A guide to 10 careers in cyber security (With salaries)
Updated 14 August 2023
A man sits working at a computer next to a list with the title "What do cyber security jobs involve?" and these responsibilities:
- Procure new and updating equipment and software
- Test the security measures of a company
- Put measures in place to minimise risk
- Provide strategic advice
Cyber security, or cybersecurity, is a growing industry and offers a wide range of career options. Roles in cyber security focus on protecting networks, computer systems and data from unauthorised access or interference. This can be in an in-house role, working as a cyber security specialist for a large company, as a consultant in a security firm, or even in a national governing body. In this article, we explain what cybersecurity is and provide a list of careers in cyber security, including salary information.
What is cyber security and what do cyber security jobs involve?
Cyber security consists of the processes an organisation puts in place to protect its data. There are many different ways data could be subject to a cyber attack. This could include threats originating from inside the company, for example, a dishonest or disenfranchised employee seeking to steal data to sell it, either for profit or to damage the company.
Cyber security roles involve putting measures in place to minimise this risk. Companies also use cyber security to prevent cyber attacks from criminals seeking to steal personal data, for example, credit card details. A number of public sector and private sector organisations employ specialists to focus on cyber security. Other cyber experts work in consultancy firms, where they work with a wide range of client organisations to provide specialist cyber security advice.
Related: 12 entry-level IT certifications
Careers in cyber security
If you are wondering how to get into cyber security, here is a selection of 10 popular careers in cyber security in the UK, including outlines of their primary duties and estimates of their average salaries:
National average salary: £30,094 per year
Primary responsibilities: Not all jobs in cyber security require a university degree. Many large companies offer apprenticeships to people leaving school. This is particularly common in the energy industry and in telecommunications companies. These apprenticeships focus on developing real-world cyber security skills through a mixture of classroom and online training and hands-on experience, learning on the job.
Other organisations offer graduate trainee schemes focusing on cyber security. These may be an option for people from a wide range of technical backgrounds, for example, those with maths, engineering or computing degrees. The purpose of these schemes is to provide the necessary skills and qualifications to lead to a full career in cyber security. This could also involve professional qualifications and certifications which allow graduates to develop a specialism in a particular area of cyber security, such as network defence qualifications or CompTIA certification in high-risk cyber security threats.
National average salary: £50,637 per year
Primary responsibilities: A number of bodies exist to provide strategic advice to the public and private sectors about cyber security. The largest of these is the National Cyber Security Centre, but various other organisations employ cyber security advisors whose role includes providing advice on protecting the organisation and its data online. The role of an advisor involves working with technical specialists to take detailed technical knowledge and make it accessible. This can include developing and launching public security awareness campaigns.
Cyber security advisors often work with industries under particular threat from cyber attacks. For example, the nuclear energy industry, research laboratories, weapons manufacturers and others working in advanced technology may find themselves under threat. Attacks may seek to steal intellectual property, such as blueprints or designs. Cyber security expert advisors help these kinds of companies keep their data, their customers and the industry safe.
National average salary: £64,870 per year
Primary responsibilities: Some companies routinely undertake a review of their cyber security measures and put in place new strategies to improve their overall security going forward. A specific cyber security project manager is likely to oversee these projects. As with any project management job, the role involves a significant focus on overseeing a budget and managing a specific project to achieve the desired goals within a specific time frame. It may also involve managing employed contractors for specific aspects of the project.
4. IT manager
National average salary: £45,527 per year
Primary responsibilities: An IT manager oversees the IT systems a company uses. This could involve procuring new equipment, updating existing equipment and using IT solutions to solve problems the company faces. Cyber security is integral to all of these duties. Whilst it is not the sole focus of an IT manager, ensuring that all updates and new systems are storing data safely and securely is fundamental to the job.
National average salary: £43,932 per year
Primary responsibilities: Systems integration engineers and administrators oversee the maintenance and configuration of various IT systems. In particular, they can have responsibility for installing cyber security software on local networks. They may also play a role in managing the human side of cyber security, that is – system access processes, so a company has a clear way of tracking which staff have access to sensitive files and folders.
National average salary: £75,524 per year
Primary responsibilities: Information architects are responsible for designing the structure and layout of a website or network. Those with a focus on security help a company by building the necessary security protocols into the IT networks a company uses. This could include implementing security software, such as virtual private networks (VPNs) and firewalls. They are also likely to play a role in vulnerability testing, to understand which aspects of a company's IT networks are most vulnerable to cyber-attacks.
National average salary: £34,656 per year
Primary responsibilities: A chief information officer has overall responsibility for a company's IT department. They put in place the cyber security strategies and make decisions about the best way for a company to implement technological solutions to upcoming issues. Whilst they have wider responsibility for the usage and functionality of the IT systems, cyber security is an important part of their role.
National average salary: £54,039 per year
Primary responsibilities: A security consultant works for a consultancy company or they may be self-employed. They work with multiple companies, under contract, to provide specialist cyber security advice. As part of their role, they may audit a company's existing cyber security measures to understand where there are issues or concerns. They study the measures in place and assess where breaches would be most likely. Finally, they provide advice to the company on how to remedy these issues.
National average salary: £36,212 per year
Primary responsibilities: Cyber intelligence analysts use intelligence and patterns of data to understand threats and put processes in place to mitigate them. They have a proactive role in writing reports and providing advice that helps a company look to the future and prepare for potential threats. Other IT specialists then implement the advice they provide, for example, by implementing access controls on particularly vulnerable parts of a company's IT system or adding firewalls.
National average salary: £52,294 per year
Primary responsibilities: Penetration testing, or 'white hat hacking', involves testing the security measures a company has in place. A penetration tester uses hacking skills to attempt to break into networks and computer systems or compromise websites. This kind of 'friendly' hacking allows a company to identify and fix security issues that leave their systems vulnerable. People with this speciality often work for specialist IT security consultancy firms, which offer their services to client organisations. This means they may gain a broad range of experience as they spend time working with different IT teams in various sectors.
The role may also involve testing the human aspects of cyber security. For example, a company may hire a specialist firm offering penetration testing, to send targeted phishing emails to members of staff, to understand how staff react and whether their actions (opening a suspicious email, clicking a link) would leave the company vulnerable to a cyber attack. A company uses this insight to implement cyber security training or new policies, where necessary.
Please note that none of the companies, institutions or organisations mentioned in this article are affiliated with Indeed. Salary figures reflect data listed on Indeed Salaries at time of writing. Salaries may vary depending on the hiring organisation and a candidate's experience, academic background and location.
Explore more articles
- A guide on how to get into construction in the UK (with skills)
- What can you do with a geography degree? (With salary info)
- Electrician vs electrical engineer (With salaries)
- How To Become a Construction Estimator: a Step-by-Step Guide
- 10 digital marketing certifications to expand your skills
- How to become a web designer: a step-by-step guide
- What are retail apprenticeships? (With list of examples)
- How to become a scientist (plus nine types of scientist)
- Site supervisor job description (With duties and skills)
- How to become a stuntman in 5 steps (with duties and skills)
- How To Explain Employment Gaps Due to COVID-19
- How to become an advocate (with skills and job info)