Credit: gordoenkoff / iStock / Getty Images Plus
A lucrative, growing field, cybersecurity focuses on protecting organizations from digital attacks and keeping their information and networks safe. Cybersecurity experts detect vulnerabilities, recommend software and hardware programs that can mitigate risks, and develop policies and procedures for maintaining security.
As more businesses move their operations online, and with cyberattacks on the rise, the need for skilled cybersecurity professionals is projected to grow, particularly for healthcare and financial organizations.
But cyberattacks cause problems for companies across industries, including hospitality and insurance. Hackers exploit security weaknesses to collect private information such as social security and credit card numbers, medical data, passwords, and company secrets. Hackers may then sell this information to the highest bidder or ransom it back to the company from which they stole it.
The cybersecurity field presents diverse career opportunities. Potential jobs include information security analyst, chief information security officer, security architect, and security engineer. The most popular industries that employ cybersecurity professionals include computer systems design and related services; management of companies and enterprises; credit intermediation and related activities; and management, scientific, and technical consulting services.
This guide describes the types of careers available to cybersecurity professionals, including potential salaries, job duties, and the best cities and industries to pursue cybersecurity jobs. We also explain how to prepare for a career in the cybersecurity field.
Top Online CyberSecurity Programs
Explore programs of your interests with the high-quality standards and flexibility you need to take your career to the next level.
Annual Median Wage and Employment for Information Security Analysts by State, 2020
Match me with a bootcamp.
Find programs with your skills, schedule, and goals in mind.
Top 10 Cybersecurity Jobs by Salary
| Cybersecurity Career | Average Annual Salary | Top-Paying City by Career |
|---|---|---|
| Chief Information Security Officer | $165,788 | New York, NY |
| Security Architect, IT | $125,463 | New York, NY |
| Security Manager, IT | $112,109 | Dallas, TX |
| Security Assessor | $102,500 | N/A* |
| Security Engineer | $94,730 | San Francisco, CA |
| Information Security Consultant | $85,430 | N/A* |
| Security Director | $88,144 | Washington, DC |
| Incident Manager | $84,037 | New York, NY |
| Information Security Specialist | $76,821 | Phoenix, AZ |
| Penetration Tester | $87,737 | 2 hours |
*Based on available data
Learn more about the degrees needed for these careers:
Cybersecurity Careers
The cybersecurity field encompasses a large variety of exciting, rewarding career paths. Cybersecurity salary expectations, job duties, and education requirements vary by career. Keep reading to learn more about some of the most popular cybersecurity jobs, including common tasks, average salaries, education and training requirements, and top-paying cities.
Chief Information Security Officer
Chief information security officers (CISOs) occupy high-level roles as they protect their companies' data and manage IT and security issues. They work with other executives and IT security experts. These professionals need advanced business, technical, management, and organizational skills. They must also keep abreast of trends and current issues in information security.
Chief information security officers supervise the operational aspects of data protection and management. They develop information security procedures and policies for organizations and manage teams of professionals who identify and mitigate security threats. Other typical job tasks may include developing budgets, carrying out audits, and making sure that the company complies with relevant laws and regulations.
Most chief information security officers start their careers as IT analysts or specialists with a bachelor's degree in a field like cybersecurity, computer science, or IT. As they gain experience, certifications, and further education, they can advance to higher-level roles.
- Required Education: Bachelor's degree required, master's degree recommended
- Average Annual Salary for CISOs: $165,788
- Get more details about CISO cybersecurity jobs
Cryptographer
Cryptographers help organizations safely and securely communicate and exchange information. As cyberattacks and threats grow, the demand for skilled cryptographers who can protect valuable information may increase. Cryptographers typically work for government agencies, financial institutions, and healthcare organizations. Companies like Amazon, Google, and Apple also hire cryptographers.
Cryptographers develop and crack codes, puzzles, and cryptograms. They encrypt data by writing algorithms, security protocols, and cyphers; break down codes to decrypt data; and create cryptology theories. They also identify weaknesses, vulnerabilities, and potential problems by analyzing encrypted systems.
Professional cryptographers need advanced communication, analytical, and problem-solving skills. They must also possess a variety of technical computer and IT skills. They need to understand algorithms, data structures, multiple programming languages, and various operating systems. The high-level knowledge this career requires means that most employers prefer job applicants with a master's or Ph.D.
- Required Education: Master's degree or Ph.D. preferred
- Average Annual Salary for Cryptologists: $73,067, based on available data
- Learn more about the importance of cryptographers
Forensics Expert
Forensics experts investigate computer and cybercrimes and help organizations protect sensitive data and information. Typical job duties may include educating employees about cybersecurity issues, identifying security weaknesses, retrieving data from systems and devices, and reconstructing information systems to understand data breaches. Sometimes forensics experts serve as expert witnesses in trials.
Forensics experts usually work with other IT security professionals. They often deliver security reports to executives, lawyers, and law enforcement personnel. Employers include government agencies, large corporations, and law firms. Individuals with a high level of expertise may work as consultants. Skills required of forensics experts vary by position but typically include advanced understanding of computer software and hardware, programming languages, operating systems, and cryptography.
Entry-level positions usually require at least a bachelor's degree in cybersecurity, computer science, or a related field, and some professional experience. Forensics experts may qualify for mid-level and upper-level positions after accumulating more experience, certifications, and education.
- Required Education: Bachelor's degree required
- Average Annual Salary for Forensic Computer Analysts: $74,618
- Learn more about forensics expert jobs in cybersecurity
Incident Responder
The incident responder includes jobs such as response engineer, cyber incident responder, computer network defense incident responder, and forensics intrusion analyst. Most incident response professionals respond to cybersecurity incidents and data breaches.
These professionals improve the overall security, finances, and reputations of organizations. They also provide cybersecurity education to employees and detect threats. Typical job duties include developing systems and plans for identifying security breaches, conducting risk analysis, reverse engineering, and writing reports for law enforcement and/or management.
Some incident responder professionals complete certifications like certified intrusion analyst or certified incident handler, but most hold a bachelor's degree at minimum. Earning a master's degree in cybersecurity, computer forensics, or a related field may open up more career opportunities with greater salary potential.
- Required Education: Bachelor's degree required, master's degree preferred
- Average Annual Salary for Incident Managers: $84,037
- Read the full cybersecurity job description for incident responders
Penetration Tester
Penetration testers find vulnerabilities in networks, information systems, and web applications. They test established security systems and try to prevent cyberattacks. Penetration testers identify weaknesses by conducting their own simulated cyberattacks without actually making data vulnerable, a practice sometimes called ethical hacking.
Penetration testing professionals often work for government, healthcare, and finance organizations. They need strong analytical, problem-solving, and hacking skills.
Penetration testers with excellent hacking skills may not need a degree to find employment. However, entry-level positions typically require a bachelor's degree in a field like computer science or cybersecurity and relevant experience. High-level management roles may require as much as 10 years of experience and/or a master's degree.
- Required Education: Bachelor's degree or master's degree often required
- Average Annual Salary for Penetration Testers: $87,737
- Read more about network security jobs like penetration testing
Security Administrator
Security administrators prevent organizations from cybersecurity threats and attacks. These professionals serve in high-level roles, overseeing the IT security efforts of their organizations. With the help of their team, they create policies and procedures, identify weak areas of networks, install firewalls, and respond to security breaches. Security administrators work in nearly every industry that relies on computer networks.
The education requirements for this profession vary by position and employer, but typically include a bachelor's degree in a field like IT, computer science, or information assurance. Management-level positions often require a master's in a field like information systems or business administration. Many security administrators gain professional experience through entry-level IT support jobs. Earning certification can improve career prospects.
Security administrators need advanced technical skills in encryption, firewall and router configurations, operating systems, and protocols. They also benefit from communication, problem-solving, and analytical skills.
- Required Education: Bachelor's degree required, master's degree preferred for management positions
- Average Annual Salary for Security Administrator, IT: $67,774
- Get more information on security administration cyber jobs
Security Analyst
Security analysts protect organizations' data from cyberattacks. They typically need a bachelor's degree to enter the profession. The Bureau of Labor Statistics (BLS) reports that information security analysts can earn a median annual salary of $103,590, with a 33% projected increase in jobs from 2020-2030. Security analysts work for public and private sector organizations in business, technology, and finance.
Typical job duties may include installing computer security software, conducting penetration testing, training employees to use secure processes, and developing procedures and policies. These professionals often work with managers, employees, and executives to identify effective security plans and procedures.
Security analyst positions require a bachelor's degree at minimum in a field like computer science or IT. Most security analysts start out as software developers or computer programmers and qualify for security analyst positions after 1-2 years of experience. Earning industry certifications can also help individuals qualify for security analyst jobs.
- Required Education: Bachelor's degree required
- Average Annual Salary for Security Analysts: $69,361
- Learn more about security analyst cybersecurity jobs
Security Architect
Security architects design, plan, and supervise systems that thwart potential computer security threats. They must find the strengths and weaknesses of their organizations' computer systems, often developing new security architectures. Job tasks may include budget preparation, allocation of personnel resources, management of IT teams, and report preparation.
These professionals must possess advanced knowledge of software and hardware design, computer programming, risk management, and network and computer systems. Communication, problem-solving, and analytical skills all rank high in importance for this profession. Computer network architects find many opportunities in the computer systems design and telecommunications industries.
Security architects need at least a bachelor's degree in a field like computer science or IT and relevant professional experience. Many enter the field with hacking experience. To advance in the field, they often earn certifications, pursue graduate degrees, and take continuing education classes. PayScale reports an average annual salary of $125,463 for IT security architects.
- Required Education: Bachelor's degree required
- Average Annual Salary for Security Architect, IT: $125,463
- Get more details on security architect jobs in the cybersecurity field
Security Auditor
Security auditors assess and analyze computer security systems' efficiency and safety. They hold expertise in cybersecurity, computer and information technologies, and penetration testing. They test databases, administer audits, create reports, and advise organizations about steps they can take to make their computer systems more secure. Security auditors must understand organizational policies and government regulations about computer security.
These professionals typically work as outside consultants for finance companies, nonprofit organizations, and businesses. Security auditors often work with other IT professionals, managers, and executives.
Security auditors may find employment with an associate degree, but many employers prefer individuals with a bachelor's degree at minimum in computer science, IT, or a related discipline.
- Required Education: Associate degree required, bachelor's degree may be preferred
- Average Annual Salary for IT Auditors: $69,449
- Read the full cybersecurity job description for security auditors
Security Consultant
Security consultants use their expertise about IT and computer security issues to advise organizations about appropriate security measures. Typical job duties may include looking for potential security breaches, overseeing implementation of new security measures, and training employees to protect their organizations from security risks.
Security consultants need excellent analytical, communication, computer, and other technical skills. Many security consultants earn professional certifications to stay relevant and expand their career opportunities. Popular certifications include certified information systems security professional, certified information systems auditor, and certified ethical hacker.
Security consultants typically need at least a bachelor's degree in a field such as cybersecurity, computer science, or IT. They frequently begin their careers working entry-level jobs in IT, and then transition to security consultant roles after gaining 1-3 years of experience. Information security consultants earn an average annual salary of $85,430, according to PayScale.
- Required Education: Bachelor's degree required
- Average Annual Salary for Information Security Consultants: $85,430
- Learn more about security consultant cyber jobs
Security Director
Security directors oversee IT security staff, activities, budgets, and equipment. They often take charge of information security training, compliance, and human resources issues. Security directors also manage the systems that protect organizations' data, such as patient health records, customer bank accounts, and company secrets.
Security directors respond to and investigate security breaches, engage in strategic planning, and manage budgets. A variety of industries employ security directors, including the military, government, insurance, and finance.
Minimum education requirements for security directors typically include a bachelor's degree in a field like cybersecurity, computer science, or IT, and at least a few years of professional experience. Some employers prefer candidates with a master's degree.
- Required Education: Bachelor's degree required, master's degree may be preferred
- Average Annual Salary for Security Directors: $88,144
- Read more about these in-demand jobs in cybersecurity
Security Engineer
Security engineers create IT security systems to protect their organizations' systems and sensitive data from cyberattacks. Their main job duties include building intrusion detection systems and firewalls to stop attacks. Other tasks include conducting security assessments, tests, and risk analyses. They also deliver reports and make recommendations to executives.
A bachelor's degree in cybersecurity, engineering, programming, or computer science represents the typical minimum education requirement for most security engineering positions. In addition to education, security engineers usually need 1-5 years of relevant work experience. Security engineers with a master's degree typically qualify for top-level positions.
Many security engineering positions require industry certifications such as certified ethical hacker or certified information systems security professional. According to PayScale, security engineers earn an average annual salary of $94,730.
- Required Education: Bachelor's degree required, master's degree helpful
- Average Annual Salary for Security Engineers: $94,730
- Get more information on cybersecurity engineer jobs
Security Manager
As high-level professionals, security managers oversee the operations of their organizations' information security issues. They typically supervise IT administrators, analysts, and other staff who implement security measures. Typical duties may include hiring new staff, evaluating security plans, preparing budgets, and developing polices.
Security managers must possess excellent managerial, communication, and IT skills. They often start out as information security analysts, network administrators, or security administrators before becoming security managers. Security management positions typically require at least five years of experience.
Security managers usually need at least a bachelor's degree in a field like cybersecurity, information assurance, or IT. High-level positions often require a master's degree in a field such as cybersecurity or IT. Reflecting their high level of responsibility, security managers earn a mean annual salary of $112,109, according to PayScale.
- Required Education: Bachelor's degree required, master's degree needed for some top positions
- Average Annual Salary for Security Manager, IT: $112,109
- Read more about a cybersecurity manager's salary, daily duties, etc.
Security Software Developer
Security software developers create new technologies for programs and applications. They integrate security protocols into existing programs and applications to ensure software security. Security software developers must possess an advanced understanding of all aspects of software development as they often participate in the entire lifecycle of development.
Their specialized knowledge spans IT security, computer system and network analysis, software design, and programming languages. They may work as members of a software development team or independently. Employers may include government agencies, nonprofit groups, and private businesses.
Education requirements include a bachelor's degree in software engineering, computer science, or a related field. Many security software developers start their careers as general software developers and specialize in security software development over time. Industry certifications, like the global information assurance certification, can offer career benefits to security software developers.
- Required Education: Bachelor's degree required
- Average Annual Salary for Security Software Developers: $73,460
- Get more details on security software developers
Security Specialist
Security specialists monitor existing security infrastructure to make sure their organizations remain safe from cyberattacks. Job duties include suggesting period improvements, running system checks, and researching potential new risks. Security specialists also test software permissions and firewalls, analyze network structures, and make recommendations to management.
Specific job duties vary, but security specialists typically need problem-solving, critical thinking, and communication skills. They must also understand computer programming languages, computer system analysis, and network and computer infrastructure.
Most positions require a bachelor's degree in computer science or a related field at minimum. Those with experience in a specific industry, like healthcare or banking, may stand out from other applicants seeking work as a security specialist in that field. Another way to expand career opportunities involves seeking security certifications like CompTIA Security+ or certified wireless network professional.
- Required Education: Bachelor's degree required
- Average Annual Salary for Information Security Specialists:$76,821
- Read more on this cybersecurity specialist's salary, daily duties, etc.
Source Code Auditor
Source code auditors prevent security threats, identify coding mistakes, and eliminate inefficiencies. They also create reports on their findings and make recommendations for changes. Source code auditors examine individual lines of coding to find weaknesses, bugs, and syntax errors. They need expertise in database security, cryptography, networking, and computer forensics.
Typical job duties may include penetration testing, collaborating with web developers and software engineers, and reporting on their findings. These professionals often act as consultants for companies.
Source code auditor positions typically require a bachelor's degree in cybersecurity, computer science, IT, or a related field. Most source code auditors begin their careers as software engineers, programmers, or web developers; they typically qualify for source code auditor roles after 2-3 years of experience. Earning certification in software security, penetration testing, or incident handling may increase job opportunities.
- Required Education: Bachelor's degree required
- Average Annual Salary for IT Auditors: $69,449
- Read more about source code auditing cyber jobs
Vulnerability Assessor
Vulnerability assessors find weaknesses in computer systems and applications. They often present their findings in a formal vulnerability assessment that businesses can consult when making corrections or improvements. Required skills include mastery of multiple operating systems, computer hardware and software systems, and security frameworks.
Typical job tasks include creating a vulnerability assessment database, offering training for systems and network administrators, tracking vulnerability metrics over time, and testing custom scripts and applications. As a highly specialized career, it can be difficult to find salary estimates for vulnerability assessors. However, PayScale reports a $102,500 average annual salary for security assessors.
Junior vulnerability assessors may only need an associate degree and a few years of IT security experience. However, mid- and high-level positions usually require a bachelor's or master's degree and significant professional experience. Specific degree requirements vary by position and employer.
- Required Education: Associate degree required, bachelor's degree or master's degree may be helpful
- Average Annual Salary for Security Assessors: $102,500, based on available data
- Get a better understanding of this important cybersecurity job
Best Locations for Jobs in Cybersecurity
The state and city where a professional chooses to live can affect salary and career outlook in the cybersecurity field. For example, densely populated major cities typically feature higher costs of living but offer higher salaries than more rural areas.
The presence of certain high-paying and top-employing industries also impacts the outlook for cybersecurity jobs in different locations. Cities with large IT, healthcare, and finance sectors may need to hire more skilled cybersecurity experts. The tables and map below outline the annual mean wage by state for information security analysts. Because individual cybersecurity jobs include so much specialization, the Bureau of Labor Statistics (BLS) only highlights one cybersecurity career: information security analyst.
Information security analysts earned a median annual salary of $103,590 in 2020, making this career more lucrative than many others in the cybersecurity field. Typical job duties for information security analysts mirror those of many other cybersecurity positions, including installing and using software, detecting security breaches, researching IT security trends, and recommending security enhancements.
Top-Paying Cities for Key Cybersecurity Careers
Annual Mean Wage by State for Information Security Analysts
| Top-Paying States | Annual Mean Wage | Employment |
|---|---|---|
| California | $125,990 | 10,470 |
| New York | $125,920 | 6,450 |
| New Jersey | $123,280 | 4,000 |
| District of Columbia | $119,460 | 1,810 |
| Virginia | $116,920 | 16,160 |
Employment by State for Information Security Analysts
| Top-Employing States | Employment | Annual Mean Wage |
|---|---|---|
| Virginia | $116,920 | 16,160 |
| Texas | $113,400 | 13,410 |
| California | $125,990 | 10,470 |
| Florida | $95,190 | 7,600 |
| Maryland | $111,310 | 7,090 |
Key Industries for Cybersecurity Jobs
Since organizations of all kinds increasingly rely on computer networks and systems for their everyday operations, cybersecurity graduates can find careers in nearly any industry. However, some industries employ larger numbers of professionals and offer better compensation than others. Cybersecurity job requirements, titles, salaries, and duties may differ considerably between industries. Cybersecurity graduates should research the career and salary expectations typical for different industries prior to accepting a job offer.
The top employing industry for information security analysts is computer systems design and related services. Other major industries for information security analysts include management of companies and enterprises; credit intermediation and related activities; management, scientific, and technical consulting services; and insurance carriers.
Top-paying industries for information security analysts include nonresidential building construction, semiconductor and other electronic component manufacturing, legal services, and automotive repair and maintenance. Another top-paying industry for information security analysts is finance. The tables below outline the top industries for information security analysts in further detail.
Annual Mean Wage by Industry for Information Security Analysts
| Top-Paying Industries | Employment | Annual Mean Wage |
|---|---|---|
| Electronic Shopping and Mail-Order Houses | $132,150 | 330 |
| Other Information Services | $131,050 | 680 |
| Semiconductor and Other Electronic Component Manufacturing | $128,330 | 790 |
| Automotive Repair and Maintenance | $127,150 | 40 |
| Legal Services | $125,980 | 660 |
Employment by Industry for Information Security Analysts
| Top-Employing Industries | Employment | Annual Mean Wage |
|---|---|---|
| Computer Systems Design and Related Services | $108,910 | 36,280 |
| Management of Companies and Enterprises | $104,960 | 13,330 |
| Credit Intermediation and Related Activities | $110,490 | 10,880 |
| Management, Scientific, and Technical Consulting Services | $110,440 | 7,410 |
| Insurance Carriers | $103,230 | 5,450 |
Top Online CyberSecurity Programs
Explore programs of your interests with the high-quality standards and flexibility you need to take your career to the next level.
Major Employers With Cybersecurity Jobs
- Lockheed Martin: A global security, defense, advanced technologies, and aerospace company, Lockheed Martin employs 110,000 people. The company engages in research, design, manufacturing, and development of advanced technology products, systems, and services. Cybersecurity graduates can find jobs at Lockheed Martin as cybersecurity engineers, classified cybersecurity senior staff, cyber systems security engineers, and defensive cyberspace operations analysts.
- Apple: A global technology company, Apple ranks among the world's biggest tech companies. Some of its biggest successes include the iPhone, iPad, Mac personal computer, and iTunes media player. Cybersecurity professionals can find many roles at Apple, including as network security engineers, information security infrastructure software engineers, senior security researchers, and Apple information security specialists.
- Patient First: An American chain of urgent care centers, Patient First treats and diagnoses walk-in patients that exhibit ailments. Relevant cybersecurity jobs at Patient First include a variety of roles related to securing sensitive patient health and financial information. Potential job titles may include data security administrator, computer specialist, and health data security analyst.
- Capital One: One of the largest banks in the U.S, Capital One offers credit cards, banking, savings accounts, and car loans. Its reputation as a technology-focused financial institution emphasizes its need for cybersecurity specialists, who make sure that the company's financial data stays secure.
- Cisco: A multinational technology company, Cisco develops and sells software, networking hardware, and telecommunications equipment. The company specializes in areas like the Internet of Things, energy management, and domain security. Potential cybersecurity jobs at Cisco include IT network and security engineer, cyber network engineer, and cybersecurity network engineer.
- Northrop Grumman: An American defense and aerospace technology company, Northrop Grumman ranks among the largest military technology providers and weapons manufacturers in the world. The company needs skilled cybersecurity professionals to ensure that their proprietary and classified information remains secure.
Learn More About How to Get a Job in Cybersecurity
Frequently Asked Questions About Cybersecurity Jobs
How do I get a job in cybersecurity?
Earning a bachelor’s degree in cybersecurity, computer science, or a related field prepares students for most entry-level cybersecurity careers.What should I study for a career in cybersecurity?
Prospective cybersecurity professionals should study areas like cybersecurity, computer science, or a related field. Most cybersecurity employers require a bachelor’s degree at minimum, but many prefer applicants with a master’s degree.How much can you make with a bachelor’s in cybersecurity?
Earning a bachelor's degree in cybersecurity gives students the knowledge and practical skills needed for a variety of well-paying jobs. PayScale reports an average annual salary of $72,000 for those with a BS in cybersecurity.What are the best entry-level cybersecurity jobs?
Some of the top entry-level cybersecurity jobs include information security analyst, computer network analyst, security software developer, and security specialist.How much does cybersecurity pay?
Salaries for cybersecurity jobs vary by position, education, experience, and industry, but typical cybersecurity jobs pay significantly more than the national median.Recommended Reading
Take the next step toward your future.
Discover programs you’re interested in and take charge of your education.