Cyber security definitionCyber security\u00a0is the practice of defending computers, networks, and data from malicious electronic attacks. It is often contrasted with physical security, which is the more traditional security practice aimed at controlling access to buildings and other objects in the real world.Although there are plenty of high-tech physical security techniques, and sometimes physical and cyber security are joined together in the org chart under the same executive, cyber security focuses on protecting assets from malicious logins and code, not burglaries.Types of cyber securityCyber security is a broad umbrella term that encompasses a number of specific practice areas. There are a number of ways to break down the different types \u2014 Kapersky Labs has one schema, Mindcore another \u2014 but here are the most prominent types you'll hear about:Network security prevents and protects against unauthorized intrusion into corporate networksApplication security makes apps more secure by finding and fixing vulnerabilities in application codeInformation security, sometimes also referred to as data security, keeps data secure from unauthorized access or alterations, both when it's being stored and when it's being transmitted from one machine to anotherOperational security, often abbreviated as OPSEC, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger picture that ought to stay hiddenSome aspects of disaster recovery are also considered to lie under the cyber security umbrella; in particular, techniques to remediate widespread data loss or service outages as a result of a cyber attack are part of the larger cyber security disciplineExamples of cyber security threatsEach of the types of cyber security combat cyber security threats within a specific conceptual realm. Cyber attacks have come a long way since the days of\u00a0 phone phreaking of the '70s; modern threats include:MalwareDenial of service attacksPhishingRansomwareSQL injectionCross-site scriptingMan in the middle attacksCredential stuffingThe goal of each discipline within cyber security is to face these threats\u2014and new ones that might emerge in the future\u2014in a systematic way, largely by preparing for attacks before they happen and providing as little attack surface as possible to an attacker.Cyber security frameworksOne of the ways in which you can lay this groundwork is to adopt a cyber security framework. This isn't some whiz-bang software tool or hardware appliance; it's a set of policies and procedures meant to improve your organization's cyber security strategies. These frameworks are created by various cyber security orgs (including some government agencies) to serve as guidelines for organizations to improve their cyber security.Any cyber security framework will provide detailed direction on how to implement a five-step cyber security process:Identifying vulnerable assets within the organizationProtecting assets and data, and taking care of necessary maintenanceDetecting breaches or intrusionsResponding to any such breachesRecovering from any damage to systems, data, and corporate finance and reputation that result from the attackCyber security frameworks can become mechanisms by which government security regulations are imposed. Both HIPAA and GDPR, for instance, contain detailed cyber security frameworks mandating specific procedures companies covered by the laws have to follow.Of course, most cyber security frameworks are not mandatory, even ones developed by governments. One of the most popular of these is NIST's Cybersecurity Framework, version 1.1 of which was released in April of 2018. This framework has been mandated for use within U.S. federal agencies and is increasingly popular elsewhere, with voluntary takeup from banks, energy companies, defense contractors, and communications companies.Cybersecurity jobsIf you're reading CSO, it's very likely that you're interested in a cyber security career (or are already in one). Scanning the job boards, you'll likely encounter variations on three common job titles: security analyst, security engineer, and security architect. Job titles are notoriously squishy, but in general these are in ascending order of seniority and responsibility: analysts identify and tweak issues within existing systems, engineers implement major revisions or roll out new systems, and architects design those new systems. But these actual responsibilities can vary widely from company to company, so it's important to take a closer look at each job individually to understand it. At the very top of the food chain is the Chief Information Security Officer, or CISO, though even that title isn't set in stone.Security analystAlso referred to as cyber security analyst, data security analyst, information systems security analyst, or IT security analyst,\u00a0this role\u00a0typically has these responsibilities:Plan, implement and upgrade security measures and controlsProtect digital files and information systems against unauthorized access, modification or destructionMaintain data and monitor security accessConduct internal and external security auditsManage network, intrusion detection and prevention systemsAnalyze security breaches to determine their root causeDefine, implement and maintain corporate security policiesCoordinate security plans with outside vendorsSecurity engineerThe\u00a0security engineer\u00a0is on the front line of protecting a company's assets from threats. The job requires strong technical, organizational and communication skills. IT security engineer is a relatively new job title. Its focus is on quality control within the IT infrastructure. This includes designing, building, and defending scalable, secure, and robust systems; working on operational data center systems and networks; helping the organization understand advanced cyber threats; and helping to create strategies to protect those networks.Security architectA good\u00a0information security architect\u00a0straddles the business and technical worlds. While the role can vary in the details by industry, is that of a senior-level employee responsible to plan, analyze, design, configure, test, implement, maintain, and support an organization\u2019s computer and network security infrastructure. This requires knowing the business with a comprehensive awareness of its technology and information needs.CISO\/CSOThe\u00a0CISO\u00a0is a C-level management executive who oversees the operations of an organization\u2019s IT security department and related staff. The CISO directs and manages strategy, operations, and the budget to protect an organization\u2019s information assets.Security leaders have elbowed their way into the C-suite and boardrooms, as protecting company data becomes mission critical for organizations. A\u00a0chief security officer (CSO)\u00a0or\u00a0chief information security officer (CISO)\u00a0is now a core management position that any serious organization must have.If you're looking through job ads, you might also notice some more specialized job titles out there; Valparaiso University lists some of them, and you'll recognize that they tie into the types of cyber security we listed above. The days of the generalist\u00a0security analyst\u00a0are fading fast. Today a penetration tester might focus on application security, or network security, or phishing users to test\u00a0security awareness. Incident response may see you on call 24\/7.\u00a0Cybersecurity jobs are plentiful, and those who can fill them are in high demand: most professionals agree that there's a skills shortage, with three-quarters of respondents to a recent survey saying the lack of skilled job candidates had affected their organization.Cybersecurity courses and cyber security degrees\u00a0But how do you get those skills? Historically, as is true in many facets of IT, cyber security pros learned their skills on the job. This was especially true as cyber security took a while to emerge as a distinct discipline; many departments developed de facto security pros from within, just out of folks who were interested in the topic.However, as is also true of many aspects of IT today, cyber security has become more and more professionalized, and many college courses and even majors have sprung up to prepare potential cyber security staff. Perhaps the greatest indication that cyber security has matured is the emergence of , many with specific focuses.\u00a0 For instance, at Tufts you can get a master\u2019s degree in Cybersecurity and Public Policy.How do I get a cyber security job? Cybersecurity career pathsOf course, getting a cyber security degree is just the beginning of a career\u2014and isn't the only way to start. The truth is that there's no one true path to a cyber security career: teen hackers gone legit to naval intelligence officers with cyberwarfare backgrounds to political staffers who focused on privacy issues have all gone on to have successful careers in cyber security.For a nifty way to visualize what a career path in cyber security might look like in practice, check out Cyber Seek's Cybersecurity Career Pathway, an interactive tool created in partnership with the National Initiative for Cybersecurity Education (NICE). The tool shows you what entry level, mid-level, and advanced jobs might look like in the field, based in roles that might feed into them. \u00a0Cybersecurity salaryAs you might expect in jobs where skills are in high demand, cyber security pros can be handsomely rewarded. In September 2019, CSO took a look at eight hot IT security jobs and what they pay, and found that even entry level jobs like information security analysts were lucrative, with salaries ranging up to almost $100,000.\u00a0 "At the very highest levels, the right person can command over $400,000," says Paul Smith, vice president of business development at PEAK Technical Staffing.Cybersecurity certificationsThe details of cyber security jobs are, like any high-tech job, always changing, and the key to continuing success is to keep learning and stay flexible: as security evangelist Roger Grimes puts it, "re-invent your skills every five to ten years."One way, though certainly not the only way, to demonstrate that you're keeping up with the industry is to pursue some cyber security certifications. Grimes has put together a list of the top cyber security certifications, along with details of who should be most interested in each. For instance, he recommends the SANS certs for those who "want to learn a lot about computer security, how hackers hack, and how malware is made," while ISACA's certifications are for those "interested in computer systems auditing or computer security management."Top cyber security certifications inclue:CISSP (Certified Information Systems Security Professional)GIAC (Global Information Assurance Certification)CEH (Certified Ethical Hacker)OSCP (Offensive Security Certified Professional)CISM (Certified Information Security Manager)Cybersecurity is definitely a challenging environment\u2014but, as most practitioners will agree, a rewarding one.