Cyber Security Career Roadmap: From Junior to Senior Roles

Table of Contents

• 3 Key Traits of Cybersecurity Professionals
• The Cyber Security Career Path
• 2 Tips for Climbing the Cybersecurity Career Ladder
• Can You Learn Cybersecurity at a Bootcamp?
• 3 Tips to Future-Proof Your Cyber Security Career

Cybersecurity is constantly evolving as technology advances – and your career in cyber will grow just as quickly! Mark Adams, a cybersecurity expert from Springboard, explains the career path in cybersecurity. He talks about moving up from beginner analyst jobs to higher-level engineering jobs and the typical pay for bootcamp graduates. Plus, Mark explains how Springboard's Cyber Security Bootcamp is equipping students with the skills employers want from cybersecurity analysts and what you should know to succeed in CompTIA certification exams.

Meet the Expert: Mark Adams

• Mark is a curriculum creator and mentor for Springboard’s Cyber Security Bootcamp (which offers a job guarantee!)
• Mark is also a senior manager of IT & security compliance at Superior Energy Services, INC.

3 Key Traits of Cybersecurity Professionals

To become a cybersecurity professional, you need to possess a few key traits. You should have:

• A sense of curiosity and a desire to investigate
• Strong analytical skills
• A passion for learning – both the ability to learn and understand technical concepts as well as the ability to continue learning

The Cyber Security Career Path

The career path in cybersecurity can be broken down into three steps: entry-level, mid-level, and senior-level. 

Typically, entry-level roles are listed as analyst positions, mid-level roles are architect positions, and senior-level roles are engineer positions. 

Some cybersecurity professionals (like myself!) actually kickstart their cybersecurity careers in IT before moving on to entry-level cybersecurity analyst positions. IT positions that can be a good first step into cybersecurity, include IT Technician and Desktop Support where you are dealing with software and hardware support. Help Desk or Service Desk positions where you are troubleshooting issues with clients can also be a good place to begin your tech career.

Mark’s Tip: Companies may use the names of cybersecurity positions interchangeably, so make sure to read the cybersecurity job description to determine the skills and level of experience actually needed to apply.

Entry Level Cyber Security Jobs: Cybersecurity Analyst

Cyber security analyst and Security Operations Center (SOC) analyst positions are entry-level cybersecurity jobs. These entry-level positions require 1-2 years of experience. People typically spend 3-5 years in a junior position before moving up to mid-level cybersecurity roles.

What does a cyber security analyst do?

A cybersecurity analyst's responsibilities include: monitoring computer systems, looking for anomalies and potential abnormal events, and then escalating them to resolve those anomalies. An analyst monitors network systems and logs to root out anything of concern after which they route it to the appropriate individual on their team. 

Do cybersecurity analysts need to know how to code?

Cybersecurity analysts do not need to have any programming background. Some analysts may have a programming background, but it is absolutely not a requirement to apply for analyst positions and be effective on the job.

Cyber Security Analyst Salary

The average cybersecurity analyst salary is $89,000, but the entry-level cybersecurity salary range is $75-104K! Keep in mind that salaries are affected by geographical location, personal background, educational experience, professional experience, and military experience.

Mid Level Cyber Security Jobs: Cybersecurity Architect

After working as a cybersecurity analyst for 2-5 years, most cybersecurity professionals move up to mid-level cybersecurity roles as architects. Cybersecurity architect roles include Penetration Tester (also known as Pen Testers), Certified Ethical Hacker, and Threat Hunter. Cybersecurity professionals can expect to spend 5-8 years in mid-level cybersecurity roles before moving on to senior-level roles.

What are the responsibilities of a mid-level cybersecurity professional?

As an architect, mid-level cybersecurity professionals design security systems. They also review, audit, and assess those systems for gaps and then recommend solutions. 

Mid-level cybersecurity professionals are trained to ethically hack into systems. This is done by dividing up into red and blue teams: 

• The red team is the offense. These are Ethical Hackers and Penetration Testers looking for vulnerabilities to exploit and try to break into systems. 
• The blue team is the defense. They work to harden systems by monitoring and keeping out the red team, or by detecting the red team hacking. From this exercise, the blue team is able to recommend solutions to prevent future hackers from being able to breach and exploit a company’s systems.

It’s good to have a healthy knowledge and experience of both blue and red teams, especially if you are looking to become a cybersecurity consultant. 

What technologies should a cybersecurity architect know?

By the time you reach mid-level in your cybersecurity career, you should have familiarity with scripting languages like Python, and understand PowerShell, Perl, and Linux scripting languages. These languages are important for automation and performing assessments. Pen Testers like to use programming to automate their scanning, clean up data, and parse data they can pull back. 

The main concern when hiring mid-level roles is that the scanning tools can take systems down; the number one concern is that they don't want someone to break anything. 

Mid-level cybersecurity salaries

Mid-level cybersecurity professionals, like Pen Testers and Ethical Hackers, can expect salaries around $110K. 

Senior-Level Cyber Security Jobs: Cyber Security Engineer

This is the most advanced level in the cybersecurity career path and on average it takes at least 15 years of experience to reach this level. The most common titles for senior-level cybersecurity roles include Senior Manager of IT & Security Compliance, Director of IT Security, Senior Manager, and Senior Director. A Chief Information Security Officer (CISO) position can be seen as a senior-level or an upper mid-level role.   

What does a cybersecurity engineer do? 

Senior-level roles like cybersecurity engineers are less technical and more strategic. They create security road maps, negotiate and review contracts, and handle vendors. From their previous experience as cybersecurity analysts and architects, they have an understanding of administering systems; they also manage teams to make sure those systems are efficiently monitored. A cybersecurity engineer will often have a programming background.

Cybersecurity engineer salary

Senior-level cybersecurity salaries are typically around $180K - $220K. 

2 Tips for Climbing the Cybersecurity Career Ladder

1. Show initiative! Keep learning by taking courses, writing your own security tools on GitHub, testing your penetration skills on Hack the Box, and getting cyber security certifications. By taking initiative, you will show your employer that you're serious about your cybersecurity career.
2. Network! Your network is a portable asset: no matter where you go, you are always going to have your network with you. But your network does require care and feeding. Reach out to cybersecurity professionals, and ask them about their jobs, certifications, and career path. People are usually willing to share information, plus it could lead to a job down the road. 

If you’re new to the cybersecurity field, find a mentor to support you as you develop your cybersecurity career. 

Can You Learn Cybersecurity at a Bootcamp?

The goal of Springboard’s self-paced, online cybersecurity bootcamp is not to make students experts in 6 months, but to introduce them to key concepts and get them comfortable working in cybersecurity through assignments based on real-world scenarios.

Overall, the bootcamp is a combination of subject-expert approved learning content that includes videos and articles, mini projects and projects, as well as labs hosted by InfoSec Institute. Students will learn the cybersecurity foundational skills and be introduced to today’s newest cybersecurity concepts, tools, and technologies. Weekly mentor calls give students extra support.

The curriculum covers topics related to Windows and Linux, such as how to secure systems, networking technologies, encryption, application security, identity, and access management, asset security, digital forensics, and software testing. Springboard students will learn Kali, Wireshark, EnMAP, Metasploit, Openvas (an open-source security scanner), Python, Perl, and PowerShell. Students will be introduced to new concepts like Zero Trust Architecture as well as ACID test and PCI DSS. 

What kinds of cybersecurity projects will Springboard students work on?

Many of the projects included in the cybersecurity curriculum are based on real-world scenarios that I’ve encountered in my career. Here are a few examples of what students can expect to work on in the bootcamp:

• Design your own home security lab
• Create a security design proposal for a data center
• Create a security operations center (SOC) strategy  
• Write up recommendations for creating secure remote access for an insurance agency who wants to access their cloud information (AWS)
• Security review of a mobile app including delivering a report of the challenges of doing so on Android vs iOS
• Examine the Cyber Kill Chain - research an actual security incident, with references 
• Draft a proposal for creating an IT Asset Management program for a company

Which cyber security certifications are Springboard students prepared for?

Springboard’s cybersecurity program was developed with CompTIA Security+ certification in mind in order to prepare students for launching their careers. Students will be prepared for CompTIA’s Security + certification, and with Springboard’s bonus material, students can begin thinking about adding further certifications to their names, such as CySA+, Network+, and SSCP. 

Is there an ideal student for Springboard’s cybersecurity bootcamp?

Although we do not require previous technical experience to apply to the bootcamp, this program is not for everyone. The students who get the most out of this program will have the capacity to learn as well as a passion for cybersecurity.

3 Tips to Future-Proof Your Cyber Security Career

Cybersecurity is an ever-changing field! Here are 3 tips for staying sharp throughout your cybersecurity career:

1. Don’t limit yourself to only learning about what’s new in technology now. Make sure you learn what’s in demand now. 
2. Keep networking. Join a local chapter of your Information Systems Security Association (ISSA) to stay connected to your peers. Connect with others on LinkedIn. Don’t just follow groups online; be proactive, ask questions, and get to know people!
3. There are so many websites out there about the cybersecurity field, and it can be overwhelming. I recommend having a list of go-to, trustworthy websites that you rely on for the latest updates on the cybersecurity and tech fields. It’s also helpful to keep up with vendor and consultant sites, like Microsoft Azure. My three top online cybersecurity resources are Threat Post, The Hacker News, and Packet Storm Security. 

Find out more and read Springboard reviews on Course Report. This article was produced by the Course Report team in partnership with Springboard. Reserve your spot for Springboard’s Cyber Security Career Track (with a job guarantee!) now.