How to Become a Cybersecurity Specialist
There are several paths to becoming a cybersecurity specialist. One involves earning a degree that targets the computer science, programming, and administration skills that are central to cybersecurity. Another involves acquiring the skills and knowledge associated with protecting computer systems through work in a related IT field and then transitioning into a cybersecurity position.
What is a Cybersecurity Specialist?
Cybersecurity is a broad and relatively new term that refers to a wide range of concerns regarding the safety and protection of information stored, accessed, and transmitted through computers and other networked devices. The term “cybersecurity specialist” is a general designation that refers to an increasingly diverse number of roles and responsibilities in the area of information security, information assurance, and information governance and policy. There are many names for cybersecurity specialists, including Security or Systems Administrator; Network Architect; and Information Security Officer. The list below includes some of the other common titles for professionals in the field of cybersecurity:
- Chief Information Security Officer
- Cyber Incident Responder
- Digital Forensics Investigator
- Information Assurance Officer
- Information Security Analyst
- Information Security Architect
- Information Security Risk Officer
- IT Security Consultant
- Network Security Engineer
- Systems Penetration Tester
Cybersecurity specialists work in many different capacities. Some build and maintain IT security systems, which may include firewalls, cryptography protocols, and malware detection software. Others are on incident response teams that head off and contain cyber attacks, mitigate the damage, and fortify systems against further breaches. There are security auditors and penetration testers who work to ensure that IT systems and security protocols are in compliance with industry standards, and computer and digital forensics investigators, who identify and preserve evidence of hacks and attacks, and use this evidence to trace cyber attacks back to their source. There are also information governance and policy experts, who oversee organizational cybersecurity plans, integrate these plans with other organizational needs, and communicate information security protocols to other members of the organization.
Education and Training in Cybersecurity
Traditionally, information security professionals have come out of the fields of computer science, computer engineering, and IT administration. The military and defense industries have also played a significant role in providing on-the-job training for information assurance and security specialists. As demand for qualified cybersecurity professionals has grown, colleges and universities have responded with dedicated degree programs that provide specialized training in the protection and security of computer systems and networks. These programs are typically housed in departments of computer science and engineering, but they offer a curriculum that is tailored to the unique demands and challenges of protecting IT infrastructures and emerging networked technologies.
There are currently no standardized educational requirements in the cybersecurity profession. Rather, there is a body of knowledge, including programming proficiencies and a deep understanding of how computer systems and IT networks are designed, maintained, and defended, that qualify an individual to work in the field. Most entry-level cybersecurity jobs require at least a bachelor’s degree, with a major or concentration in computer science, computer programming, or IT administration.
Because cybersecurity is a relatively new field, some employers will accept work experience in lieu of a formal degree – usually 2-4 years in a computer programming, IT administration, or related role. There are also a growing number of schools that offer bachelor’s in cybersecurity degree programs, which can provide the necessary training for entry-level positions. But, focused training in cybersecurity typically happens at the master’s degree level, in programs that offer comprehensive technical instruction in the protocols, practices, and technologies associated with information security, information assurance, information governance, and digital forensics.
In addition to master’s programs, some schools also offer one-year graduate certificate programs in cybersecurity. These certificate programs address specific areas of knowledge, like cybersecurity law, cyber investigations, and healthcare information security. They can be useful for career advancement, and are typically helpful for individuals who are already working in IT, but who want to transition into cybersecurity. There are also private organizations like the SANS Institute and non-profit organizations like the International Information System Security Certification Consortium that offer training programs and certifications in cybersecurity.
There is no independent accrediting agency for cybersecurity degree programs. However, there are several governmental and independent groups that provide guidance and recommend standards for cybersecurity education and training. These groups include:
- The Joint Task Force on Cybersecurity Education – A collaboration between four international computing societies.
- The National Initiative for Cybersecurity Education – Led by the National Institute of Standards and Technology.
- The National Initiative for Cybersecurity Careers and Studies – A division of the Department of Homeland Security.
- The National Centers of Academic Excellence in Cyber Defense – Jointly sponsored by the National Security Agency and the Department of Homeland Security.
Licensing and Certifications for Cybersecurity Professionals
There are no state or federal licensing requirements for cybersecurity specialists. Anyone who can demonstrate that they have the knowledge and training to work in cybersecurity can be hired to do so without meeting any additional requirements, educational or otherwise. (There are some exceptions, including governmental cybersecurity positions that require a security clearance.) However, there are industry certifications and credentials offered by professional organizations and private vendors. These certifications are meant to demonstrate specific technical proficiencies and/or knowledge in a particular area of cybersecurity. They are often useful to those who are already working in the field, for career advancement and professional development.
The following organizations provide training and certifications for cybersecurity professionals:
- The Computer Technology Industry Association (CompTIA) offers three certifications relevant to cybersecurity: the CompTIA A+; the CompTIA Network+; and the CompTIA Security+.
- The International Council of Electronic Commerce Consultants (EC-Council) offers training courses and certifications in more than a dozen distinct areas of cybersecurity, including Certified Ethical Hacker (CEH), Certified Chief Information Security Officer (CCISO), Certified Incident Handler (CIH), Certified Network Security Administrator (CNSA), and Licensed Penetration Tester (LPT).
- The SANS Institute offers Global Information Assurance Certification (GIAC) training and certifications in Cyber Defense, Penetration Testing, Incident Response, Systems and Network Auditing, Web Application Defense, and many other areas.
- The International Association of Privacy Professionals (IAPP) offers three professional certifications: Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), and Certified Information Privacy Technologist (CIPT).
- ISACA offers four primary cybersecurity certifications: Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM); Certified in the Governance of Enterprise IT (CGEIT); and Certified in Risk and Information Systems Control (CRISC).
- (ISC)², or the International Information System Security Certification Consortium, offers the Certified Information Systems Security Professional (CISSP) certification in several forms, as well as certifications in cloud security, cyber forensics, healthcare information security, software security, and IT security administration.