top of page

Cybersecurity 

Relevant Coursework:

  • CSCE 1030 - Computer Science I

  • CSCE 1040 - Computer Science II

  • CSCE 2100 - Foundations of Computing

  • CSCE 2110 - Foundations of Data Structures

  • CSCE 3550 - Foundations of Cybersecurity

  • CSCE 3444 - Software Engineering (essential for secure software development)

  • CSCE 3600 - Principles of Systems Programming (important for understanding systems vulnerabilities)

Recommended Electives:

  • Ethical Hacking: Explore penetration testing techniques and tools.

  • Cryptography: Study encryption methods and secure communication protocols.

  • Network Security: Learn about firewalls, intrusion detection systems, and network defense strategies.

  • Cloud Security: Understand securing data in cloud environments, including AWS, Azure, and GCP.

Median Total Comp: (will be updated with resources)

  • Cybersecurity Analyst: $70,000 - $110,000+ annually

  • Ethical Hacker/Penetration Tester: $80,000 - $130,000+ annually

  • Security Consultant: $90,000 - $150,000+ annually

  • Security Software Developer: $90,000 - $140,000+ annually

  • Incident Responder: $70,000 - $120,000+ annually

Top Tech Companies:
Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), IBM, Oracle, Salesforce, VMware, Cisco, Dell Technologies, HP Enterprise, Red Hat, SAP, Adobe, Alibaba Cloud, Tencent Cloud, DigitalOcean, Linode, Rackspace, Nutanix

Cybersecurity Analyst

Cybersecurity Fundamentals

  • Familiarity with foundational cybersecurity concepts, including confidentiality, integrity, and availability (CIA triad).

  • Knowledge of common cybersecurity threats and attack vectors.

  • Understanding of various operating systems (Windows, Linux, macOS) and their security features and vulnerabilities.

Networking

  • Knowledge of network protocols and technologies.

  • Proficiency in network architecture and security configurations.

Security Frameworks and Standards

  • Familiarity with cybersecurity frameworks and standards such as the NIST Cybersecurity Framework, ISO 27001, and CIS Critical Security Controls.

Threat Detection and Prevention

  • Skills in identifying and responding to security incidents and threats.

  • Familiarity with intrusion detection systems (IDS) and intrusion prevention systems (IPS).

Security Tools and Technologies

  • Proficiency in using cybersecurity tools and technologies, including antivirus software, firewalls, SIEM (Security Information and Event Management) systems, and vulnerability scanners.

Malware Analysis

  • Understanding of malware analysis techniques and tools.

  • Ability to analyze and dissect malware samples.

Security Policies and Procedures

  • Knowledge of organizational security policies, procedures, and best practices.

  • Ability to create and enforce security policies.

Risk Management

  • Familiarity with risk assessment and management methodologies.

  • Ability to assess and prioritize security risks.

Cryptography

  • Understanding of cryptographic principles and encryption techniques.

  • Knowledge of public key infrastructure (PKI) and digital certificates.

Identical

  • Knowledge of IAM concepts, including user authentication, authorization, and access control.

Security Awareness and Training

  • Promoting security awareness and training programs for employees.

  • Conducting security awareness campaigns.

Incident Response

  • Skills in incident response planning and execution.

  • Knowledge of forensic analysis and evidence collection.

Compliance and Legal Regulations

  • Familiarity with cybersecurity compliance requirements and legal regulations (e.g., GDPR, HIPAA, CCPA).

Cloud Secure

  • Understanding of cloud security best practices and technologies.

  • Familiarity with cloud service providers (e.g., AWS, Azure, Google Cloud) and their security features.

Mobile Device Security (Optional)

  • Knowledge of mobile device security, including securing smartphones and tablets.

IoT Security (Optional)

  • Understanding of Internet of Things (IoT) security challenges and solutions.

  • Staying updated with the latest cybersecurity threats, trends, and best practices.

  • Engaging with the cybersecurity community, attending conferences, and participating in online forums.

Communication

  • Effective communication to convey security risks and recommendations to non-technical stakeholders.

Certificate

  • Pursuing relevant certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM).

Ethical Hacker/Penetration Tester

Networking

  • Proficiency in networking concepts, protocols, and technologies.

  • Knowledge of TCP/IP, DNS, DHCP, and routing.

Operating Systems

  • Understanding of various operating systems (Windows, Linux, macOS) and their security features and vulnerabilities.

Cybersecurity Fundamentals

  • Familiarity with fundamental cybersecurity concepts, including threats, vulnerabilities, and risk management.

  • Knowledge of common attack vectors and attack methodologies.

Web Application Security

  • Understanding of web application vulnerabilities (e.g., OWASP Top Ten).

  • Skills in testing for SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and other web-based vulnerabilities.

Network Security

  • Knowledge of network security principles and practices.

  • Proficiency in configuring and securing network devices (firewalls, routers, switches).

Wireless Security

  • Familiarity with wireless security protocols and vulnerabilities.

  • Skills in testing wireless networks for weaknesses.

Security Tools and Exploitation Frameworks

  • Proficiency in using security tools such as Metasploit, Wireshark, Nmap, Burp Suite, and others.

  • Knowledge of open-source and commercial exploitation frameworks.

Penetration Testing Methodology

  • Understanding of penetration testing methodologies (e.g., PTES, OWASP).

  • Ability to plan and execute penetration tests in a structured manner.

Vulnerability Assessment

  • Skills in identifying and assessing security vulnerabilities in systems and networks.

  • Conducting vulnerability scans and assessments.

Technical Operations

  • Knowledge of common exploitation techniques for gaining unauthorized access.

  • Ability to exploit vulnerabilities to gain access to systems and data.

Social Engineering

  • Understanding of social engineering techniques used to manipulate individuals into revealing confidential information.

  • Awareness of phishing attacks and countermeasures.

Password Cracking and Hashing

  • Proficiency in password cracking techniques and knowledge of password hashing algorithms.

Cryptography

  • Understanding of cryptographic principles and encryption algorithms.

  • Knowledge of SSL/TLS protocols and their vulnerabilities.

Linux and Command-Line Proficiency

  • Proficiency in using Linux command-line tools for reconnaissance, exploitation, and post-exploitation tasks.

Incident Response

  • Knowledge of incident response procedures and best practices.

  • Skills in identifying and responding to security incidents.

Legal and Ethical Considerations

  • Awareness of legal and ethical aspects of hacking and penetration testing.

  • Adherence to ethical hacking guidelines and regulations.

Report Writing

  • Ability to write detailed and organized penetration test reports, including vulnerabilities, risks, and recommendations.

Continuous Learning

  • Staying updated with the latest hacking techniques, security vulnerabilities, and countermeasures.

  • Engaging with the cybersecurity community, attending conferences, and participating in CTF competitions.

Certifications

  • Obtaining certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or CompTIA PenTest+ can validate your skills and enhance your career prospects.

Security Consultant

Cybersecurity Fundamentals

  • Proficiency in foundational cybersecurity concepts, including confidentiality, integrity, and availability (CIA triad).

  • Knowledge of common cyber threats and attack vectors.

Security Frameworks and Standards

  • Familiarity with cybersecurity frameworks and standards such as NIST Cybersecurity Framework, ISO 27001, CIS Critical Security Controls, and GDPR.

Risk Assessment and Management

  • Skills in identifying, assessing, and mitigating security risks.

  • Knowledge of risk management methodologies and risk analysis techniques.

Compliance and Regulatory Requirements

  • Understanding of regulatory requirements, industry-specific compliance standards (e.g., HIPAA, PCI DSS), and data protection laws (e.g., GDPR).

Network Security

  • Knowledge of firewalls, intrusion detection and prevention systems (IDS/IPS), VPNs, and network segmentation.

Endpoint Security

  • Understanding of endpoint security solutions, including antivirus, anti-malware, and endpoint detection and response (EDR) tools.

Security Architecture

  • Knowledge of secure network and system design principles.

  • Skills in creating and evaluating security architectures.

Security Tools and Technologies

  • Proficiency in using security tools such as SIEM (Security Information and Event Management) systems, intrusion detection systems, and vulnerability scanners.

Cloud Security (Optional)

  • Familiarity with cloud security best practices and technologies.

  • Knowledge of cloud service providers (e.g., AWS, Azure, Google Cloud) and their security features.

Identity and Access Management (IAM)

  • Understanding of IAM concepts, including user authentication, authorization, and access control.

Application Security

  • Knowledge of application security principles and practices.

  • Familiarity with secure coding standards and web application security testing.

Incident Response and Handling

  • Skills in incident response planning and execution.

  • Knowledge of forensic analysis and evidence collection.

Security Policies and Procedures

  • Expertise in creating, implementing, and enforcing security policies, procedures, and best practices.

Security Awareness and Training

  • Developing security awareness programs and conducting employee training.

  • Raising security awareness throughout organizations.

Ethical Hacking and Penetration Testing

  • Understanding of ethical hacking methodologies and penetration testing.

  • Knowledge of vulnerability assessment and risk analysis.

Data Privacy and Protection

  • Awareness of data privacy regulations and practices.

  • Knowledge of data classification and data loss prevention (DLP) techniques.

Communication Skills

  • Effective communication to convey security risks and recommendations to non-technical stakeholders.

  • Ability to write detailed security assessment reports.

Project Management

  • Managing security projects efficiently, setting milestones, and meeting deadlines.

Continuous Learning

  • Staying updated with the latest cybersecurity threats, trends, and best practices.

  • Engaging with the cybersecurity community, attending conferences, and participating in online forums.

Pursuing relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) to validate skills and enhance career prospects.

Security Software Developer

Programming Languages

  • Proficiency in programming languages commonly used in software development (e.g., Java, Python, C++, C#).

  • Familiarity with scripting languages (e.g., JavaScript, Python) for web development.

Secure Coding Practices

  • In-depth understanding of secure coding principles, guidelines, and best practices.

  • Knowledge of common vulnerabilities (e.g., SQL injection, XSS, CSRF) and how to prevent them.

Web Application Security

  • Familiarity with web application security concepts and OWASP Top Ten vulnerabilities.

  • Skills in implementing security controls in web applications.

Secure Authentication and Authorization

  • Knowledge of authentication and authorization mechanisms, including OAuth, JWT, and OAuth.

  • Implementing secure authentication and access control in applications.

Encryption and Cryptography

  • Understanding of cryptographic algorithms, encryption, and hashing techniques.

  • Applying encryption to protect sensitive data in applications.

Network Security

  • Proficiency in network security principles, including firewalls, VPNs, and intrusion detection systems.

  • Knowledge of secure communication protocols (e.g., HTTPS, TLS/SSL).

Security Libraries and Frameworks

  • Familiarity with security libraries and frameworks for secure development (e.g., OWASP ESAPI, Spring Security).

Knowledge of database security best practices, including SQL injection prevention and data encryption.

API Security

  • Skills in securing APIs (Application Programming Interfaces) against common security threats.

Code Review and Testing

  • Experience with code review and static code analysis tools to identify vulnerabilities.

  • Writing and executing security tests, including penetration testing and security scanning.

Threat Modeling

  • Understanding of threat modeling techniques to identify potential security risks in software.

  • Mitigating identified threats during development.

Security Awareness

  • Promoting security awareness and training among development teams.

  • Keeping up-to-date with the latest security threats and trends.

Compliance and Privacy

  • Knowledge of regulatory compliance requirements (e.g., GDPR, HIPAA) and their implications for software development.

  • Implementing privacy controls and data protection measures.

Secure Development Lifecycle (SDL)

  • Implementing SDL practices, including security requirements, design reviews, and secure coding standards.

Patch Management

  • Awareness of the importance of timely security patching and updates.

  • Keeping software dependencies and libraries up-to-date.

Continuous Integration/Continuous Deployment (CI/CD)

  • Integrating security checks into CI/CD pipelines to automate security testing.

Incident Response

  • Knowledge of incident response procedures and best practices for handling security incidents in software applications.

Legal and Ethical Considerations

  • Awareness of legal and ethical aspects of security software development, including responsible disclosure and compliance with intellectual property laws.

Communication Skills

  • Effective communication with security teams, developers, and stakeholders regarding security requirements and findings.

Certifications

  • Pursuing relevant certifications like Certified Secure Software Lifecycle Professional (CSSLP) or Certified Application Security Engineer (CASE) can validate your skills and enhance your career prospects.

Incident Responder

Cybersecurity Fundamentals

  • Proficiency in foundational cybersecurity concepts, including the CIA triad (Confidentiality, Integrity, Availability) and security threats.

Security Controls and Technologies

  • Knowledge of security controls, technologies, and their implementations, such as firewalls, IDS/IPS, SIEM (Security Information and Event Management) systems, and antivirus solutions.

Network and System Architecture

  • Understanding of network and system architectures, including different layers and components.

  • Knowledge of how data flows within an organization's infrastructure.

Threat Intelligence

  • Familiarity with threat intelligence sources and feeds.

  • Ability to use threat intelligence to proactively detect and respond to threats.

Incident Detection

  • Skills in identifying suspicious activities, events, or anomalies that may indicate a security incident.

  • Proficiency in using security monitoring tools for real-time detection.

Incident Classification and Prioritization

  • Knowledge of incident classification criteria (e.g., severity, impact, priority).

  • Ability to prioritize incidents based on their potential impact.

Incident Response Frameworks

  • Understanding of incident response frameworks such as NIST Computer Security Incident Handling Guide (NIST SP 800-61) and the SANS Incident Handler's Handbook.

Incident Response Processes

  • Proficiency in incident response processes, including preparation, identification, containment, eradication, recovery, and lessons learned (PIERL).

Evidence Collection and Preservation

  • Skills in collecting and preserving digital evidence related to security incidents.

  • Chain of custody procedures.

Forensic Analysis

  • Knowledge of digital forensics techniques for investigating incidents.

  • Use of forensic tools and analysis of logs and artifacts.

Malware Analysis (Optional)

  • Understanding of malware analysis techniques to identify, analyze, and mitigate malware threats.

Network Traffic Analysis

  • Proficiency in analyzing network traffic to identify unusual or malicious patterns.

  • Familiarity with tools like Wireshark and other network analysis utilities.

Log Analysis

  • Ability to analyze logs from various sources (e.g., firewalls, IDS/IPS, servers) to reconstruct incident timelines.

Communication and Reporting

  • Effective communication with stakeholders, incident team members, and management.

  • Documentation and reporting of incident findings and actions taken.

Legal and Regulatory Compliance

  • Awareness of legal and regulatory requirements for incident reporting and data breach notification (e.g., GDPR, HIPAA, state data breach laws).

Security Awareness and Training

  • Promoting security awareness and training programs for employees to prevent future incidents.

Cloud Security (Optional)

  • Familiarity with cloud security principles and the ability to respond to incidents in cloud environments.

Continuous Learning

  • Staying updated with the latest cybersecurity threats, attack techniques, and best practices.

  • Engaging with the cybersecurity community, attending conferences, and participating in online forums.

Incident Simulation and Tabletop Exercises

  • Participation in incident response simulation exercises to hone incident handling skills.

Certifications

  • Pursuing relevant certifications like Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) can validate your skills and enhance your career prospects.

bottom of page