Cyber Security Career Path

The best way to get a job related to cyber security is to approach it as a job in itself. This means having a specific plan or pathway that you can follow, that gives you the best chance of getting well-paid employment in a field that really excites and tests you.

Having a pathway or plan is simply a way of having a structure or framework that is easy to follow and accomplishes its goals. Below are the eight steps ideally suited to this type of approach, followed by a more detailed breakdown of what these steps involve.

Career Path or Plan.

  • Understand cyber security – risk, protection, survival and recovery
  • Understand the nature of cyber crime
  • Understand the importance of cyber insurance
  • Understand the different cyber security job titles, what they mean and salary levels.
  • Decide what area of work interests you most, including which industry.
  • See what training or relevant experience is needed, and how best to obtain it.
  • How to get a job in cyber security.
  • Personal development.

This path or plan is intended for anyone interested in working in cyber security. This includes people completely new to the field, as well as people already working it. Please use it in any way you find helpful.

When deciding which area of cyber security to work in, there are two main things to consider. Firstly is the type of work or the job areas, and secondly is the type of business or organisation, the more physical environment.

There are numerous cyber security job titles, however, they mostly tend to fall into one of two main categories of work, risk analysis and system architecture.

Risk Analysis or Threat Analysis and Management.

These tend to be jobs that are sharp end of identifying risk, developing strategies to manage risk and helping to deal with the management of any incident that may occur. These roles may overlap to an extent with the second area, but are not normally clearly defined within themselves.

System Architecture and Design

These jobs tend to be involved in the development and implementationof hardware and software programs and systems,including many different networks. They tend to need a wide background of computer skills, often including degrees in computer science and experience in python, linux, github, java etc.

cyber security jobs

Cyber Security Job Market

There are numerous opportunities in the wider job market for people who want to work in cyber security.

These openings can be in government, local authorities, law enforcement, charities / nonprofits, insurance companies and brokers, banks / financial institutions, and a wide range of different professions.

In addition, there are many job openings in companies who act as consultants, whether in risk management or system design, training companies, information security.

Many more job opportunities will arise with the enormous growth of the internet of things, and the implementation of big data policies by governments and institutions.

A more detailed list of the current job market opportunities is listed here – these are indicative only – bear in mind some jobs will be open to foreign nationals if they have requisite skills, or may be remote working.

Getting a job

There is no magic bullet to getting a job in cyber security, but there are a number of things that someone can do that should greatly increase their chances.

First thing is to work through the career path outlined here. This should give you a real sense of what type of work you want to do and where you want to do it.

That puts you in much greater control of your own decision-making process, makes you more focused and ultimately gives you a better chance of getting the job you want.

Applying online.

Many companies have moved the entire application process online, which, like everything to do with the internet, makes it both easier and harder at the same time.

Some companies encourage a CV and / or application letter, others require you to fill in an in-house application form.

Either way it is important to remember that you are essentially selling yourself, but only in the sense of what you can contribute to the business or company.

Look at it from their point of view and think.

  • Is this the sort of person who would fit in with us and work well with us.
  • Could they contribute to our business/company and make a real difference

They are quite difficult questions to answer, but make sure that your CV/application letter is focused and targeted towards the specific company you are applying to, and if possible to a specific person in that company.

cyber security jobs

CV / Resume

People have different opinions as to how a CV or resume should be set out, how long should be, how formal or informal etc. To an extent this depends on the person applying, and the nature of the work or industry.

It is probably fair to say that CV’s shouldn’t be too long, should be clear and focused, and contain certain basic information about the person. Beyond that it is the job of the CV / Resume to get you an interview – to that extent it needs to emphasise what you can bring to the party, from an employers perspective.

Drafting a CV / Resume can a bit daunting and often getting someone else to draft it can be a really good idea, as they bring a degree of objectivity to it. There are a number of people on sites such as Fiverr who specialise in CV/resume drafting and they may well be worth checking out.

As with all things internet, be careful about how much personal information you share with someone online, and who you share it with.

In-house application form.

Many charities and nonprofits use some type of application form, broken down into areas such as person specification, job specification etc. The application form will be broken down into a number of very specific questions, and the candidate will be asked to use their experience to answer the question and demonstrate their capability to meet the criteria assigned to the particular role.

There is no doubt that many people find these in-house application forms more difficult to answer than a normal application form. The important thing is to understand the criteria and make sure the answers given meet the criteria asked for, not what the candidate thinks is important.

Psychometric testing.

Many companies use some form of psychometric testing as part of the application process. This is likely to grow significantly with the advance of AI, as many companies believe it can help to narrow down the right type of applicant.

Psychometric testing involves asking the candidate to imagine themselves in a particular scenario, often with work colleagues, and poses a challenge or situation that they are then asked to deal with. These scenarios are normally time sensitive and can be quite tricky to navigate.

The real trick is to practice before the interview. There are many sites online that run practice scenarios for psychometric testing, and getting used to doing them can significantly help people do them more effectively when it comes to a real job application process.

Approaching companies directly.

This is sometimes thought of as a slightly old-fashioned route, but in many industries and professions can still work very well. The principle of understanding the company or business and what it does is even more important than above, as is finding the right person to talk to. If those are established correctly then an informal or formal approach may lead to an interview.

This type of approach is more common in countries such as USA/Canada, then the UK and other European countries, probably reflecting the character and identity of the countries involved.

cyber security jobs


There are a ton of good resources other, probably too many in one sense. It is important to find one or two really good resources that work for you and stick to them.

There are a number of books that can guide you through the process, the best-known probably being What Color is your Parachute, but there are plenty of others around as well.

Try and find some sort of support process. Often there are organisations or small charities that can help people back into work, or find work for the first time. They can be enormously helpful both in a practical sense, as well as providing some type of mentoring, structure etc.

They may have access to areas of voluntary work or training which can often greatly increase the chances of someone getting the job they are looking for.