For many people getting into Cyber security is the gateway to a better paid job with almost infinite possibilities. Finding an entry-level job is key to this success as this becomes the first rung in climbing the cyber security career ladder.
So, what are the best cyber security entry-level jobs? The best cyber security entry-level jobs are the ones which don’t require a lot of cyber security knowledge or expertise. These typically involve those jobs involved around security incident response, as the first line responder to cyber security events, like cyber attacks and threats. Basic analysis working in a security operations center (SOC) is also an area where entry-level opportunities can exist.
Security incident response is an important part of the security operations center, where cyber security teams respond and deal with cyber security incidents. The teams include people who respond to the security incidents by reviewing security incidents through a ticketing system and analysts who make decisions based on their experience about the security incidents in question.
As a first line incident responder, the primary duties include taking information about potential cyber security issues and then logging these into a specialized portal. This specialized portal is set up to log incidents and assign priorities to these incidents based on how important the incident is, depending on its impact and probability.
Information about cyber security problems and issues can come from telephone calls, emails, online chat to incidents being raised by other people and teams directly into the incident management portal. The first line responder will be aided by specialist software known as the Security Incident and Event Management (SIEM) software that uses threat analysis to determine the impact of a particular security incident or event.
If a security incident impacts a large part of the organization such as a Distributed Denial of Service (DDoS) attack, in turn affecting the ability of employees in the organization to work, as this DDoS attack shuts out their online internet access. Then this would be classed with a high severity and given a high priority, such as P2 or even P2.
The priority levels typically run from P1 to P4, with each priority level being assigned to the importance of the incident. The first line responder will not be responsible for determining these levels as the SIEM software will provide the initial priority level and senior Security Operations Center (SOC) staff will then analyze this assessment and determine if it’s correct.
To be able to work in incident response, as the first port of call, having good communication skills is vital. Including the ability to take information from telephone calls, emails, online chats and other incident tickets in a concise and clear manner. Allowing for other people involved in the incident management process to take this information and act on it quickly whilst minimizing any damage from a cyber event like a threat or a attack.
When I’ve done incident response in the past, I’ve normally just had to raise a ticket in the incident management portal by asking them a bunch of questions related to the required fields in the incident management portal. Questions around:
- How many people are affected? Single user, many users, whole teams, whole organization?
- Location of the security incident? Office, Data Centre or in the cloud?
- Which services are affected? Computers, infrastructure services to applications?
Once I have entered all this information into the incident management portal, an incident is created when I submit the information. I give the person who has contacted me about the incident, the corresponding incident number for their reference.
Fortunately for me, the incident management portal, had some clever algorithms in the backend that determine the initial priority for the incident and based on this, assigned it to the correct team member in the SOC to analyze further.
The further analysis is done by specialist security analysts who have varying experience in a number of different cyber security areas. So, for example, the vulnerability analyst will look at any vulnerabilities found and assess how much risk they pose by looking at their potential impact and the likelihood of this impact, which is how realistically could this vulnerability be exploited.
Vulnerability Analysts have varying degrees of experience, with entry level jobs requiring the ability to complete scheduled checking of security tools that report back the vulnerabilities. Tools like Qualys to Amazon Web Services (AWS) Inspector are specialist security tools check the infrastructure comparing what’s available with any vulnerabilities. So, a virtual computer (EC2 instance) hosted in Amazon’s Web Services cloud service, will be regularly checked by the AWS Inspector tool for vulnerabilities.
Security tools are only as good as what’s done with the information they provide, therefore if AWS Inspector comes up with a list of virtual computers with critical vulnerabilities but no one acts upon these vulnerabilities. That is, actively work to remediate these vulnerabilities by applying the relevant security patches, then there’s little point in having a security tool that can find vulnerabilities when nothing is going to be done about these vulnerabilities.
This is where the vulnerability analyst can help by logging incidents into an incident management system and assigning these incidents to the teams who deal with patching systems and services. These incidents are classed as security incidents and with have a service level agreement attached, which defines the period of time the security incident must be fixed in.
Depending on the severity this could be a few hours to a few days depending on how critical the security incident that is, the seriousness of the vulnerability. If it’s a vulnerability that could potentially open up the organization for a mass attack where hackers could enter the organization and steal data, then the vulnerability analyst will need to escalate to senior colleagues who will more than likely raise a major incident. Resulting in an incident manager involved in major incident management.
The vulnerability analyst won’t be alone in making decisions, they will have their whole team to help them when help is required.
The vulnerability analyst could also be responsible for reporting whereby, they would on a periodic basis create a report of the vulnerabilities across an organization’s infrastructure and/or services. Highlighting the number of vulnerabilities found, the severity of the vulnerabilities and the current progress to remediate these vulnerabilities.
This would require liaising extensively with the different teams involved in the remediation process as it may not just be one team dealing with the remediation. From personal experience, fixing vulnerabilities in infrastructure and infrastructure components like computers normally has one team, then there’s a team for databases and then another for applications and so on.
Application vulnerabilities can be particularly difficult to fix, as the team that developed the application may not necessarily be the one that keeps the application updated. So, finding the responsible team if there is one, requires an incredible amount of effort.
Entry-level Cyber security Salaries
Entry-level jobs in cyber security have varying levels of salary associated with them, depending on their complexity as some entry-level jobs will require more experience than other cyber security jobs. Many organizations will find it difficult to recruit for cyber security generally and this includes entry-level roles.
Remember you don’t need to have a degree or security certification to do these entry-level type roles and from experience, people with degrees will probably find these entry-level roles beneath them and expect something better, as they see it, something more interesting.
As a general rule entry-level jobs in cyber security tend to pay more than entry-level jobs in other job sectors. With incident response personnel starting at around $40k a year, with vulnerability analysts potentially on more, at around $45k a year.
It’s important to note, some organization may pay more depending on the level of supply of individuals to fill these roles. Where I am, the salaries are slightly higher as there is an acute shortage of people with an aptitude for these roles.
Aptitude isn’t just reserved for technical ability, cyber security know how or years in the field, but the ability to work with other people, work in stressful situations like incident response and have the ability to effectively communicate.
As poor communication could take a drama and make it into a crisis if the person makes a hash job at communicating the security incident with important stakeholders in the incident management process, like the incident manager.
Cyber Security Opportunities
Training someone up to work in security incident response or even basic vulnerability analysis is fairly quick, as both involve some form of process. Understanding the process and being able to repeat the process is what employers look for.
I firmly believe in processes as it’s these processes that protect organizations and more importantly can protect your job if things go wrong. As employers will find it difficult to argue against someone who has followed the process, but the outcome has been unexpected.
One of the benefits of working in Cyber security is the pace at which you can rise up the career ladder, as I have personally found out. I like to soak up information like a sponge only if I’m exposed to the right information, which has been the case in the many cyber security roles I’ve had.
This has quickly allowed me to progress further into different areas in Cyber Security, from a basic understanding of vulnerability management, to working in DevSecOps and being able to provide security assurance for securing applications with a deeper understanding of vulnerability management in containers used for application images.
There is no way I could have gone straight into understanding containerized workloads and the vulnerability management of these, especially as they tend to be immutable, that is, you can’t patch them. Instead, the container image must be rebuilt using components like the latest versions of the component libraries, which should be free of high risk and critical vulnerabilities.
It’s therefore important to view the entry-level cyber security job as a springboard for bigger and better opportunities. So, even if the entry-level job doesn’t pay what you initially expected because maybe there are too many people looking for similar opportunities. Forcing prospective employers to reduce the salaries they have on offer; it still makes a lot of sense to grab these opportunities.
Sometimes these opportunities maybe unsociable and I’ve done my fair share of shift work as well as working night shifts, on the graveyard shift as they say. But I’ve embraced this, as I knew at the time it was temporary and I wouldn’t end up doing this for the rest of my life.
It was just a stepping stone to something better and bigger later, which ended up me getting into senior cyber security roles where working a standard 9 to 5 is more the norm and unsociable working if any, normally is very rare and results in extra payments to offset the fact it’s unsociable.
In fact, a few years ago, I had to work for 5 nights straight for a migration which required security oversight and I agreed I would due this, if they paid me double what I would get during the day. They accepted my request and I even managed to get my employers to pay for pizza on two of those nights.
If you don’t mind working unsociable hours this can be a blessing in disguise, as this may make the playing field less competitive, as others might not be inclined to work unsociable hours. People with families may not want to disrupt their lives, so will be more reticent to work unsociably.
There are plenty of entry-level jobs available in Cyber security for people who can show an aptitude for this type of work. Ranging from incident response to some form of security analysis, like the role of the vulnerability analyst.
These roles typically have easy to learn processes for what the jobs entail and once this process is grasped, anyone can effectively do these jobs. Hopefully leading to picking up further skills whilst doing these jobs by getting a deeper understanding and experience of what these roles involve.
Whilst these roles might not be the most exciting in cyber security, they are a springboard for better things with career progression leading to better paid and more intrinsically rewarding roles in cyber security.