203 billion euros – that’s how much money German companies lose every year due to cyber attacks such as data theft, espionage, theft of IT equipment and sabotage, according to a recent Bitkom study. This corresponds to approximately 40% of the entire federal budget – and the trend is rising. This is precisely why experts in the field of cyber security are indispensable today.
As a professional, cyber security consultants help companies arm their IT infrastructure against cyber attack. This concerns both the protection of the technical infrastructure and the security of important business secrets (IT security) as well as personal data of clients and employees (data protection). But how do you become an IT security consultant? What specific tasks await you there and what are the opportunities in terms of salary? Read on and get an overview of this exciting field of activity!
Cyber Security Consulting: Large market volume and best opportunities!
A look at the statistics shows: The cyber security consulting market volume is already huge and will grow significantly in the coming years. The figures from a survey of key players speak for themselves:
- Global market volume 2022: 142.9 billion euros
- Projected growth until 2027: 12.25 % per year
- Expenditure per employee on IT security in the company: 6,710 euros
In addition, almost every company (89%) has already fallen victim to cyber attacks in the past, as the BITKOM study cited above revealed. You can take advantage of this combination: Attractive job opportunities open up as an IT security expert. Large companies as well as banks and government agencies are reporting steadily growing demand. This is not surprising: the more data to process, the greater the risk of cyberattacks!
In addition, there is also the possibility of becoming self-employed as a specialist in the field of cyber security. Challenges at various clients will help you quickly build a wealth of practical knowledge and solidify your expert status.
Tasks: What does a Cyber Security Consultant do?
“Data is the gold of the 21st century.” – IT experts know this mantra. The last few years have clearly shown that it is true. Important trade secrets such as patents are just as much a part of this as information about the target group. Today, those who are known by their own target group and can establish direct contacts (e.g., through legally permissible collected e-mail addresses) are ahead of the competition.
A loss of all this data causes enormous financial damage on the one hand, but also endangers the reputation of a company on the other. Once clients trust has been destroyed, this can destroy the company’s own business foundation. In short, a company’s greatest treasure is its data. For this reason, the core task of cyber security consultants is to protect this treasure. The tasks are divided into different areas:
Consulting for the development of a technical infrastructure for cyber security
In collaboration with the architects of the IT infrastructure in the company, cyber security professionals develop measures to detect and defend against cyber attacks at an early stage. In addition, measures are being taken to make the infrastructure as a whole more robust against possible attacks. These primarily include the following two areas:
- Information security (important assets such as patents, records of processes or design plans)
- Data protection (protection of personal data of employees and clients)
While the protection of important assets for companies has primarily economic reasons, data protection is a legal obligation. This is where the EU’s General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) come into play. The possible legal consequences of data protection problems show how important cyber security is for companies today.
Detection and analysis of vulnerabilities in the IT system
As an IT Security Consultant, you will scan the clients ‘s IT infrastructure for security vulnerabilities. So-called. Penetration tests (or pentests) are an effective tool for this purpose. In penetration testing, targeted attacks are carried out to uncover corresponding vulnerabilities. The next step is the analysis:
- How likely is such a problem to occur?
- What is the potential damage?
- How can the security gap be closed?
- What costs need to be factored in?
Sensitization and training of employees in the area of IT security
In addition to technology, the human factor also plays an important role in IT security. As a Cyber Security Consultant, you know best practices and recommended actions to improve security:
- Access management (strong passwords and two-factor authentication)
- Management of user rights (limit user rights to what is necessary)
- Software up-to-dateness
- Use of good security software
However, one of the biggest gateways for cyber attacks is social engineering. Here, attackers try to trick a company’s employees into clicking on links or revealing certain information. As a Cyber Security Consultant, you will create a learning environment through training and awareness where employees recognize, understand and minimize these risks. After all, employees are the first line of defense against corresponding cyber attacks. The better they manage the risks, the fewer potential problems there are.
The overall goal is therefore to develop an Information Security Management System (ISMS) that meets standards such as IT-Grundschutz and ISO/IEC 27001. Here, the company’s management, in cooperation with cyber security experts, issues an appropriate set of rules to ensure IT security.
Developing an IT security strategy: An example
As a Cyber Security Consultant, you will come to a company that has lived IT security primarily as a bottom-up system. In this way, certain areas in the company are protected by individual measures, but there is a lack of a holistic strategy.
In this case, there is a lot of work to be done:
- The first step is an analysis of the business model to understand potential risks. In collaboration with management, identify the company’s key assets that need to be protected
- The next step is to address current cyber risks. A complete analysis of the IT infrastructure including the weak points with regard to security measures concludes the inventory
- Now follows the development of a holistic IT security strategy together with the management, e.g.:
- Code of Conduct for employees in terms of safety as well as
- Regular training
- Building a security architecture
- Establishment of a security department with regular monitoring and penetration tests
- Building recovery routines in the event of an attack).
As a cyber security consultant, you bring your expertise to the table, but there is more to it than that: convincing all employees and management of the new course. This works by raising awareness in the form of training.
How do I become an IT Security Consultant?
There are several paths to becoming a cyber security expert. Normally, the specific path depends on your previous career. If you want to specialize in technical IT security, you need a profound education in the field of IT.
If, on the other hand, the focus is on data protection, employee sensitization and other non-technical aspects, a lateral entry from legal professions, compliance experts and auditors is often no problem. Business psychologists also find quick closure here.
You can then obtain the security specialization in various ways:
The academic path: Cyber Security studies
The IT Security degree program is often offered as a Master’s degree program. So sometimes the universities and colleges require an IT-savvy bachelor’s degree. Alternatively, however, there is also the option of learning from the bottom up: the Bachelor in IT Security. The course content is diverse and includes some basics as well as elective modules that allow you to specialize further.
Typical course content includes:
- Encryption theory
- IT security concepts (security models such as access control, authentication, trusted computing, security engineering, privacy and data protection, IT forensics)
- Embedded system security
- Practical cryptography (elective module)
- System Security (elective module)
- Software Security (elective module)
Where can I complete a cyber security degree (master’s or bachelor’s)?
The number of study programs for IT security is growing steadily. In the following table you will find some study programs with the corresponding access link:
|Education provider||Info about the study program||Prerequisite||Link|
|TU Darmstadt||Master program with 4 semesters||Bachelor in computer science or similar||About the study program|
|Uni Lübeck||Bachelor in 6 semesters or Master in 4 semesters||High school diploma (Bachelor) or Bachelor’s degree (Master)||About the study program|
|University Mittweida||Bachelor’s degree in 6 semesters, followed by a Master’s degree in cybercrime/cybersecurity possible||Baccalaureate||About the study program|
|Uni Bochum||Bachelor in 6 semesters, later Master in IT Security/Networks and Systems possible||Baccalaureate||About the study program|
|Brandenburg Technical University (BTU)||Master in 4 semesters||Matching Bachelor’s Degree||About the study program|
|FOM Hochschule für Oekonomie & Management gemeinnützige GmbH||Bachelor in 7 semesters (part-time), Attention: Tuition fees||High school diploma and suitable current employment||About the study program|
|University of Applied Sciences (FHM)||Master in 12 months (full-time or part-time), Attention: Tuition fees||Suitable Bachelor with good grade||About the study program|
|Uni Bonn||Bachelor in 6 semesters||Baccalaureate with NC||About the study program|
|IU International University, Bad Honnef campus||Bachelor’s degree in 6 to 12 semesters (part-time also possible)||Also possible without high school diploma||About the study program|
|Mannheim University||Bachelor in 7 semesters||Baccalaureate||About the study program|
|University of Bavarian Business (HDBW)||Master in 3 to 5 semesters (also possible part-time)||Matching Bachelor’s Degree||About the study program|
|Ismannig University of Applied Management||Master in 3 semesters (also possible part-time)||Matching Bachelor’s Degree||About the study program|
|Technical University Deggendorf||Bachelor in 7 semesters||Baccalaureate||About the study program|
This list is only intended as an example of the wide range of opportunities for study in the field of cyber security. As an alternative to public universities and colleges, it is also possible to study at a private university for a fee.
Attention: When studying at a private university, you should budget for costs between 3,000 and 8,000 euros per semester.
IT Security Certificates: The Alternative Way
You don’t want to complete a degree program, but you have professional experience and relevant practical knowledge? In this case, the path is also open to you to prove your qualification via corresponding certificates.
Here are the main recognized certifications:
a) State certifications from BSI
The Federal Office for Information Security (BSI) itself issues certificates for which you, as a graduate, must prove your expertise. The IT security certificates are subject to a fee and cover various areas:
|Pentester||2 years of professional experience with 100 project days in the field, alternatively: 1 year of professional experience with further training and employment with a certified IT security service provider.|
|Incident experts||8 years of professional experience and proof of managerial position in the field|
|IT-Grundschutz consultant||8 years of professional experience, 3 years of special project experience, successful completion of a qualification measure (3 days)|
b) Munich Institute for IT Service Management (mITSM)
The mITSM is also an important address for certification of IT security experts. Here, for example, there is the possibility to be certified in the area of IT security according to ISO 27001. No previous knowledge is necessary here. The training lasts 8 days until certification (3 days basic course, 5 days in-depth course) – so here you lay the foundations as a cyber security specialist.
Tip: The courses are also available online. In addition, you can use the virtual ITSecLab and practice your skills for up to 3 months before taking the exam.
The mITSM also offers certifications in other areas of IT security:
- Data protection (according to DSGVO and BDSG-neu)
- Ethical Hacking and Penetration Testing
- Security according to TISAX (for the automotive industry)
- IT Risk Management
c) TeleTrusT: German IT Security Association
The so-called T.I.S.P certificate (TISP= TeleTrusT Information Security Professional) has a somewhat generalist approach and touches on all the important areas of cyber security in a one-week intensive course. You are eligible with at least 3 years of professional experience and suitable references. You will receive the certificate from recognized TISP training providers.
d) International certificates
In the USA in particular, there are significantly more certifications that now also enjoy international recognition. These include:
- CompTIA Certificates
- Certified Information Systems Auditor (CISA)
- Computer Hacking Forensic Investigator (CHFI)
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Certified Ethical Hacker (CEH)
- Certified Information Security Manager (CISM)
Appropriate training courses are available today from various training providers.
Specialization as Cyber Security Consultant
Cyber security originally comes from IT, but is increasingly becoming a discipline in its own right. The enormous importance and the diverse threats also ensure that you can further specialize within the field of cyber security. In this way, you sharpen your profile and improve career and earning opportunities.
Here are some ways you can specialize as a Cyber Security Consultant:
Penetration Testing (Ethical Hacking)
The field of penetration testing is becoming increasingly important and opens up rosy prospects for the future. Here, as an expert, you virtually slip into the role of a hacker and attempt to penetrate an IT system. In the process, you document all important steps and thus tap the IT system for any weak points. From this, you derive appropriate security measures and implement them together with the management.
As an awareness trainer, you focus your work primarily on the employees of a company. This is about making individuals aware of risks related to cyber security. They lead seminars and trainings on social engineering. In doing so, you show in detail how to avoid the corresponding traps. However, in addition to simply providing information, you also create a general awareness of IT and cybersecurity. In this way, employees should develop lasting habits that can be used to block such attempted attacks from the outset.
In IT forensics, you actually get to play detective. The aim here is to evaluate digital traces after hacker attacks and thus, in the best case, to track down the perpetrators. IT forensic investigators often work independently to help various clients resolve related cyber attacks. Alternatively, however, you may find good employment opportunities as an IT forensic scientist in law enforcement agencies.
Cyber Security Salary: What can I earn?
Job prospects and salary are developing very appealing in the cyber security field. However, exactly how much you earn depends on several factors. These include:
- Work experience
- Region of the company headquarters
- Size and type of the company
Cyber Security Consultant Salary
As a Cyber Security Consultant, you will already start attractively with a base salary of around 43,000 euros per year. After a few years of professional experience, however, earnings of 55,000-65,000 euros per year are not uncommon. Later, as an IT Security Consultant, you can also achieve a salary beyond 100,000 euros.
Would you prefer to be self-employed? As a self-employed IT Security Consultant, you are one of the highly specialized professionals and can command top hourly rates of 120-140 Euros, depending on your experience and industry.
Cyber Security Analyst Salary
As a Cyber Security Analyst, you’ll move up a bit. Even at the beginning, an annual salary of 45-48,000 euros is quite possible. With increasing professional experience, the salary as a Cyber Security Analyst grows from 50-60,000 euros to amounts of 100,000 euros and more per year.
Self-employment in cyber security analysis also offers attractive earning opportunities. As a cyber security consultant, you can easily charge hourly rates of over 120 euros.
Cyber Security: A job with a guaranteed future
If you’re looking to specialize as an IT professional, cyber security is definitely a good fit. More and more companies are discovering how important it is to protect their own data. This in turn creates a great demand for skilled workers. Whether you aim for a specific course of study from the outset or take the specialist certificates later on – both paths lead to the goal. In the end, excellent job prospects with above-average earning potential await you.
What skills does a cyber security consultant need?
As a Cyber Security Consultant, you will need profound knowledge in cyber security as well as IT fundamentals, depending on your focus. In addition, there are good language skills in English as well as the power of persuasion when it comes to implementing new rules of conduct in terms of cyber security.
How much does an IT Security Consultant earn?
The earning potential starts at around 40-45,000 euros and can later reach amounts of up to 100,000 euros. As a self-employed cyber security consultant, hourly rates between 120 and 140 euros are not uncommon.
How to become a Cyber Security Consultant?
Here, many paths lead to the goal. The standard path often involves studying IT or training as an IT specialist. This is followed by postgraduate studies in cyber security. Career changers often acquire the necessary additional qualifications through certificates. Graduates in the legal field or from compliance professions in particular also find many employment opportunities as IT security experts.