COURSE OVERVIEW

This course is the most comprehensive review of information security concepts and
industry best practices, and focuses on the eight domains of the CISSP CBK
(Common Body of Knowledge) that are covered in the CISSP exam. You will gain
knowledge in information security that will increase your ability to successfully
implement and manage security programs in any organization or government entity.

Why take the CISSP Certification Prep Course?

The CISSP exam is challenging, but the benefits are immense. Due to its
comprehensive breadth, CISSP is the de facto certification to show competence in
cyber roles. It’s also one of the top-paying certifications in IT.

This course supports a certification that is a DoD Approved 8570 Baseline

Certification and meets DoD 8140/8570 training requirements.

Global Knowledge is independent of and not affiliated with (ISC)2.

This course provides in-depth coverage of the eight domains required to pass
the CISSP exam:

 Security and Risk Management

 Asset Security
 Security Engineering
 Communications and Network Security
 Identity and Access Management
 Security Assessment and Testing
 Security Operations
 Software Development Security

1. Security and Risk Management

(e.g., Security, Risk, Compliance, Law, Regulations, Business

Continuity)
 Understand and Apply Concepts of Confidentiality, Integrity, and Availability
 Apply Security Governance Principles
 Compliance
 Understand Legal and Regulatory Issues that Pertain to Information Security
in a Global Context
 Develop and Implement Documented Security Policy, Standards, Procedures,
and Guidelines
 Understand Business Continuity Requirements
 Contribute to Personnel Security Policies
 Understand and Apply Risk Management Concepts
 Understand and Apply Threat Modeling
 Integrate Security Risk Considerations into Acquisitions Strategy and Practice
 Establish and Manage Security Education, Training, and Awareness

2. Asset Security (Protecting Security of Assets)

 Classify Information and Supporting Assets
 Determine and Maintain Ownership
 Protect Privacy
 Ensure Appropriate Retention
 Determine Data Security Controls
 Establish Handling Requirements

3. Security Engineering (Engineering and Management of Security)

 Implement and Manage an Engineering Life Cycle Using Security Design
Principles
 Understand Fundamental Concepts of Security Models
 Select Controls and Countermeasures Based Upon Information Systems
Security Standards
 Understand the Security Capabilities of Information Systems
 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs,
and Solution Elements
 Assess and Mitigate Vulnerabilities in Web-based Systems
 Assess and Mitigate Vulnerabilities in Mobile Systems
 Assess and Mitigate Vulnerabilities in Embedded Devices and Cyber-Physical
Systems
 Apply Cryptography
 Apply Secure Principles to Site and Facility Design
 Design and Implement Facility Security

4. Communications and Network Security (Designing and Protecting

Network Security)
 Apply Secure Design Principles to Network Architecture
 Securing Network Components
 Design and Establish Secure Communication Channels
 Prevent or Mitigate Network Attacks

5. Identity and Access Management (Controlling Access and Managing

Identity)
 Control Physical and Logical Access to Assets
 Manage Identification and Authentication of People and Devices
 Integrate Identity as a Service (IDaaS)
 Integrate Third-Party Identity Services
 Implement and Manage Authorization Mechanisms
 Prevent or Mitigate Access Control Attacks
 Manage the Identity and Access Provisioning Life Cycle

6. Security Assessment and Testing

(Designing, Performing, and Analyzing Security Testing)

 Design and Validate Assessment and Test Strategies
 Conduct Security Control Testing
 Collect Security Process Data
 Conduct or Facilitate Internal and Third-Party Audits

7. Security Operations (e.g., Foundational Concepts, Investigations,

Incident Management, Disaster Recovery)
 Understand and Support Investigations
 Understand Requirements for Investigation Types
 Conduct Logging and Monitoring Activities
 Secure the Provisioning of Resources through Configuration Management
 Understand and Apply Foundational Security Operations Concepts
 Employ Resource Protection Techniques
 Conduct Incident Response
 Operate and Maintain Preventative Measures
 Implement and Support Patch and Vulnerability Management
 Participate in and Understand Change Management Processes
 Implement Recovery Strategies
 Implement Disaster Recovery Processes
 Test Disaster Recovery Plan
 Participate in Business Continuity Planning
 Implement and Manage Physical Security
 Participate in Personnel Safety

8. Software Development Security (Understanding, Applying, and

Enforcing Software Security)
 Understand and Apply Security in the Software Development Life Cycle
 Enforce Security Controls in the Development Environment
 Assess the Effectiveness of Software Security
 Assess Software Acquisition Security
 Cybersecurity Foundations

WHAT YOU'LL LEARN

 Increase your awareness of security

 Interpret/analyze tool output for network mapping/footprinting
 Reduce attack surface of systems
 Review networking as it applies to security controls
 Explore different data protection principles
 Examine the role of PKI/certificates in building trusted relationships between
devices in a network
 Implement login security and other identity management solutions
 Reduce attack surface of network devices
 Explore current malware threats and anti-malware solutions
 Explore social engineering threats, methods, and techniques
 Examine software vulnerabilities and security solutions for reducing the risk
of exploitation
 Explain monitoring capabilities and requirements and how those may raise
privacy concerns
 Identify physical security controls and the relationship between physical and
IT security
 Explain incident response capabilities
 Identify legal considerations and investigative techniques when it comes to
cybersecurity
 Research trends in cybersecurity

Classroom Live Outline

1. Cybersecurity Awareness
 What is security?
 Confidentiality, integrity, and availability
 Security baselining
 Security concerns: Humans
 Types of threats
 Security controls
 What is hacking?
 Risk management
 Data in motion vs. data at rest
 Module review

2. Network Discovery
 Networking review
 Discovery, footprinting, and scanning
 Common vulnerabilities and exposures
 Security policies
 Vulnerabilities
 Module review

3. Systems Hardening
 What is hardening?
 Types of systems that can be hardened
 Security baselines
 How to harden systems
 Hardening systems by role
 Mobile devices
 Hardening on the network
 Analysis tools
 Authentication, authorization, and accounting
 Physical security
 Module review

4. Security Architecture
 Security architecture
 Network devices
 Network zones
 Network segmentation
 Network Address Translation
 Network Access Control
 Module review

5. Data Security
 Cryptography
 Principles of permissions
 Steganography
 Module review

6. Public Key Infrastructure

 Public key infrastructure
 Certification authorities
 Enabling trust
 Certificates
 CA management
 Module review

7. Identity Management
 What is identity management?
 Personally identifiable information
 Authentication factors
 Directory services
 Kerberos
 Windows NT LAN Manager
 Password policies
 Cracking passwords
 Password assessment tools
 Password managers
 Group accounts
 Service accounts
 Federated identities
 Identity as a Service
 Module review

8. Network Hardening
 Limiting remote admin access
 AAA: Administrative access
 Simple Network Management Protocol
 Network segmentation
 Limiting physical access
 Establishing secure access
 Network devices
 Fundamental device protection summary
 Traffic filtering best practices
 Module review

9. Malware
 What is malware?
 Infection methods
 Types of malware
 Backdoors
 Countermeasures
 Protection tools
 Module review

10. Social Engineering

 What is social engineering?
 Social engineering targets
 Social engineering attacks
 Statistical data
 Information harvesting
 Preventing social engineering
 Cyber awareness: Policies and procedures
 Social media
 Module review

11. Software Security

 Software engineering
 Security guidelines
 Software vulnerabilities
 Module review

12. Environment Monitoring

 Monitoring
 Monitoring vs. logging
 Monitoring/logging benefits
 Logging
 Metrics
 Module review

13. Physical Security

 What is physical security?
 Defense in depth
 Types of physical security controls
 Device security
 Human security
 Security policies
 Equipment tracking
 Module review

14. Incident Response

 Disaster types
 Incident investigation tips
 Business continuity planning
 Disaster recovery plan
 Forensic incident response
 Module review

15. Legal Considerations

 Regulatory compliance
 Cybercrime
 Module review

16. Trends in Cybersecurity

 Cybersecurity design constraints
 Cyber driving forces
 How connected are you?
 How reliant on connectivity are you?
 Identity management
 Cybersecurity standards
 Cybersecurity training

17. Course Look Around

 Looking back
 Looking forward
 Planning your journey

Classroom Live Labs

Lab 1: Explore HR Security

Lab 2: Interpret Scanning Results
Lab 3: Harden Servers and Workstations
Lab:4 Security Architecture
Lab 5: Protect Data
Lab 6: Configure a PKI
Lab 7: Manage Passwords
Lab 8: Explore Hardening Recommendations and Known Vulnerabilities
Lab 9: Detect Malware
Lab 10: Social Engineering
Lab 11: Privilege Escalation
Lab 12: Monitor a System
Lab 13: Implement Physical Security
Lab 14: Incident Response
Lab 15: Review Legal Considerations

PREREQUISITES

 TCP/IP Networking or equivalent knowledge

 Understanding Networking Fundamentals
 TCP/IP Networking

WHO SHOULD ATTEND

 Network professionals looking to advance their knowledge and explore Cybersecurity as a career path
 Executives and managers looking to increase their ability to communicate with security professionals and
implement a robust security solution at the organizational level
 Individuals wants to improve their understanding of Cybersecurity fundamentals, including threats,
mitigating controls, and organizational responsibilities

COURSE OVERVIEW

In this cybersecurity course, you will gain a global perspective of the

challenges of designing a secure system, touching on all the cyber
roles needed to provide a cohesive security solution. Through lecture,
labs, and breakout discussion groups, you will learn about current
threat trends across the Internet and their impact on organizational
security. You will review standard cybersecurity terminology and
compliance requirements, examine sample exploits, and gain hands-on
experience mitigating controls. In a contained lab environment, you
will work with live viruses, including botnets, worms, and Trojans.
In 2020, Cyber Security degrees are more popular than ever. Living in
the digital age means hackers and cyberterrorists have endless
opportunities to exploit individuals, government institutions, and even
large companies.

To defend against cyber attacks and security breaches, top

organisations are willing to pay a lot for cyber analysts who can
protect their data and remove vulnerabilities.

Find Masters in Cyber Security

But is a Cyber Security degree right for you? In order to help you figure
it out, we’ll go through everything there is to know about Cyber
Security, and all the major questions future prospective students ask
before deciding to study a Bachelor's or Master’s degree in Cyber
Security:

 What is Cyber Security?

 What will I study during a Cyber Security degree?
 What's the duration of Cyber Security degrees?
 What are the admission requirements for IT Security courses?
 What are the best Cyber Security schools in 2020?
 What are the tuition fees for Cyber Security studies?
 Can I study Cyber Security degrees online?
 Cyber Security scholarships, internships, and hacking contests
 Cyber Security jobs and how much do Cyber Security experts make
 What are some recent trends in Cyber Security? 

Advice from a Cyber Security expert

To give you the best insights about what it means to study Cyber
Security and advance to a Cyber Security career, we’ve contacted an
expert in the field: Bogdan Botezatu, Senior E-threat Analyst at
Bitdefender.

According to his own description: “when he is not documenting

sophisticated strains of malware or writing removal tools, he teaches
extreme sports such as surfing the web without protection or rodeo
with wild Trojan horses.

He believes that most things in life can be beaten with strong

heuristics and that anti-malware research is like working for a secret
agency: you need to stay focused at all times, but you get all the glory
when you catch the bad guys.”
What is Cyber Security?

Cyber Security study programmes teach you how to protect computer

operating systems, networks, and data from cyber attacks. You’ll learn
how to monitor systems and mitigate threats when they happen.

This is an oversimplification of IT security degrees’ curricula. Each

module will have a certain focus, but the overall goal is to help you
develop the computing skills needed to prevent attacks and protect
people’s data and privacy.

What will I study during a Cyber Security degree?

Because IT Security is still a relatively young discipline, universities

and colleges are still figuring out which is the best approach for their
degrees. Study programmes and curricula in Cyber Security are
different.

Some might focus more on programming, while others place more

emphasis on digital forensics, security policies, or broad aspects of
Cyber Security. According to the NSA’s 2014 Academic Criteria, IT
Security degrees should include classes on:

 Basic Data Analysis

 Basic Scripting or Introductory Programming
 Cyber Defense
  Cyber Threats
 Fundamental Security Design Principles
 Information Assurance Fundamentals
 Intro to Cryptography
 IT Systems Components
 Networking Concepts
 Policy, Legal, Ethics, and Compliance
 System Administration

More advanced modules, especially those at Master’s degree level,

can help you specialise in complex topics like Forensic Accounting,
Cloud Computing, Cryptography, etc.

When looking at Cyber Security degrees, you should keep an eye on

the curriculum of each programme. Make sure they include
programming courses and choose the ones that offer hands-on
experience, which is invaluable both for you and for future employers.

According to Bogdan: “Right now, people new to cyber-security have

way more options - interactive classes with extremely skilled tutors,
internships in well-established cyber-security companies, local
conferences and cyber-security talks.”

However, he goes on saying that “back in my day - and to some extent

even now – Cyber Security was not something you'd learn in school.
The curriculum is great in terms of teaching algorithms and
programming, but not that much with Cyber Security and reverse
engineering. These are skills that I learnt outside classrooms, thanks
to the power of the Internet.”

This means that while Cyber Security degrees are a great starting
point, they will not teach you everything you need to know about this
field. Keep an open mind and develop your skills outside the academic
environment as well.
What's the duration of Cyber Security degrees?

 Bachelor’s degrees in Cyber Security  take 3 or 4 years in most countries.

 Master’s courses in Cyber Security take between 1-2 years to complete.
 PhD programmes in Cyber Security last 3-5 years. Some only take 1 or 2
years, but they are less common.

What are the admission requirements for IT Security courses?

Admission requirements at Cyber Security schools will vary from one

university to another, so always check the official page of your study
programme. That being said, these are the most common academic
requirements:

For Bachelors in Cyber Security

 English language certificate: IELTS (minimum 6.0) or TOEFL (minimum 70)

 Academic transcript of grades or minimum GPA of 3.0
 Two letters of recommendation
 Personal statement of academic intent
 Online interview

For Masters in Cyber Security

 English language certificate: IELTS (minimum 6.5) or TOEFL (minimum 75)

 Bachelor’s degree in Computer Science, Cyber Security, or a related field
 Minimum GPA (established by each university individually)
 Motivation letter
What are the best Cyber Security schools in 2019?
Universities and colleges are still perfecting their Cyber Security
curricula, and that’s why study programmes are getting better every
year. With this in mind, let’s have a look at some of the best Cyber
Security schools in the world in 2019:

 Georgia Institute of Technology, in the US

 Abertay University, in the UK
 SRH Hochschule Berlin, in Germany
 University of Winnipeg, in Canada
 Purdue University, in the US

What are the tuition fees for Cyber Security studies?

 For Bachelor’s degrees in Cyber Security, tuition fees start at around 1,000
EUR and can reach over 30,000 EUR/academic year
 For Master’s degrees in Cyber Security, tuition fees vary between 1,500 –
40,000 EUR/academic year

You don’t have to pay huge amounts of money to get a good education
in this field. There are countries where top universities offer
quality Bachelors and Masters in IT Security for low tuition fees or
even for free. Here are some of the countries with affordable Cyber
Security programmes:

 Cyber Security in Estonia

 Cyber Security in Sweden
 Cyber Security in the Netherlands
 Cyber Security in Australia

Can I study Cyber Security degrees online?

Studying an online Cyber Security degree is a great option for

prospective students who also have other commitments, like a part-
time or full-time job. This allows you to learn at your own pace from
anywhere in the world.

You can also re-watch courses as many times as you need, and you’ll
be able to interact with your colleagues through discussion boards or
social media groups. While you’ll generally have flexibility, deadlines
for exams and projects are still fixed, and you need to meet them.
A great advantage is the ability to try an online short course in IT
Security before deciding if you’re ready to go for undergraduate or
postgraduate studies. Many universities, colleges, and online
platforms offer Cyber Security short courses starting at 100 EUR.
They usually last between 1-3 months and allow you to get a taste of
online learning.

Online Cyber Security degrees will also help you reduce study costs.
Tuition fees are lower, starting at 300 EUR/academic year, and you
don’t need to spend money on transportation, rent, and living costs in
a foreign country. Still, due to the technical nature of Cyber Security
degrees, you might need to invest money in your hardware or software
programmes used in classes or virtual labs.

Always check the accreditation of the study programme before you

enrol in an online Bachelor’s or Master’s in IT Security. While most
online degrees are legitimate, you don’t want to invest your money and
time in a fake diploma. Being scammed while trying to learn how to
prevent cybercrime is not exactly an asset on your CV, right?

Cyber Security scholarships, internships, and hacking contests

Cyber Security Scholarships
There’s no online platform that gathers all the scholarships and
financial aid programmes available for Cyber Security students. There
are, however, more scholarship programmes available in the United
States. Read the requirements for each, because some of them are
only available to US citizens or people with a residence permit.
You can also search for scholarships based on the country in which
you want to study. Another great option is looking for resources on the
university page or asking the academic staff during the application
process. If there are financial aid programmes available, they can offer
you the necessary information.
Check out the Studyportals Scholarship to get some help on financing
your studies abroad.

Cyber Security Internships

Internships are a great way to gain experience and prepare for the job
market. They offer you the opportunity to work with experts in the IT
Security field and learn from real-life problems and situations.
Internships represent a great opportunity to apply what you’ve learned
in Cyber Security classes and see where you can develop your
knowledge.

You’ll find various internships on sites like Glassdoor or LinkedIn. If

you fit the requirements and are happy with the duration and payment,
go ahead and apply. You’ll also find lists of IT Security internships on
the internet. Not all of them are up-to-date, but they spare you from
searching for each programme individually.

Hacking contests and bug bounties

During hacking contests, teams from all over the world compete in a
series of challenges. A great example is Global Cyberlympics, where
the challenges usually focus on System Exploitation, Reverse
Engineering, Cryptography, etc. Hacking contests are a great place to
show off your computing skills and practise working within a team.

Hacking competitions can also be organised by companies to find bugs

or vulnerabilities in their hardware or software products. In 2019, for
example, Tesla offered 900,000 USD and a free car to anyone who
could hack their Tesla Model 3.

Companies are willing to offer prizes because the number of cyber

threats has been growing. As more devices are connected to the
internet, they become vulnerable to hacking. That’s why it is crucial to
find software security issues before cybercriminals.

Tech giants like Google, Microsoft, Facebook, and others offer bug

bounties to people who can hack their software and help them fix
security flaws. Money isn't the only thing you’ll get if you manage to
pull off such a feat. Companies will evaluate your skills, and you might
end up working as a Cyber Security analyst and defend their products
and systems.
Cyber Security jobs and how much do Cyber Security experts
make

Here is what Bogdan, Senior E-threat Analyst at Bitdefender, has to

say about following a Cyber Security career:

“Cybersecurity is not your average 9 to 6 job. It requires serious

dedication and, most importantly, a lot of effort just to keep up with
the latest developments in the field. There is no straight way to a
Cyber Security career, but most people get there either straight out of
college (way easier if you have pursued a Bachelor's degree in
Computer Science) or by transitioning from another IT role. Both are
good starters to get a solid understanding of how technology works.

Another important aspect is curiosity. Most Cyber Security roles

require that you put yourself in a hacker's shoes. Master this malicious
mindset, stay inquisitive, and the rest will come. Just be warned that
people in Cyber Security are always on-call.”

The best Cyber Security jobs and salaries

Do you know how much the world needs IT Security experts?
Currently, there is a shortage of 2.93 million Cyber Security
professionals worldwide, according to ISC2. The U.S. Bureau of Labour
Statistics also adds that there will be a 28% job increase in this field
by 2026.
Cyber Security experts are needed in companies from all fields, but
especially in financial, healthcare, and even education institutions,
where people’s transactions, assets, and health records need to be
protected.
There are multiple positions you can occupy in this field. They have in
common great salaries and high demand for technical skills, attention
to details, problem-solving mentality, and the ability to analyse risks.
Let’s look at some of the best IT Security jobs and the average annual
salaries in the United States, according to Payscale:

 Cryptographer – 100,000 USD

 Information Security Officer – 91,000 USD
 Security Assessor – 90,000 USD
 Security Engineer – 88,000 USD
 Penetration Tester – 81,000 USD
 Forensics Expert – 71,000 USD
 Security Administrator – 65,000 USD

What are some recent trends in Cyber Security?

Based on the information we’ve received from Bogdan, we can split

trends from this field in two categories: trends that impact companies
and those that affect consumers.

Trends that affect companies

 Network and endpoint security: securing corporate networks and all the
remote devices (e.g. laptops, smartphones) that connect to these networks
and represent a potential security threat.
 Infrastructure hardening: increasing security on all components of the
infrastructure, including web servers, database systems, application servers,
etc.
 Breach detection: detecting malware activity inside a network after a security
breach occurs.
 Forensic investigation: recovering data and evidence from digital devices after
a cybercrime occurs.

Trends that affect consumers

 Ransomware: a type of malware that encrypts the user’s data and only allows
access if a ransom is paid.
 Crypto-jacking malware: hidden malware which uses your device’s resources
to “mine” for cryptocurrencies.
 Data breaches: incidents when unauthorised people gain access to private
information.
 Find Masters in Cyber Security

Ready to start your Cyber Security career?

Well, are you? Here is why Bogdan Botezatu chose a career in Cyber
Security:

“The advent of Internet has over-complicated cyber-security by an

order of magnitude, as attackers can reach out to a wider pool of
victims all over the world.

I chose Cyber Security as a career because it’s one of the most

challenging territories in Information Technology. It’s a high-stake,
extremely unbalanced game with unknown opponents where one
mistake can cost a fortune. It’s an exciting and extremely rewarding
job that keeps you busy day and night.”

What are you waiting for? There are almost 3 million Cyber Security
jobs open for a future expert like you.

If you’ve enjoyed reading this article, please consider sharing it on

social media. You can drop us a like or comment there, and let us
know: what’s the best reason to study Cyber Security in your opinion?

The 6 Highest-Paid Cybersecurity Jobs:

Information Security Manager

According to our 2019 Tech & Digital Marketing Salary Guide, this role
tops the list of highest-paid cybersecurity jobs with an average salary
range of $125,000 to $215,000. Information Security Managers play a key
role in avoiding security disasters by identifying any areas that might
make your information systems vulnerable. These are the professionals
who are tasked with assessing current security measures and mitigating
future attacks against your company’s computers, networks, and data.
 When to hire? Looking to protect consumer data and avoid the
fees & fines that are related to getting your sensitive data hacked or
stolen? Do yourself a favor and hire for this role before your bottom-line
pays the price and you're forced to allocate funds to hefty fines for failing
to protect consumer data, like Uber when the company was fined $148
million for violating state data breach notification laws.
Cybersecurity Engineer
 The Cybersecurity Engineer position also nets one of the highest salaries
in the security industry, with average cybersecurity salaries ranging from
$120,000 to $200,000.  Companies invest in these professionals for their
skill sets and experience as they are primarily responsible for multiple
security engineer functions, including designing, developing, and
implementing secure network solutions to defend against advanced
cyberattacks, hacking attempts, and persistent threats.
 When to hire? Hiring a Cybersecurity Engineer will strengthen your
cybersecurity team thanks to the in-depth knowledge and experience
professionals in this role bring to the table. When looking to take your
team to the next level, this is the role you should prioritize hiring first.
Application Security Engineer

Another one of the highest-paid cybersecurity jobs, Application Security

Engineers, make on average between $120,000 to $180,000. If your
company uses software solutions provided or hosted by third party
organizations like AWS or Microsoft’s Azure or even if you custom build
your own solutions, hiring an Application security engineer is crucial.
These professionals will be tasked with securing all software and business
applications used throughout your workforce and ensuring that all privacy
and compliance constraints are built into the software and followed.
 When to hire? This role is crucial for any business looking to
integrate software, like AWS or Azure into their day-to-day operations.
Why? Application Security Engineers have the experience and skill sets
needed to ensure the security and stability of your internal and external
applications which helps prevent hackers or malicious systems from
attempting to disrupt the integrity of your infrastructure.
Cybersecurity Analyst

The average cybersecurity salary for this position falls between $90,000
and $160,000, and they are worth every penny. These security
professionals help create, plan, and carry out security measures to keep
your infrastructure secure. They have the knowledge and experience to
work with Penetration Testers and Information Security Managers to
mitigate and avoid cyberattacks that could cripple your bottom line and
are especially equipped to identify vulnerabilities before hackers have a
chance. 
 When to hire? If your company has been hit by a data breach or
infected by a malware virus, then your next step should be to hire a
Cybersecurity Analyst who can help mitigate the attack and keep you
protected from any future attacks.
Penetration Tester 
 Penetration Testers, commonly called Pen Testers or Ethical Hackers, on
average, make between $80,000 to $130,000. A McAfee survey showed
that security managers believe hiring ethical hackers offers a company a
valuable understanding of logic used by hackers and skills critical to
cybersecurity. Does your company conduct quarterly, monthly, or daily
security tests? If so, then these are the professionals you need to invest in
attracting and retaining. Penetration Testers complete various, in-depth
tests across your computer systems, networks, and even web applications
to identify vulnerabilities that can be exploited by cybercriminals.
 When to hire? How safe is your business from high-level
cyberattacks? This is the individual that can answer that question and
make sure you remain one step ahead of the latest hacking strategies.
Though it may seem counterintuitive to hire hackers for your security
roles, it will open up a new pool of candidates with the insider knowledge
to help secure your assets.
Network Security Engineer

Rounding out this list of the highest-paid cybersecurity jobs, the average
salary for the Network Security Engineer role now ranges between
$125,000 to $185,000. Much like the Cybersecurity Engineer position, this
is a multifaceted position; tasked with maintaining your LAN, WAN and
server architecture while also maintaining and monitoring virtual
networks, firewalls, email security and web protocols, security, and
programs. When it comes to a business’s computer network, you can
never be too secure, and this role helps guarantee your company’s
network is safe and secure.
 When to hire? If your company is experiencing issues with your
network or discovering vulnerabilities you weren't aware of, then it's time
to onboard a Network Security Engineer; They will help clean and protect
your networks.
Consider this your exclusive guide to the highest-paid cybersecurity jobs
as you head into 2020 so you can allocate the necessary funds to get the
security hires you need in the door. With experts projecting cybercrimes
to cost the world $6 trillion annually by 2021, it’s crucial you hire
cybersecurity talent today and ensure you’re offering competitive salaries
so you don’t miss out on the high-end talent you need. If you lack the
cybersecurity professionals you need or want to learn more about the
salary ranges for related roles, contact Mondo today. We’ll provide you
with the salary insights and candidates you need to elevate your
cybersecurity strategies.
 Cybersecurity professionals work in every size company and industry to protect organizations
from data breaches and attacks. And the demand for cybersecurity professionals is growing at a
breakneck speed. Job postings for cybersecurity positions have grown three times faster than
openings for IT jobs overall.
Before you jump headfirst into this specialized field, you should know what a typical
cybersecurity career path entails. In this blog, we’ll cover four popular security careers and the
recommended training you need to be successful:
 Security Architect
 Security Consultant
 Penetration Tester/Ethical Hacker
 Chief Information Security Officer (CISO)
How to Start Your Cybersecurity Career Path

There is no one linear path to a successful career in cybersecurity. Some people enter the
security field straight out of college, while others transition from another IT role.
No matter where you start, all cybersecurity careers begin with general IT experience. You need
to understand how technology works before you can learn how to secure and protect it.
Entry-level IT jobs that pave the way for a cybersecurity career include:
 Systems administrator
 Database administrator
 Web administrator
 Web developer
 Network administrator
 IT technician
 Security administrator
 Network engineer
 Computer software engineer
You’ll also need to supplement what you learn on the job with outside training and education. In
fact, 35 percent of cybersecurity jobs require an industry certification, compared to 23 percent of
IT jobs overall.
Most management-level cybersecurity jobs are highly specialized. The more you can focus your
expertise by seeking out specific industries and certifications, the more attractive you’ll appear
to companies looking for those particular skill sets.
Security Architect Career Path

If you’re passionate about problem-solving and creating big-picture strategies, the security
architect career path is for you.
A security architect is tasked with designing, building and implementing network and computer
security for an organization. Security architects are responsible for creating complex security
 structures and ensuring that they function properly. They design security systems to combat
malware, hacker intrusions and DDoS attacks.
In the United States, the average salary for this position is $118,681. Security architects are
expected to have 5-10 years of relevant experience, with 3-5 of those years dedicated to
security.
To become a security architect, you might follow a career path similar to this:
 Earn a bachelor’s degree in computer science, information technology,
cybersecurity or a related field. Or, gain equivalent experience with relevant
industry certifications.
 Enter the IT field as a security administrator, systems administrator or
network administrator.
 Get promoted to a mid-level role as a security engineer or analyst.
 Enter a security architect role.
As a security architect, you’ll be required to:
 Plan, research and design durable security architectures for various IT
projects.
 Develop requirements for networks, firewalls, routers and related network
devices.
 Perform vulnerability testing, security assessments and risk analysis.
 Research and implement the latest security standards, systems and best
practices.
Recommended Training for Security Architects
Because the security architect role is a senior-level position, employers will look for accredited
security certifications on your résumé.
Professional cybersecurity training and certifications will help you accelerate your career path
and stand out to potential employers. These certifications reinforce the essential skills required
for the security architect role, such as network security and architecture, vulnerability testing and
risk management.
Beginner:
 CompTIA Security+
Intermediate:
 Certified Ethical Hacker (CEH)
Advanced:
 EC-Council Certified Security Analyst (ECSA)
 
Expert:
 Certified Information Systems Security Professional (CISSP)
 Security Consultant

A security consultant is a catch-all cybersecurity expert. They assess cybersecurity risks,

problems and solutions for different organizations and guide them in protecting and securing
their physical capital and data. The position might also be referred to as an information security
consultant, computer security consultant, database security consultant or network security
consultant.
Security consultants need to be flexible and savvy – they deal with a wide range of variables
when assessing security systems across diverse companies and industries.
The salary range for IT security consultants is broad depending on experience, but a senior
security consultant earns an average of $106,190 in the U.S. Security consultants are expected
to have 3-5 years of professional experience.
To become a security consultant, you might follow a career path similar to this:
 Earn a bachelor’s degree in computer science, information technology,
cybersecurity or a related field. Or, gain equivalent experience with relevant
industry certifications.
 Pursue an entry-level position in general IT or security.
 Earn a mid-level role as a security administrator, analyst, engineer or auditor.
 Sharpen your cybersecurity skills with advanced training and certifications.
 Enter a security consultant role.
As a security consultant, your daily tasks may include:
 Determining the best way to protect computers, networks, data and
information systems from potential attacks
 Performing vulnerability tests and security assessments
 Interviewing staff and department heads to uncover security issues
 Testing security solutions using industry standard analysis methods
 Providing technical supervision and guidance to a security team

Recommended Training for Security Consultants

Having certifications on your résumé will help you build credibility as you climb the career
ladder. These training courses will expose you to the essential skills every security consultant
needs, from ethical hacking to encryption technologies and data breach prevention protocols.
Beginner:
 CompTIA Security+
Intermediate:
 Certified Ethical Hacker (CEH)
 Cybersecurity Analyst (CySA+)
Advanced:
 EC-Council Certified Security Analyst (ECSA)
 Certified Information Systems Auditor (CISA)
 Certified Information Security Manager (CISM)
Expert:
 Certified Information Systems Security Professional (CISSP)

Penetration Tester/Ethical Hacker – Mid to Senior Level

Penetration testers (also known as ethical hackers) look for weaknesses in IT systems,
networks and applications using the same knowledge and tactics as criminal hackers.
Penetration testers use a series of tools to simulate real-life cyberattacks, identify weak spots
and help organizations improve their security posture.
The average salary for a penetration tester is $79,000.

Many penetration testers and ethical hackers follow a career path that looks like this:

 Earn a bachelor’s degree in computer science, information technology,

cybersecurity or a related field. Or, gain equivalent experience with relevant
industry certifications.
 Pursue an entry-level role as a security administrator, system administrator
or network engineer.
 Master specialized ethical hacking skills with training and certifications.
 Enter a penetration tester or ethical hacker role.
 Get promoted to a senior penetration tester role, security consultant or
security architect.

As a penetration tester, you’ll be expected to:

 Perform penetration tests on web applications, networks and computer
systems
 Uncover security holes and pinpoint the methods attackers could use to
exploit system weaknesses
 Research, document and discuss findings with management and IT teams
 Design and implement new penetration tools and tests

Recommended Training for Penetration Testers

Cyberattacks are always evolving, so your knowledge should be, too.
These training courses will teach you everything you need to know about modern ethical
hacking practices, operating systems, software, communications and network protocols.
Beginner:
 CompTIA Security+
Intermediate:
 Certified Ethical Hacker (CEH)
Advanced:
 CompTIA Advanced Security Practitioner (CASP)
 EC-Council Certified Security Analyst (ECSA)
Expert:
 Certified Information Systems Security Professional (CISSP)
Learn more about what it takes to become an ethical hacker.

Chief Information Security Officer (CISO) – Senior level

If you aspire to lead a security team and spearhead IT initiatives for an enterprise, becoming a
CISO is a lucrative and rewarding career path.
The role of chief information security officer comes with a lot of power and creative freedom.
CISOs build security teams and oversee all initiatives that concern an organization’s security.
The CISO reports to the CIO or CEO.
The average salary for a CISO is $156,000. You can expect to spend 7-12 years working in IT
and security before you qualify for a role as a CISO. At least five of those years should be spent
managing security operations and teams.
To become a CISO, you might follow a career path similar to this:

 Earn a bachelor’s degree in computer science, information technology,

cybersecurity or a related field. Or, gain equivalent experience with relevant
industry certifications.
 Enter the field as a programmer or analyst.
 Get promoted to a role as a security analyst, engineer, consultant or auditor.
 Gain more advanced IT certifications and training.
 Enter a management position overseeing a security team.
 Attain an MBA or certifications with an IT security and/or management focus.
 Get promoted to a CISO role.

As head of IT security, your daily activities will include:

 Hiring and guiding a team of IT security experts
 Creating strategic plans for deploying information security technologies and
improving existing programs
 Supervising the development of corporate security policies and procedures
 Collaborating with key stakeholders to establish a security risk management
program
 Spearheading IT security investigations and providing recommended courses
of action in the event of a breach

Recommended Training for CISOs

When striving for positions in this level of management, earning accredited certifications is an
absolute must. Taking the initiative to continue your education with relevant certifications
validates your expertise and dedication to the field of IT security management.

Intermediate:
 Certified Information Systems Auditor (CISA)
Advanced (Management-Focused Training):
 Certified Information Security Manager (CISM)
Expert:
 Certified Information System Security Professional (CISSP)

Training for Every Cybersecurity Career Path

There are endless paths your cybersecurity career can lead you down. As the world’s largest IT
training company, New Horizons offers expert-led IT training to help you master sought-after
skills and prepare you for the top cybersecurity certification exams.
Whether you’re just getting your feet wet in the IT industry or preparing to submit your résumé
for a management position, New Horizons offers the hands-on cybersecurity training
courses you need to accelerate your career.
Unsure which training course to take first? Discover the best certification
path for your career and goals using using the New Horizons cybersecurity
roadmap.

Are you a student, current cyber worker, or career changer? Are you thinking about a job in
cybersecurity?  Learning about and understanding the field's unique requirements will help you
determine whether a career in cybersecurity is in your future. The work environment for cyber
professionals is dynamic and exciting, with competitive salaries and growing opportunities.

Cybersecurity professionals often thrive in an informal atmosphere,

unconventional working hours, and shifting work responsibilities aimed at
keeping knowledge fresh and work exciting.
There are many different jobs within the cyber security field that require a
broad range of knowledge, skills and abilities.
Cybersecurity professionals must have the ability to rapidly respond to
threats as soon as they are detected. Professionals must also possess a
range of technical abilities to perform a variety of activities, and be able to
work in different locations and environments.

Cybersecurity work also includes the analysis of policy, trends, and intelligence to better
understand how you think or act - using problem solving skills often compared to those of a
detective. This level of work complexity requires the cybersecurity workforce to possess both a
wide array of technical IT skills as well as advanced analysis capabilities.

If you are thinking about a career change in 2016, then you might want to have a look
at the burgeoning cybersecurity market which is expected to grow from $75 billion in
2015 to $170 billion by 2020.
More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up
74% over the past five years, according to a 2015 analysis of numbers from the
Bureau of Labor Statistics by Peninsula Press, a project of the Stanford University
Journalism Program.
If you are already in the tech field, then crossing over to security can mean a bump in
pay. Cybersecurity workers can command an average salary premium of nearly
$6,500 per year, or 9% more than other IT workers, according to the Job Market
Intelligence: Cybersecurity Jobs 2020 report published by Burning Glass
Technologies.

For newbies to the tech field who are contemplating a career in cybersecurity, they
will often start out as information security analysts. U.S. News and World Report
ranked a career in information security analysis eighth on its list of the 100 best jobs
for 2015. They state the profession is growing at a rate of 36.5% through 2022. Many
information security analysts earn a bachelor’s degree in computer science,
programming or engineering.