“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” — John Chambers, former CEO of Cisco Systems

Phishing. Malware. Breaches. Cybercriminals don’t discriminate—striking across industries and around the world. You’ve seen the story shared time and again: in movies, on the news and across the internet

But what is cyber security, exactly?

Merriam-Webster defines cyber security as “measures taken to protect a computer or computer system (as on the internet) against unauthorized access or attack.” Cyber security plays an important role in our increasingly digital world—safeguarding information, deterring criminals and defending communities on a daily basis.

Let’s take a closer look at how cyber security works.

“If you spend more time on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” — Richard Clarke, former White House Cybersecurity Advisor

As digital defenders, one function of cyber security specialists work diligently to protect people against malicious attacks. But how does that work, in practice?

According to McAfee, a global computer security software company, setting up a strong cyber security landscape means implementing solutions that “protect, detect, correct and adapt to the continuing evolution of cyberattacks.”

On any given day, those employed by the cyber security field  might focus on the following areas:

With relevant tools and training, cyber security professionals may develop problem-solving skills—learning not only how to identify security incidents but also how to stop them in their tracks.

“Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades.” — Steve Morgan, Editor in Chief of Cybercrime Magazine

The potential consequences of cybercrime are numerous—from stolen money to lost productivity to theft of intellectual property and even reputational harm. The lack of cyber security can impact individuals and large corporations alike.

Take a look at these cybercrime statistics to gain a deeper understanding of the importance of cyber security and how poor cyber security may impact global businesses and markets:

After reading that list, you likely recognize the value—and necessity—of cyber security. But you may still be wondering: What might a career in the industry look like? How does cyber security work on a daily basis?

Let’s dive in.

In the digital era, big data often calls for protection.  But how that plays out might look different across industries. Similar to other career fields, cyber security provides multiple paths you can take. For those eager to become digital defenders, here are five potential areas of cyber security to explore:

Keep reading to discover more details.

The Patriot Act of 2001 defines critical infrastructure as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety or any combination of those matters,” [PDF, 6.3 MB].

As the nation’s leader in cyber security, the Cybersecurity and Infrastructure Security Agency identifies sixteen U.S. critical infrastructure sectors:

Cyberattacks on any of these areas could have some serious effects. For instance, the electric grid depends on information from other critical infrastructure sectors to operate properly.  Many days, the general population may take this fact for granted. But in times of natural disaster, we become dependent on the systems that underlie everyday life.

Curious about a career in this area? Available jobs within critical infrastructure security include cyber defense analyst, information systems security manager, network operations specialist, and security architect.

The software company VMWare defines application security as the process of “developing, adding and testing security features within applications” to pinpoint vulnerabilities and prevent attacks. Application security engineers are at the forefront of this task.

In Veracode’s State of Software Security report, Volume 10 [PDF, 18.4 MB], the application security company reported they tested for vulnerabilities in 85,000 applications—and found security flaws in 83% of them.

Through processes like authentication, authorization, encryption, logging and application security testing, application security engineers strive to find these flaws, sooner rather than later.

Interested in this subfield of cyber security? Application security engineers work in a range of settings, from small startups to large enterprises, so there are a number of different paths aspiring professionals can consider.

According to Cisco Software, network security is “any activity designed to protect the usability and integrity of your network and data.”

As a steward of network security, the National Institute of Standards and Technology (NIST) has a strategic framework for achieving exactly that. Here are the five steps NIST recommends organizations take to secure their networks:

Similar to application security engineers, network security engineers can be found working in a variety of settings—from small businesses to major companies like Accenture, Facebook and Credit Suisse. They may also be found securing the networks at universities or in governmental organizations such as the Department of Homeland Security, among others.

Cloud computing is a common concept in the digital era. But for some people, the phrase may be a bit hazy. The software company Red Hat says that cloud refers to “the hosted resources delivered to a user via software.”

High-level security concerns may affect traditional IT and cloud systems alike—making protection one of the priorities for those who may be potentially impacted. As digital defenders, cloud security engineers protect the data, applications and infrastructures involved in cloud computing.

According to Red Hat, “Preventing unauthorized access in the cloud requires shifting to a data-centric approach. Encrypt the data. Strengthen the authorization process. Require strong passwords and two-factor authentication. Build security into every level.”

Sounds interesting? These are some of responsibilities of cloud security engineers, who—like application security engineers and network security engineers—can be found working in a variety of professional settings.

Amazon Echo. Fitbit. Google Home. What do these devices have in common?

For starters, to some degree, they cohabitate the Internet of Things (IoT) ecosystem. But beyond that, each device has the potential to host significant security threats. That’s because, for all their consumer benefits, these devices are also data collectors: storing valuable information like your name, age, health data, location and more.

When you’re tracking steps on Fitbit while training for a marathon, that’s a great thing. When a cyber attacker is targeting you, not so much.

In one harrowing IoT attack, a Texas parent was shocked by the sound of expletives coming through their smart baby monitor. It had been hacked by a cybercriminal.

That scene may sound like the opening sequence of a thriller movie. Unfortunately for that Texas family, it was painfully real.

As explained by IBM, “many IoT devices and backend systems are not designed with security in mind.” And in this digital age, that may pose a variety of problems.

According to global business data platform Statista, some 15 billion devices were connected to the IoT in the year 2015. In 2020, that figure has skyrocketed to 30.73 billion—and of course, more devices means more potential vulnerabilities.

For that reason, IoT security engineers play an important part in supporting and executing threat models, risk assessments and security reviews—as well as overseeing product development to ensure strong security is being built into IoT devices.

If you’ve gotten this far, you may have learned that cyber security is an expansive, fairly complex and constantly evolving field. Before launching your career in the industry, you may want to conduct thorough research to pinpoint your passions and explore educational next steps.

According to the U.S. Bureau of Labor Statistics (BLS), professionals in the field typically hold a bachelor’s degree in a computer-related discipline, while others may hold a graduate degree, such as an online master’s in cyber security. Some professionals, perhaps with an unrelated background, may decide to complete certain cyber security courses. This can be done in-person or online. There’s also the option to enroll in cyber security bootcamps, which are typically shorter than a full degree program.

From cryptography and computer forensics to algorithm design and analysis, studying cybersecurity or specializing in a particular area of it may help prepare you for a career in the field.

As you think through your decision to become a cyber security specialist, you may want to ask yourself some of these questions:

Whatever path you choose, take some time to consider how it fits with your current lifestyle and whether it is well-suited for your professional development. 

Last updated November 2020.