Great pay in a growing field
Median annual salaries in cybersecurity, according to U.S. News & World Report:
Information security analyst: $70,000
Information technology auditor: $71,800
Forensic computer analyst: $76,200
Security consultant (computing/networking/IT): $81,300
Information assurance engineer: $89,700
Security director (computing/networking/IT): $118,300
Meet Kevin M. Stoffell, CISSP-ISSAP, ISSEP, ISSMP, CISA, CEH, CSEP, PMP.
All that alphabet soup shows that when it comes to securing computer software, networks and machines, Stoffell knows his stuff. A former Marine Corps major, he’s practically a walking advertisement for the technical certifications that go with a career in cybersecurity.
“If you want to work in certain areas, these certifications become the minimum standard. It’s what gets you the foot in the door,” Stoffell said.
But certifications are only half the story. For those looking to launch a serious career in cybersecurity, a bachelor’s degree has become the bare minimum.
Whatever income you might earn with a handful of certifications, a bachelor of arts degree will “double that, if not triple it,” said Gwen Britton, executive director of online science, technology, engineering and mathematics, or STEM, programs at Southern New Hampshire University. “You are just in a much better position to start at a higher salary and move up the food chain.”
That might help to explain the rapid growth of bachelor’s and master’s offerings in the field.
Take, for instance, American Military University, whose Bachelor of Science in Information Systems Security teaches fundamental skills in assessing, managing and protecting digital information and systems. The school’s online master’s program takes those skills the next level.
One highly visible player has been the University of Maryland University College, whose online cybersecurity bachelor’s and master’s programs have more than doubled in the last two years to more than 5,000 students. In addition to its online offerings, the school operates on 130 military installations worldwide.
“Government agencies and private-sector companies see veterans with cybersecurity degrees and certificates as especially attractive job candidates because they come with the skills that are in demand, as well as a security clearance that can make it easier for the employer to put them to work,” said UMUC Provost Marie Cini.
A military background carries special weight among military contractors. At the contractor job board Exfederal.com, some 45 percent of candidates working in cybersecurity have military experience, one-third of them active military looking for jobs as they are preparing to separate.
“I tell people: Certifications are not the name of the game, not the be-all and end-all. In today’s world, no matter what you are looking at, they want a bachelor’s degree,” said Morris Fulcher, associate dean of CIS & networking for Baker College of Flint, Mich.
For those considering the degree route, definitions can be helpful, as the term “cybersecurity” tends to cover a range of IT functions.
Security analyst: Assesses vulnerabilities in software, hardware and networks. Looks for damage caused by security incidents and recommends solutions.
Security administrator: Manages security systems across an organization.
Security software developer: Ensures software is appropriately hardened against attack, and may also develop security-specific software.
Chief information security officer: This is a higher-level job overseeing entire networks and IT security staffs.
Given the broad range of possible cybersecurity functions, the natural question arises: Which degree to pursue?
Stoffell chose a broad approach. In addition to piling up certifications, he earned an undergrad degree in computer engineering from the University of South Carolina and a master’s in electrical engineering with an emphasis on computing at the Naval Postgraduate School.
“There are multiple ways to enter the security field,” he said. “You have to understand the technology, but you also have to understand the bigger-picture stuff. You need the technology, but you also need the management skills.”
Along these lines, Britton suggests that an undergraduate major in information technology may be the strongest starting point. “It’s a good way to get a feel for what IT is overall, and not just what the security layer is going to look like. You first want to understand all the underlying technology stuff before you look at security,” she said.
How to select among the many such programs available? At the University of Washington Tacoma, Institute of Technology Director Rob Friedman recommends veterans look for an institution that is part of the National Centers of Academic Excellence sponsored by the National Security Agency and the Homeland Security Department.
While participation in one of the 130 centers does not guarantee a job, it does help employers make a first cut when hiring for cybersecurity. “There are companies that will look at this as a stamp of approval,” Friedman said.
And what about those certifications? Short answer: They probably won’t get you a job, but they can help open doors and may mean a few extra bucks at the end of the day.
Some of the most recognized certifications come from industry associations and cover a broad swath of knowledge. CompTIA Security+, for instance, is seen as a basic recognition of overall security knowledge.
Then there are vendor-specific credentials — certifications from Microsoft, Cisco and other major players. Few cybersecurity professionals recommend investing time and money just to put these on a résumé. Rather, a cybersecurity professional usually will pick these up as on-the-job enhancements. “A lot of the time, you won’t really have a need for those unless you are already employed,” Britton said.
Cybersecurity is a complicated landscape. With degrees and certifications and specializations, there’s a lot to digest. For those angling for a foothold, Stoffell offers this advice: Start with a human connection.
“The best thing to do is to find a mentor in the industry — someone who has the job you want,” he said. “Sit down with them and just talk about their experiences.”