The abundance of cyberthreats and shortage of skilled professionals, as well as competitive salaries and interesting job descriptions, are some of the reasons why a career in cybersecurity remains an attractive option. We discussed some of these finer points in our recent article that was aimed especially at those of you who wonder whether to join this growing industry.

However, choosing which career path to pursue may prove to be a daunting task, not least because there are so many careers to choose from, each with its specific requirements and skill sets. It's also important to note that not every cybersecurity career needs a university degree, although having one won’t hurt.

If you’re aspiring to join the swelling ranks of infosec professionals, you’ll have to assess what skills you have and what skills you’ll need in order to apply for the position you want. In our second article dedicated to celebrating Antimalware Day, we look at some of the steps you can take while climbing the cybersecurity career ladder.

System administrator

System administrator is actually one of the stepping-stone professions on the way to a cybersecurity career. CyberSeek, a site providing a range of cybersecurity career planning information, classifies the role as a member of the Networking family of feeder roles. This means that system administrators aren’t strictly described as cybersecurity professionals. Sysadmins, however, do need to have stellar knowledge of cybersecurity topics to perform their jobs properly; these ten commandments illustrate just how much cybersecurity impacts their work. While a degree isn’t required, CyberSeek indicates that a Bachelor of Science (BSc.) in network administration is recommended for the role. People who lack the degree but are interested in pursuing these careers can do so by completing various certifications from reputable organizations.

Sysadmins are indispensable for most companies, since they are responsible for the configuration, upkeep, operation, and security of computer systems and servers, as well as troubleshooting problems and providing support to other employees. If you’re seeking to become a system administrator, then some of the top requirements are knowledge of Linux and of major networking hardware, network engineering, and tech support. To be able to transition successfully into cybersecurity, you’d be well advised to add information security and systems, network security, and security operations to your arsenal of skills. Per data from, the average annual salary in the US for a sysadmin is estimated to be around US$62,000.

Incident responder

Cybersecurity or cyberdefense incident responders are responsible for investigating, analyzing, and responding to cyberattacks or cyber-incidents. However, their position isn’t only reactive – they also have to actively monitor systems and networks for intrusions, perform security audits, and develop response plans, as well as be knowledgeable in the company’s business continuity plans if a successful attack occurs. After an attack is over, an incident responder also has to be able to write up an incident report to detail how the attack happened and what can be done now to avoid it in the future.

To become an incident responder, you don’t need a degree; however, having one in cybersecurity or computer science is considered a benefit. Information security, knowledge of Linux, network security, information systems, and project management are among the top skills requested by employers. The position is classified as entry-level and, according to CyberSeek, offers an average annual salary of around US$85,000 in America.

Cyber-forensic analyst

Cyber-forensic specialists can be described as the sleuths of cyberspace. They are responsible for investigating various data breaches and security incidents, recovering and examining data stored on electronic devices, and rebuilding damaged systems to retrieve lost data. Forensic specialists are also expected to help the authorities with assessing the credibility of data and providing expert counsel to legal professionals when electronic evidence is used in a legal case.

RELATED READING: How to catch a cybercriminal: Tales from the digital forensics lab

To become a cyber-forensic specialist, a bachelor’s degree in cybersecurity or computer science is a must; moreover, having a master’s degree in computer forensics is considered an additional benefit. Some of the skills requested by employers include proficiency in computer forensics, knowledge of information security, and the ability to analyze consumer electronics and hard drives. Although the position is classified as entry-level, the salary in the United States is rather competitive, with an estimated annual average of US$93,000.

Penetration tester

Penetration testers are, for all intents and purposes, the antithesis of black-hat hackers. The bread and butter of pentesters is to target systems and find vulnerabilities that can be exploited to gain access into computer systems. However, what sets them apart from their criminal counterparts is that they do this legally (at the behest of their employers) to identify any weaknesses that need to be fixed and strengths that need to be maintained. This allows companies to adjust their cybersecurity accordingly.

The pentester is a mid-level role and requires the prospective candidate to be well-versed in information security and be able to use an assortment of coding languages, such as Java or Python. Per CyberSeek, the average annual salary a pentester can expect is around US$104,000, based on their knowledge and experience. It’s worth mentioning that pentesters can supplement their income by moonlighting as bug bounty hunters; some may even choose to pursue bug hunting as a fulltime career.

Cybersecurity engineer

The reason why the cybersecurity engineer position brings up the rear of this list is that it is the most advanced of the bunch. This role requires at least a bachelor’s degree in either computer science or cybersecurity and the prospective candidate has to have a high level of competency in threat detection, analysis, and protection.

Cybersecurity engineers need to be creative as well as technical, since some of their responsibilities include creating processes that solve production security issues, performing vulnerability tests, and even developing automation scripts that will help in handling and tracking incidents. They’re also responsible for configuring, installing and maintaining security and intrusion detection systems. To manage all of the obligations the role brings, cybersecurity engineers need to be proficient in information and network security as well as have a strong working knowledge of cryptography. The demands of the job are balanced by the offered remuneration, which is on average around US$99,000 in the US.

Pick one, or more

These are just a handful of cybersecurity roles you can choose from, but it’s worth noting that the wonderful thing about the cybersecurity industry is that all of these jobs are interconnected on some level. If you are motivated enough, you can start off as a sysadmin and progress up the cybersecurity ladder until you end up in the role you desire.