Which Should I Pursue? Cybersecurity or Information Security

You may have read or heard about how there are skills gaps and a shortage of professionals in the cybersecurity field. Based on research conducted by the Global Information Security Workforce Study back in 2017, “unfilled cybersecurity jobs are expected to reach 1.8 million by 2022”. Does this mean that Cybersecurity is the field you should pursue instead of Information Security, seeing the shortage of professionals exists there?

Cybersecurity and Information Security are terms often used interchangeably, because both have to do with security and protecting computer systems from information breaches and threats, but they’re also very different.

Cybersecurity is all about protecting data found in electronic form such as computers, servers, networks, and mobile devices from being compromised or attacked. Part of that is identifying what the critical data is, where it resides, its risk exposure, and the technology you must implement to protect it.

Information Security (also known as InfoSec) ensures that all forms of data, which include data found in electronic form, printed documents, physical assets stored on-premises, and any intellectual property, are protected from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction.

Cybersecurity professionals take an active role in helping to protect servers, endpoints, databases, and networks by finding holes and misconfigurations that create vulnerabilities. The experience to understand the difference between general network traffic and a cyber attack is one of the essential skills cybersecurity professionals can acquire.

Information Security professionals, on the other hand, ensures that physical security, data loss prevention, data security controls, and incident response policies are in place and enforced. Some cybersecurity experts also work as Information Security consultants because many of the same skills overlap.

As more and more organizations become digitalized in the information era, threats to Cybersecurity and Information Security continues to increase. As a result of this, the need for experts in these work areas grows significantly day by day, thus creating a host of job opportunities. Here are some of the most popular opportunities advertised. Please note that this is by no means an exhausted list. There are a ton of opportunities out there, and websites like Glassdoor and Indeed are proof of this.

1. Malware Analyst
2. Security Architect
3. Cybersecurity Engineer
4. Cyber Forensics Analyst
5. Cybersecurity Consultant
6. Threat Intelligence Analyst/Hunter
7. Vulnerability Assessor/Penetration Tester

1. Security Auditor
2. Security Manager/Director
3. Information Security Engineer
4. Information Security Consultant
5. Incident Responder/Intrusion Analyst
6. Chief Information Security Officer (CISO)
7. Vulnerability Assessor/Penetration Tester

It is also important to note that you might see “Information Security Professionals” used in describing many Cybersecurity opportunities, and “Cybersecurity Professionals” used in describing many Information Security opportunities. You find this happens because not in all cases, Cybersecurity and Information Security are represented as different domains.

Certifications in the field of Cybersecurity and Information Security are essential. While they are certainly not the end all be all and unless required for employment, probably won’t land you a job on their own, they carry much weight in that they are definite resume boosters. Whether you choose Cybersecurity or Information Security as your career path, here is a list of certifications that would be worthwhile pursuing as they can help you get a job interview. Again, this is not an exhausted list as there are hundreds of certifications available that could enhance your resume and career.

1. CompTIA Security+
2. Certified Ethical Hacker (CEH)
3. Licensed Penetration Tester (LPT)
4. SANS GIAC Security Essentials (GSEC)
5. Offensive Security Certified Expert (OSCE)
6. Certified Cloud Security Professional (CCSP)
7. Certified Information Security Manager (CISM)
8. Computer Hacking Forensic Investigator (CHFI)
9. Offensive Security Certified Professional (OSCP)
10. Certified in Risk and Information Systems Control (CRISC)
11. Certified Information Systems Security Professional (CISSP)

Cybersecurity is a subcategory of Information Security, as Information Security aims to keep data in any form secure, whereas Cybersecurity aims to keep only digital data and systems safe. Cybersecurity vs. Information Security debate can be the wrong way to approach two things that are so complementary to each other. If you are not sure whether to pursue a career in Cybersecurity or Information Security, try courses in both! And go with the one you enjoy most.