Cyber security in a nutshell 

Cyber security is a very broad field, and includes a few major verticals – Security Engineering, Security Analyst, Incident Response, Architecture, Governance Risk and Compliance, Offensive Security, Application Security, Identity and Access Management. 

In a nutshell, cyber security specialists protect systems, networks, programs, devices and data from various cyber-threats, breaches, damage, and theft by unauthorised access. 

A career in cyber can therefore be varied, challenging and rewarding. As a professional in this space, you might create and enforce security policies for organisations, identify and neutralise cyber threats, or undertake offensive security activities, such as penetration testing. 

Technical skills and certifications for cyber security roles 

Cyber security is one of the few areas in IT where you can make a start without formal certification. 

Getting industry certifications can help your CV stand out when being reviewed by a HR team or a recruiter, however you shouldn’t expect that just having a certificate will get you a role. From our experience, hiring managers will prefer to hire a highly passionate person over a highly certified person who has a punch the clock type mentally. 

Technical skills can be taught, attitude and passion can’t. 

If you are in an alternate role in IT, there are pathways to roles that don’t require technical skills. There was a post addressing this, from James Turner from CISO lens which articulated this particularly well.

Below is a list of common certifications we see for candidates making a start in the industry. 

1. Comptia Security+ 
2. Cisco CCNA 
3. Certified Ethical Hacker (CEH) 
4. Offensive Security Certified Professional (OSCP) 

(If you’re completely new to IT, you might value Coursera’s handy list of entry-level IT certifications to get you started.) 

While technical skills can always be taught, the qualities that most managers look for in their cyber security candidates are passion and a curious, adaptable, can-do attitude.

What to expect from a career in cyber 

A career in Security can be equal parts rewarding and challenging, with day-to-day role requirements varying based on the chosen discipline. Here’s an overview of three roles that sit within cyber security. 

Security Engineer 

This role often includes configuring and automating the first line of defence including firewalls, Intrusion Detection and Prevention Systems (IPS/IDS), monitoring systems (SIEM) amongst others. 

Once configured, these devices need to be tuned for the security environment, python is generally used if automation is built into the environment. 

A security engineer could also be a subject matter expert on any one of these technologies e.g., an SME on the Security Information and Event Management (SIEM) platform, Splunk would be involved with fine tuning the alerts to reduce the number of false positives that are being generated. 

Security Analyst 

Security analysts are the frontline defenders of the security environment. They use various tools to analyse, assess, monitor, and investigate vulnerabilities and suspicious activity. In more mature environments, they might use a SIEM like Splunk, Azure Sentinel, Rapid 7, Exabeam, or Sumo Logic. The SIEM will pull data from multiple sources in the security environment and record a log, identify deviations from the norm, and take appropriate action. 

When suspicious activity is detected, a SIEM system might generate an alert for the security analyst to investigate, and instruct other security controls to stop an activity’s progress. 

Offensive Security 

Offensive security is perhaps considered one of the sexier roles in cyber security. There are many titles but are most known as penetration testers or red team consultants. If you have seen Mr. Robot – that is a good description of what someone in offensive security does day-to-day. 

Offensive security specialists are given permission to try to break into a company or its IT environment to find vulnerabilities. This could be software-based systems, the IT infrastructure, or at times can also incorporate physically attempting to gain access to premises. 

Market insights and salaries for cyber security roles 

Cyber security in Australia is in high demand as the industry is in a significant maturation phase. High profile breaches in various businesses has driven even more demand than pre-covid times.

Due to a shift in remote working, Identity and Access Management and Privileged Access Management has been a very large focus and we expect this to continue. 

Our 2023 Candidate Motivators Report surveyed current Cyber Security professionals about their top three drivers in an employer. 

• # 1 Provides attractive salary and benefits 
• #2 Offers flexible working arrangements 
• #3 Supports a good work-life balance 
  

Roles and salaries 

There are many roles, levels, and attractive salaries on offer for cyber security specialists this should give a ballpark range on a few roles at junior / mid level levels: 

Sydney, Brisbane & Melbourne: 

• Governance, Risk and Compliance Consultant - $80,000 to $120,000 
• Penetration Tester - $75,000 to $120,000 
• Security Analyst - $75,000 to $120,000?
• Junior Security Architect - $140,000 to $160,000 
• Security Engineer - $80,000 to $120,000 

How to land your first role in cyber security 

Cyber is an area where ALL learning and study is valuable to help you land a job BUT there is no singular certification that will instantly result in a job offer. 

Most hiring managers want to see a consistent commitment to continuous learning as that is what it takes to keep up to date in an ever evolving industry. In order to land a job it’s a mixture of hard work, persistence and a little bit of luck! 

If you're looking to break into cyber security, take a look at the NICE Framework, put together by AusCyber which is an excellent starting point to gain insights into the different areas in Cyber. The Security Certification Roadmap is great once you've found an area you are interested in. The following resource shows various certification pathways and what roles the skills learned sit with. 



Networking is also super important, so get along to one of several meetups that happen in most major cities. Meetups are a great place to get a feel for what people are doing within the various disciplines (plus they generally have free beer and pizza – and who doesn’t love a freebie?) 

A few Sydney based meetups to keep an eye out for: 

• SecTalks   
• OWASP (Open Web Application Security Project)
• BSIDES Sydney and Brisbane 
  

Looking for more ways to expand your network? We sponsor and attend the above meetups and have been guest speakers for Hack Sydney, CISO Brisbane and AWSN Brisbane.   

We're always on the hunt for qualified security professionals. So, if you’d like to chat about the current market and opportunities – get in touch with our Cyber team: Riki & Brittany in Sydney and Chelsey in Brisbane! 

Want a full breakdown to understanding the drivers in world of Cyber talent in 2023/2024? We've put together your golden ticket to learning just that in our Cyber Wrap.