Is Cyber Security Hard? An Honest Look at This Growing Field
Cyber and information security seem to be on every company’s radar these days. While many are investing significant resources into beefing up their security measures, cyber criminals and other malicious actors continue to pose an evasive and evolving threat. According to CompTIA®, ransomware attacks surged during the COVID-19 pandemic, and in 2020, nearly 3 out of 4 companies experienced phishing attacks.1
“One of the most challenging aspects of cyber security is the ability to stay ahead of evolving threats,” says David Wurst, Certified Information Security Manager® and founder of WebCitz. “Cybercriminals are constantly developing new ways to exploit vulnerabilities.”
The job market is taking note. According to the Bureau of Labor Statistics (BLS), employment of information security analysts is projected to grow by 33 percent from 2020 to 2030—a much faster projected rate of growth than the national average.2
While it’s clear there’s a strong need for competent cyber security professionals, it’s only natural to wonder what it takes to feel competent in this role. So, is cyber security a challenging field?
Obviously, everyone has different aptitudes and skills, so there’s no way to provide a universal yes or no answer. But we can lay out some of the essential things cyber security professionals need to learn, the skills they need to master and the advice they wish they had when they started their careers.
Is working in cyber security hard?
Cyber security encompasses a huge variety of roles, including malware analysts, network engineers, penetration testers and quality assurance professionals, among others. These roles and specialized focus areas can all have their own unique obstacles, but broadly speaking, there’s one constant challenge: The learning never stops. If you are looking for a career where you don’t have to learn and adapt frequently as you go—cyber security is not the right choice.
“What I find most challenging is that the world of cyber security is constantly shifting,” says Andreas Grant, network engineer and founder of Networks Hardware. “New threats are rising almost every single day. One moment we are just running our usual security check and the next there is a possible zero-day threat to look into.” He adds that at times, it can feel like you will never know enough, which can be overwhelming.
Strangely enough, a little bit of self-doubt can actually put you on the right footing for working in this field, as it helps to stay vigilant, according to Sergey Voynov, CEO and founder of G-71.
“I think that the most important soft skill for a successful career in cyber security is the ability to constantly analyze and doubt,” Voynov says. “In this area, you can never just stop and rest on your laurels. Even if you have created a perfect solution that will safely secure the company today, tomorrow you should be the first one to doubt it.”
“Cyber security is a demanding field that requires you to be willing to constantly learn new material and question the relevance of what you’ve already learned,” says Allan Buxton, director of forensics at Secure Data Recovery Services. If you have a fascination for the field and love to solve puzzles and problems, that consistent learning will probably feel much easier.
What skills do cyber security professionals need?
Part of understanding how difficult a career might be is understanding what you must be able to do. What are some of the most important cyber security skills? We used real-time job analysis software to discover the skills employers are asking for in cyber security applicants.
Top technical skills employers are seeking:3
- Information systems
- Network security
- Project management
- Security operations
- Vulnerability assessment
- Penetration testing
- Risk assessment and management
“The most difficult aspect of my training to become a cyber security professional was the technical skills,” Wurst says. He explains that he needed to learn different coding languages as well as malware analysis techniques. “However, I overcame this difficulty by enrolling in specialized courses, networking with other professionals in the cyber security community and seeking out online resources.”
“In addition to fully merging into a company structure at all levels, you need to follow general trends around you and analyze how they affect your solutions,” Voynov says. “It’s constant curiosity and thinking outside the box. We should always stay alert!”
Is cyber security hard to learn?
There’s undoubtedly a lot of information for aspiring cyber security professionals to take in, particularly if they’re starting from square one. In the big picture of IT roles, keep in mind that many “entry-level” cyber security roles reflect a skill set on par with an established IT networking professional with specialized training. With that in mind, it’s important for cyber security professionals to first establish a solid foundation of network and systems administration skills and then home in on specific skills needed for information security roles.
“The main challenge is to have enough expertise and a wide enough knowledge base,” Voynov says. He explains that cyber security is not a field for people who want to choose one limited angle to focus on. Rather, cyber security experts need to understand many different systems and infrastructures to know what they need to keep their company secure. While it’s a tall task to round out the breadth of knowledge needed to be effective, it can be managed bit by bit.
Of course, individual subjects can be tricky. For Grant, learning Linux was a challenge. “I was a Windows® user, and Linux was like writing code just to get usual things done.” He also debated whether to learn programming languages since he knew there were entry-level positions that didn’t require them. “I just had to let go of my fear and at least try to understand the basics,” Grant says. “While I am by no means an expert coder, I do know enough to help me in my day-to-day tasks.”
Learning the fundamentals of cyber security is probably more challenging than your average office suite skill. But Buxton points out that cyber security is an industry that’s ultimately driven by people, not machines. “A person put it together. This means that if you put the effort in, almost any portion of the field can be learned.”
What would I learn in cyber security courses?
Thankfully, you’re not on your own when it comes to getting up to speed. With the benefit of courses, professors, peer networks and all the resources of a university, working your way through cyber security training can become much more manageable.
So, what can you expect from a cyber security degree program? Let’s take a look at a sampling of courses from the Rasmussen University Cyber Security Bachelor’s degree program.
Malware Reverse Engineering
If you want to resist malware, you’ll first need to understand it and take it apart. This course will cover how malware is designed, how to analyze and disassemble it, and how to handle malware from unknown origins or source codes.
Hacker Techniques, Tools and Applications
Welcome to hacking! Many cyber security professionals need more than an academic understanding of hacking. This course will introduce hacking tools, vulnerabilities of operating systems, and software and networks that hackers use to access unauthorized information.
Principles of Cyber Security
Everyone needs the basics of the field to have a strong foundation. This course will help you understand the steps cyber security professionals need to take to protect their organizations, as well as the moves others may make to break into their systems.
Security Risk Assessment
Cyber security professionals are constantly checking and evaluating risks and threats. This course helps you understand the methodical approaches needed to assess levels of risk no matter what systems or networks you are looking at.
Feeling up for the challenge of cyber security?
Working in any complex, highly technical field will require some significant time and effort to learn the ropes and get established. But if you are determined and genuinely interested in this field, you might have what it takes to become a cyber security professional.
“I was taking my time and thinking, ‘Maybe when the time is right, I will start looking more into it,’” Grant says. “To be honest, you can never be completely prepared. Just jump in and try any of the basic entry-level courses to see if this is what you really feel like doing. I was always full of doubt, and the best way to get rid of it was just to gain practical knowledge.”
Looking for more reasons to pursue a Cyber Security Degree? Check out our article “Is a Cyber Security Degree Worth It? Analyzing the Facts.”
1Ashley Watters, “Top 50 Cybersecurity Statistics, Figures and Facts,” CompTIA, January 11, 2022. Accessed April 2022. https://connect.comptia.org/blog/cyber-security-stats-facts.
2Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, [accessed April 2022] www.bls.gov/ooh/. Information represents national, averaged data for the occupations listed and includes workers at all levels of education and experience. This data does not represent starting salaries. Employment conditions in your area may vary.
3Burning-Glass.com (analysis of 175,924 cyber security engineer/analyst job postings, Apr. 1, 2021 - Mar. 31, 2022).
CompTIA is a registered trademark of CompTIA, Inc.
Certified Information Security Manager is a registered trademark of Information Systems Audit and Control Association.
Linux is a registered trademark of Linus Torvalds.
Python is a registered trademark of the Python Software Foundation.
Windows is a registered trademark of Microsoft Corporation.