In this video, Marc Menninger introduces the nine main job categories that exist in the IT security field: specialist (often also called technician), analyst, auditor, consultant, engineer, administrator, architect, manager, and director. Learn about the different levels and subroles within each of these jobs.
- There are many career options in the field of IT Security. I'll introduce nine main job categories that exist in the IT Security field. Keep in mind, with the ever-changing threat landscape, new job roles come into existence every day. The nine job types are: Specialist, often also called Technician, Analyst, Auditor, Consultant, Engineer, Administrator, Architect, Manager, and Director. These are in rough order based on the experience level often required to get hired for these jobs.
But as you're climbing the career ladder, you don't necessarily need to follow this order to the top. Many of the security jobs that exist today fall into one of these job types. But of course there are exceptions, like Security Researcher and Security Software Developer. There are also many different titles, and levels within each of these job types. You can expect to see at least three skill-levels for any given job type. Junior, mid-level, and senior. So an Analyst for instance can be a Junior, a Mid-Level, or a Senior Security Analyst.
There are also a wide variety of sub-roles within each job. So sticking with the Security Analyst roles, you might find Forensic Analyst, Risk Analyst, and Application Security Analyst among other analyst roles. While the job types are arranged roughly in order of experience, that doesn't mean your career has to follow the same path to be successful. You can jump forward or backward, but it's always best that the moves you make demonstrate advancing skills and responsibilities.
For instance, my career in IT Security started as a Junior Security Consultant after many years in IT Support and Administration. From Consultant, I moved to Senior Security Risk Analyst, and then to Security Manager. Finally, I'll point out that there may be cases where different IT Security jobs and titles may blend together. For instance, your job title may be Security Consultant, but your main responsibility is to conduct security audits.
I'll describe each job in general to give you an idea of the possibilities that exist, and help you plan your career based on your personality, skill set, and desires.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- Understanding the job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself