8 Myths About Cybersecurity Careers
Written by: University of Tulsa • Dec 8, 2023
Is cybersecurity a good career? The definitive answer is yes. No company or industry is safe from emerging threats to digital security. Microsoft, NewsCorp, Cash App and the Red Cross – these are just some of the major organizations that cyberattacks have targeted in 2022. In many cases, the attacks were successful.
Employers are investing heavily in cybersecurity due to increasing incursion rates coupled with an ongoing talent shortage. Nationwide, there are currently more than 700,000 open positions for cybersecurity professionals and technology workers with related cybersecurity skills. The U.S. Bureau of Labor Statistics (BLS) predicts roles such as information security analyst will be among the fastest-growing job titles in the United States in the coming decade. Organizations across sectors are searching for qualified cybersecurity engineers, cybersecurity analysts, computer systems security specialists and security architects with degrees such as the Master of Science in Cyber Security from The University of Tulsa.
Contrary to popular belief, you do not have to be a lifelong hacker or expert programmer to respond to this high demand or have an established cybersecurity career. These and several other myths about cybersecurity jobs keep talented and ambitious IT and computer science professionals from stepping onto a career path with advancement opportunities, job security and high earning potential. This article debunks some common misconceptions to help you understand how a cybersecurity degree program such as TU’s can jumpstart your career.
Why is cybersecurity a good career pathway? ¶
There are many ways to define career success. Most people describe a good career as one they find enjoyable that also provides a stable income, benefits, learning opportunities and room for growth. The cybersecurity field offers these benefits and more for professionals with the proper training.
For those interested in computer networks, data protection, IT security or risk management, confronting cybersecurity challenges can be an engaging and rewarding way to earn a living. Because cybercrime and data breaches are so pervasive, there are career opportunities along many paths in cybersecurity. Because attacks happen in all sectors, cybersecurity professionals can explore industries they may not have thought possible.
There is plenty of room for specialization in cybersecurity for those who are interested in protecting certain types of digital assets or have backgrounds in specific areas of IT infrastructure. According to the National Initiative for Cybersecurity Careers & Studies, there are more than 30 specialty areas within the field, and the potential to transition into more specialized jobs increases as you move beyond entry-level positions.
Currently, there are more than 598,000 cybersecurity job openings in the private sector and 39,000 cybersecurity positions in the public sector. The federal government is actively looking for cybersecurity experts to combat what Jeanette Manfra, former assistant director for cybersecurity for the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), has called “a national security risk.”
According to the (ISC)² Cybersecurity Workforce Study, 65% of organizations had cybersecurity staff shortages in 2021. Keep in mind, however, that not just anyone can break into the workforce. These shortages exist because there aren’t enough professionals with the cyber skills necessary to respond to threats. Organizations need to be sure they are entrusting sensitive data to the right people, so advanced cybersecurity education pays off in the long run.
Some people are drawn to cybersecurity careers because of the salary potential. The average salary in the field is around $90,000, but specialists may earn anywhere from $65,000 to $145,000, with earning potential varying by location, industry and skill. In addition to earning a master’s degree, the best way to increase the salary premium for a cybersecurity career is by seeking specializations in public cloud security, automation and AI and other in-demand cybersecurity skills.
Job opportunities continue to expand in cybersecurity. Don’t let the following myths keep you from pursuing a cybersecurity career.
Myth #1: It’s too late to launch a career in cybersecurity ¶
If you are a mid-career professional in IT and looking to transition into cybersecurity, you may be thinking one of two things. One, that you’re too far along in your career to learn new cyber skills or two, that the cybersecurity industry is already oversaturated and you missed the boat. Both of these assumptions are incorrect.
First, the cybersecurity field is still relatively new. There are very few people with extensive backgrounds in cybersecurity, and with the confirmed skills shortage in the U.S., the field is far from oversaturated. Many people in the field transition from other areas of IT or computer science. According to a 2019 Carnegie Mellon Software Engineering Institute (SEI) survey, 58% of working cybersecurity professionals had previous work experience in information technology, software development or engineering. “This related job experience is transferable and may be a contributing factor in hiring or promotion processes,” reads a report issued by SEI and the U.S. Department of Homeland Security.
Second, cybersecurity is a rapidly evolving field. Everybody in the industry needs to keep up with quickly evolving technology and new cyber attack strategies, no matter how long they have been working. Tulsa’s online learning experience includes interviews with industry professionals who speak to current trends in computer security, cryptography and cybercrime. Students also role play as advisors to a fictitious company experiencing a cyber breach. Those who attend the annual Tulsa Cyber Summit further develop their understanding of the latest trends and developments shaping information, system and network security. Cumulatively, this real-world-informed experience helps students get a feel for what they will be doing after graduation, so they enter the field confidently ahead of the curve.
Myth #2: It takes a long time to learn cybersecurity skills ¶
Foundational cybersecurity skills in software security, malware, keylogging, data loss and privacy do not take long to learn. At The University of Tulsa, students learn these basics in one course called Foundations of Cyber Security. From there, they build on their knowledge to learn new skills in operating systems, computer architecture, wireless networks, IoT technologies, blockchain and more.
Cybersecurity capabilities are not limited to technical or hard skills. Cybersecurity professionals should also be critical thinkers, attentive and organized. Participating in group projects, facilitating online communication and juggling a full-time job alongside online study all help cybersecurity master’s students develop the skill sets they need to succeed in the industry.
TU’s program lasts as little as 20 months. The program equips students with the skills they need to enter the workforce and continue adapting. Graduates secure jobs at high-profile companies such as Amazon, CymSTARGoogle, GPSG, Hilti, Instagram and Pacific Northwest National Laboratory.
Myth #3: You have to be a hacker to work in cybersecurity ¶
You might have the Hollywood version of a cybersecurity specialist in your head – the stereotypical tech junkie who sits for hours behind a computer and can “hack the mainframe” with a few stealthy passes over a keyboard. It’s true that some hackers and cybercriminals do transition into ethical hacking work, but you don’t have to be a hacker to excel in the cybersecurity field. The ability to protect against security breaches by identifying system weaknesses and implementing security measures involves a different set of cybersecurity skills.
Only some cybersecurity specialists, e.g., penetration testers and auditors, have to simulate cyber attacks, and they need to understand how to breach a system from the outside. Other cybersecurity professionals secure digital assets and systems and need skills related to defensive cybersecurity, economics and ethics in cybersecurity and high-assurance information system design.
Different skills help cybersecurity specialists fill roles in four high-level cybersecurity categories: engineering, testing/auditing, incident response and oversight. In the engineering subset, a network security engineer, for example, should be very familiar with firewalls and other forms of security to protect against threats. Soft skills are essential in oversight roles, such as Chief Information Security Officer (CISO), because specialists in this position need to be able to communicate with non-technical executives, lead diverse teams and set strategic goals.
Myth #4: Only some people can get cybersecurity jobs ¶
It’s true that cybersecurity, like many IT fields, is still male-dominated. In 2019, women held just 20% of cybersecurity jobs, according to Cybersecurity Ventures. But the future of equality in cybersecurity is promising, thanks to organizations such as WiCyS, which are improving women and minority representation in the field. In 2021, the number of women in cybersecurity increased to 25%.
On top of being ethical, diversity can be profitable. Research has shown that diverse companies out-earn their competitors. James Hadley makes a sound argument for TechCrunch that diversity is imperative in cybersecurity because it gives defensive teams an edge against attackers. “In cybersecurity, where success often relies on doing the unexpected, diversity of thought is a valuable weapon,” Hadley writes. “If the defensive team is standardized, but the attack group is diverse, it has a larger pool of perspectives from which to draw.”
More work is needed when it comes to diversity in cybersecurity. It’s up to companies and educational institutions to make an effort to diversify their talent. An Aspen Tech Policy Hub estimated that only 4% of cybersecurity workers in 2021 self-identified as Hispanic and 9% as Black. If you are a member of an underrepresented population, don’t let underrepresentation deter you from seeking out advanced cybersecurity skills.
Myth #5: You have to be a math wizard to work in cybersecurity ¶
You do not have to be a mathematical genius to enter the cybersecurity field. TU only requires calculus-level mathematics as a prerequisite for admission in the online M.S. in Cyber Security program. If you don’t meet that requirement, you can take a Coursera class to catch up and qualify.
You will have to do some math at some point in your cybersecurity career. Whether that means identifying risk statistically or using constraints and variables to code, most cybersecurity professionals with university or even high school level math skills can get along well in the field. Keep in mind that there are also several subsets and specialties in cybersecurity, and how much you want to use math can determine which you enter. For example, a cryptographer uses more math than a cybersecurity manager, whose job requires more interpersonal and organizational skills.
Myth #6: Cybersecurity specialists must know several programming languages ¶
While it is helpful to know some of the basics of at least one programming language, such as Python, many entry-level cybersecurity roles do not require any programming skills. You can enter the field without knowing how to code and learn it along the way.
Again, it’s important to remember the difference between a cybersecurity professional and an ethical hacker or a security software programmer. The latter are much more specialized, whereas in cybersecurity, many career roles use managerial and communications skills more often than coding and programming.
In TU’s online M.S. in Cyber Security curriculum, students can choose between technical or leadership electives. For example, in the leadership elective Cybersecurity Law & Politics, students learn data security regulation, security breach law, cybersecurity litigation and more.
Myth #7: All cybersecurity jobs are at tech companies ¶
This myth might be the most inaccurate of them all. Now that virtually every industry utilizes online platforms, cloud-based applications and data storage, cybersecurity skills are industry neutral. Cybersecurity professionals are in-demand universally because organizations across sectors are vulnerable to attack. Cyber threats target health care systems, financial institutions, workplaces’ internal computer networks, retail corporations, physical infrastructure and governmental institutions. Even small businesses are beginning to feel the heat when it comes to cybercrime.
Consider the SolarWinds software hack – a massive 2020 cyber attack that threatened more than 18,000 Fortune 500 companies and federal agencies. The attack motivated the federal government to double down on cybersecurity training and hiring efforts. The Department of Homeland Security’s Cyber Talent Management System is hiring for 150 priority roles throughout 2022. Companies across industries are similarly prioritizing cybersecurity. Ninety percent of respondents to an IronNet survey from the technology, financial, public service and utility sectors said they had made efforts to improve cybersecurity in the years since the SolarWinds attack.
Cybersecurity skills are also crucial in many jobs without cybersecurity in the title. According to Burning Glass Technologies, “cybersecurity is a task built into other IT jobs, such as network administrator. Overall, these ‘cyber-enabled’ jobs form the majority (56%) of all cybersecurity-related openings.”
Myth #8: You need a bachelor’s degree in cybersecurity ¶
Fact: there aren’t enough bachelor’s programs in cybersecurity to meet the demand for well-trained professionals. Graduate programs that welcome applicants with bachelor’s degrees and professional experience in other disciplines are helping ease the cybersecurity talent shortage. To compensate for skills gaps, many companies are hiring and training internally or offering their employees funding to get certifications or master’s degrees.
The online M.S. in Cyber Security program at The University of Tulsa is open to students with any bachelor’s degree from a regionally accredited institution or recognized equivalent outside the U.S. It is an excellent choice for students with backgrounds in IT, computer science or other technical fields who want to transition into cybersecurity or early-career professionals who want to advance in their cybersecurity careers.
Tulsa was one of the first 14 institutions recognized by the federal government as a Center of Academic Excellence in Information Assurance Research and Cyber Operations. Graduates work in the private sector, public sector and academia and earn an average of $95,000 per year with the TU M.S. in Cyber Security degree. For this and other reasons – including the university’s esteemed faculty – U.S. News & World Report ranks The University of Tulsa among the top 25 universities for excellence in cybersecurity higher education programs.
In programs like Tulsa’s, the field of cybersecurity opens up to professionals from various demographics and backgrounds. You do not have to be a math whiz, a hacker or a technology professional to apply. And you don’t have to transition into tech after you graduate. You will learn diverse, interdisciplinary cybersecurity skills – including managerial and leadership skills – applicable in various industries and grow into a rewarding career that will last a lifetime.
TU offers funding opportunities specifically geared toward veterans who want to pursue higher education. Veterans can also receive one-on-one help in navigating enrollment, benefits and financial aid and may even be eligible for fully paid tuition.