中文

Cybersecurity Career Paths: Everything You Need to Know

Lucy Li

13 Sep 2022

Companies spend vast amounts of money every year to protect their infrastructures, networks, and data from cyberattacks, but expenditure alone will not provide total security. As cyberattacks become more advanced and pervasive, businesses must employ the services of cybersecurity experts to assess and locate potential risks to protect their networks duly. According to CyberSeek, approximately 500,000 cybersecurity positions are currently unfilled. Therefore, there has never been a better opportunity to break into the cybersecurity domain, with growing demand and a scarce talent pool. Irrespective of your educational background, you can transition into the field as there are numerous ways to get started and progress in your cybersecurity career.

What Is Cybersecurity?

Cybersecurity is the practice of safeguarding essential infrastructure and confidential material against cyberattacks. Cybersecurity measures are intended to counteract attacks on networked applications and systems, whether they emerge from within or outside an organisation. In 2020, the worldwide mean cost of cybercrime was USD 3.86 million globally and USD 8.64 million in the U.S.A. These expenditures include identifying and responding to the attack, the expense of downtime, the revenue lost due to it, and the long-term brand harm to a company.

![300+ Terrifying Cybercrime and Cybersecurity Statistics (2022 EDITION) ] (https://s3.ap-southeast-1.amazonaws.com/xccelerate.co-images/others/2022-09-12T17%3A54%3A32.185Z-Screenshot%25202022-09-13%2520at%25201.46.20%2520AM.png)

In addition, the sophistication of security systems caused by divergent technological solutions and a lack of on-premise expertise can intensify these costs. Organizations that implement a comprehensive cybersecurity strategy based on best practices, on the other hand, can combat cyberattacks more efficiently and minimise the impact of breaches when they occur.

Cybersecurity is used in various contexts, ranging from business to personal technology, and can be classified into a few broad categories.

  • Network security: It is the process of protecting a personal network from malicious actors, whether they are malware or targeted attackers.
  • Application security: It is concerned with keeping the system and software safe from attacks. A compromised application may allow access to the information it is supposed to protect. Security begins in the design stage, long before a program or device is implemented.
  • Information security: It ensures the privacy and integrity of sensitive information while it is in storage and transit.
  • Operational security: It refers to the processes that are used to manage and safeguard data assets. This includes the privileges consumers have when connecting to a network and the practices governing how and where data can be stored or shared.
  • Disaster recovery and business continuity: These two concepts characterise how a company reacts to a cybersecurity incident. Disaster response guidelines govern how an organisation restores its operational processes to resume operations at the same level as before. In contrast, business continuity is the plan that an organisation employs when it cannot continue operating due to a lack of resources.

Career Paths in Cybersecurity

There are numerous high-paying, versatile positions available in the cybersecurity domain. Because of the global talent pool scarcity, many companies provide entry-level wages with [average salaries between HKD 288,000-330,000] (https://www.payscale.com/research/HK/Skill=Cyber_Security/Salary). Cybersecurity directors and chief information security officers (CISOs) with more expertise can garner more than [HKD 1,280,000 per year] (https://www.payscale.com/research/HK/Skill=Cyber_Security/Salary).

Cybersecurity Analyst:

A cybersecurity analyst, also known as a SOC analyst, is an entry-level cybersecurity position that focuses on front-line attack detection. Cybersecurity analysts should be skilled in various areas such as malware detection, packet sniffing, log and code debugging, Wireshark, and programming. A cybersecurity analyst's primary duty is to supervise data on the network. While deemed ritual, the work of a SOC analyst is an excellent place to begin learning the fundamentals and launching a career in cybersecurity.

Vulnerability Assessment Analyst:

A vulnerability analyst finds flaws in IT infrastructures, software, and systems and develops initiatives and strategies to mitigate cyber threats. They frequently use scanning equipment to identify hazards and risks and develop strategies and tactics to minimise them. A vulnerability assessment analyst’s position necessitates a few years of experience in the field. In addition, aspiring vulnerability analysts should be familiar with Java and HTML and possess the know-how of ethical hacking and the GIAC Web Application Penetration.

IT Auditor:

An IT/cybersecurity auditor is in charge of conducting a thorough analysis and evaluation of your company's IT infrastructure. They identify vulnerabilities and risks, as well as weak links. Auditing is about more than just technical fortitude or IT stability; it is also about data and information security. As a result, it is the principal method for determining conformance. Moreover, IT auditors analyze system security and network standards against a specific benchmark to ensure that the needs are met precisely.

Cybersecurity Engineer:

Cybersecurity engineers, much like software developers, create technologies that protect system architecture. Their duty is to predict potential weaknesses and locate existing vulnerabilities, which necessitates installing firewalls, using encryption software, etc. To work as a cybersecurity engineer, you must possess at least a few years of work experience in the field in addition to a strong command of programming languages such as Python, Java, C++, or Ruby.

Employment Outlook: Cybersecurity Salaries in Hong Kong

Cybersecurity is a rapidly expanding field that has been impeded by an enduring scarcity of intellectual talent, with demand for proficient cybersecurity professionals eclipsing supply. As per a report by Cybersecurity Ventures, companies are facing a striking need for cybersecurity experts. As a result, employers across industries display an aggressive recruitment fashion as 3.5 million jobs remain unfulfilled in the cybersecurity domain in 2021. With businesses shifting to dramatically increase their employment efforts to improve their information security capabilities as cybersecurity threats grow rampant, jobs in the industry are growing manifold, and Hong Kong is no exception. In fact, the demand for cybersecurity specialists has grown so much that the base salary for a junior cybersecurity analyst can expect to earn as much as HKD 600,676, as per a report by Salaryexplorer.

![EntryHK$600,676] (https://s3.ap-southeast-1.amazonaws.com/xccelerate.co-images/others/2022-09-12T17%3A58%3A38.434Z-Screenshot%25202022-09-13%2520at%25201.56.44%2520AM.png)

This number is, of course, contingent on the years of experience one possesses. Naturally, the more experience one possesses, the higher will their salary be. Generally speaking, professionals having between 2-5 years of experience earn 32% more than entry-level employees, with the salary of a mid-senior level cybersecurity expert often reaching HKD 827,283 per annum, as per a report by SalaryExpert. In addition, they earn an average bonus of HK$38,882.

Professionals with experience between 5-10 years tend to earn, on average, 36% more than those with work experience of fewer than five years. This can often translate to HKD 1,000,000 per annum for a Cybersecurity Manager, as per Glassdoor.

![] (https://s3.ap-southeast-1.amazonaws.com/xccelerate.co-images/others/2022-09-12T18%3A01%3A32.223Z-Screenshot%25202022-09-13%2520at%25202.01.12%2520AM.png)

Final Thoughts on Cybersecurity Industry

The advancement of technology has complicated security measures by a significant degree. As attackers employ increasingly intricate ways to introduce vulnerabilities, security measures have got to become more robust and advanced to keep attackers at bay.

This development has led to an industrial shift, with employers across sectors focusing heavily on the recruitment of intellectual talent that can safeguard their infrastructure and data. With so few qualified cybersecurity professionals, the demand for skilled employees in Cybersecurity is exponentially higher compared to the number of applicants. As per a recent survey, almost a 145% increase in the number of employees is needed for the worldwide workforce in order to bridge the skills gap.

Lucy Li

13 Sep 2022

Accelerating humanity by educating workforces