System Administrator then Security Architect/Consultant/Manager.
Cyber Security Engineer
Supports secure architecture, delivery, and design of IT solutions and services. This role both defines and ensures security controls and processes which may include cyber security devices through effective documentation, education and awareness and risk assessment. In addition, this role manages IT incidents and investigations which includes providing solutions for regulatory compliance and mitigation. Tags: Information Assurance, Information Security, Information Systems Security, Network Security.
Relevant Certifications: CEH, CISM (for management roles), SANS GIAC certs: at least one.
Required Certifications: CompTIA Security+ and/or CISSP.
Previous Roles: Network/Security System Engineer, Information Assurance Specialist.
Future Roles: Security Architect/Consultant/Manager.
Senior Level:
Penetration Tester / Ethical Hacker
Looks and finds vulnerabilities in applications, networks, and systems. Using simulation tools, a pen tester strives to improve the security of an organization. They also document and explain their ethical hacking practices and findings. Tags: PenTester, Security Consultant, Security Assessment.
Relevant Certifications: CompTIA Security+/Network+, CEH, OSCP or equivalent, CISSP, CISM, SANS GIAC cert; GPEN, etc.
Required Certifications: Minimum one industry security certification and Security Clearance.
Previous Roles: Network Engineer, Administrator, Forensic Expert, Vulnerability Assessor.
Future Roles: Cryptanalyst, Cryptographer, Security Consultant, Sr. Forensic Analyst.
(Senior) Cyber Security Architect
Cybersecurity architects build the security infrastructure. They are knowledgeable across the systems development lifecycle including systems engineering, requirements development, implementation, testing, and maintenance. Overall, use best practices in the development of strategic plans and resources with oversight of ensuring that standards are visible and aligned appropriately. Provide critical input to review and make changes to policy and procedures as needed while keeping in mind cost and risk. Tags: Information Security Architect, Information Systems Security Architect.
Relevant Certifications: OSCP, SANS GIAC certs (minimum one preferred), CISSP.
Required Certifications: Often minimum one industry security certification.
Previous Roles: Security/Network/System Admin, PenTester, Vulnerability Tester.
Future Roles: Chief/Senior Security Architect, Security Analyst/Consultant/Engineer.
Security Director
Oversees the IT security measures of an organization and acts as the critical decision maker. Security Directors are Jill/Jack -of -all- traits including education and training, budgets, resources, government compliance, standards and best practices and dealing with security breaches among other tasks not listed. Tags: Senior Security Specialist, IT Security Director, Security Systems Director, Network and Security Director.
Relevant Certifications: CISA, SANS GIAC.
Required Certifications: Minimum one or more including CISM, CISSP, or equivalent.
Previous Roles: Security Analyst//Architect/Consultant/Engineer.
Future Roles: CISCO, Sr. Director of Global Security.
Chief Information Security Officer (CISO)
As the overall security leader, the chief may create risk management plans, formulate responses to large-scale threats, or even correspond with government officials/agencies or law enforcement regarding security. They also provide leadership opportunities and training to staff and have high regard for compliance in policy, standards and procedures. Tags: Chief Security Officer (CSO), Information Security Officer (ISO), Global Head/VP of Security.
Relevant Certifications: CISSP, CISA, CISM.
Required Certifications: Minimum one industry security certification and/or in management.
Previous Roles: Security Director/Manager, Security Architect.
Future Roles: Chief Information Officer (CIO), Chief Security Officer (CSO) Information Security Officer (ISO), Global Head of Security
