A cryptanalyst is someone who is able to take coded data and turn it into plain text that is easy to understand. Deciphering secret messages is one way that cryptanalysts can protect an organization’s data. After all, knowing how to do this gives you insights into how hackers could access this information and use it to their advantage. As a cryptanalyst, you want to put systems in place that prevent cyber criminals from decoding private data.
You can obtain this role in a variety of commercial, governmental, and non-governmental organizations. A cryptanalyst is an expert at data encryption and decryption. To gain these specialized skills, you’ll most likely need to study for a Bachelor’s degree in a related subject. This is often the minimum requirement to get hired as an entry-level cryptanalyst. Some companies, however, might want you to have a Master’s level qualification.
If you are interested in understanding more about the role of a cryptanalyst, we have put together a comprehensive guide on how you can pursue this career path. Read on to find out more about the daily responsibilities of this role, as well as the skills, education, and certificates you need to get hired. We also highlight the average salaries of cryptanalysts and the top companies hiring for this position.
See also: A beginner’s guide to cryptography
What is cryptanalysis?
Cryptanalysis is the science and art of deciphering coded messages without knowing the key. A ‘key’ refers to a separate piece of code that you can use to ‘unlock’ a secret message – it translates it into plain text that you will be able to understand. Hackers are able to achieve this by breaking into cryptographic security systems (systems that encrypt and decrypt private information). This gives them access to encrypted messages.
Hackers often practice cryptanalysis. But organizations need cyber security employees who have the same skills (also known as ethical hacking). Employed cryptanalysts can figure out vulnerabilities in the algorithms of security systems (instructions that a computer follows to encode plain text). Cryptanalysis also involves devising ways to improve these algorithms so that hackers cannot obtain the encoded information illicitly. Cryptanalysts need to think like hackers, in much the same way that penetration testers do. For this reason, former hackers often make great cryptanalysts.
Cryptanalysis is similar to cryptography – and the two practices often overlap – but there are important differences between the two. The former is the art of revealing the contents of a message that was not intended for you to see, whereas the latter involves creating the codes that decrypt and encrypt these messages. Both cryptanalysis and cryptography are aspects of cryptology, which is the mathematical study of codes, ciphers (algorithms for performing encryption or decryption), and other related algorithms.
What does a cryptanalyst do?
The exact nature of your role as a cryptanalyst will vary depending on the following factors:
- The type of organization (for example, a private firm, governmental body, or non-profit organization)
- The size of the cyber security team
- The organization’s cyber security demands
- Your qualifications
- Your level of experience
However, based on the above description of cryptanalysis, you can expect to carry out the following essential tasks:
- Protecting important information from interception, modification, duplication, or deletion
- Evaluating, analyzing, and targeting weaknesses in cryptographic security systems and algorithms
- Designing strong security systems that prevent vulnerabilities
- Developing statistical and mathematical models that allow you to analyze data and solve security issues
- Testing computational models for both accuracy and reliability
- Investigating, researching, and testing new cryptanalysis theories and applications
- Being aware of the technologies that hackers are using
- Identifying, configuring, implementing, and testing the latest tools in cryptanalysis
- Developing codes or new coding methods
- Monitoring and detecting issues in data flow or collection
- Debugging and testing software programs
- Analyzing and decoding encrypted messages
There are numerous tools that cryptanalysts can utilize for carrying out cryptanalysis. Some of these include:
- CryptTool: An open-source project that produces learning programs about cryptanalysis and cryptographic algorithms.
- Cryptol: A domain-specific language (a computer language written to deal with a specific application domain) that allows cryptanalysts to monitor how algorithms operate in software programs.
- CryptoBench: A program that you can use to carry out cryptanalysis of encoded messages generated with common algorithms.
Cryptanalysts will use many other data security tools, such as password cracking software, although it is not unusual for cryptanalyst researchers to create their own custom tools for specific tasks and challenges.
What skills are required to become a cryptanalyst?
Just like with other subsets of cyber security, a cryptanalyst must have a specific skill set. If we keep in the mind the job description above, you’ll be expected to possess the following technical knowledge and soft skills:
- Advanced understanding and command of mathematics
- Broad knowledge of computer sciences, especially network and systems analysis
- In-depth knowledge of encryption techniques
- Knowledge of computer data structures
- Knowledge of key exchange and digital systems
- Excellent communication skills (both interpersonal and in writing)
- Problem-solving skills
- Analytical skills
- Critical thinking skills
- The ability to use innovative approaches and solutions
- Collaborating well as part of a team
- Staying up to date with the latest technological developments in cryptanalysis
- A high degree of self-motivation
- A willingness to continually develop your knowledge and skills
- A high level of ethical integrity (since you are being trusted to look after a large amount of sensitive data)
Bear in mind that significant experience in cyber security is often needed to gain this sort of skill set. A cryptanalyst is not considered a graduate-level cyber security position. You might need five to 10 years of experience in the field of IT before an employer will hire you as a cryptanalyst.
How to become a cryptanalyst
If the idea of being a cryptanalyst is appealing, you will have to follow some necessary steps to embark on this career path. We have created a five-step process that will help you obtain a forge your future as a cryptanalyst.
Here’s how to become a cryptanalyst:
- Formulate a clear and easy-to-follow plan
- Get educated
- Research relevant certificates
- Know where to look for cryptanalyst jobs
- Continue to enhance your knowledge and skill set
Let’s now explore each of these steps in more depth.
1. Formulate a clear and easy-to-follow plan
First, you need to formulate a plan as to how you will progress from your current situation to getting hired as a cryptanalyst. This plan should include clear and detailed information on:
- How you will gain the necessary cryptanalyst skills, focusing on relevant degrees, certificates, years of IT/cyber security experience, personal development, and other cyber security roles that can lead to a cryptanalyst position (for example, penetration tester or cryptographer).
- Whether you would prefer to work for a private firm, a governmental body, or a not-for-profit.
- The particular industry you want to work in, which should be based on your personal preferences, interests, and values. Cryptanalysts are needed in all types of industry, including travel, transport, media, education, marketing, tech, finance, energy, and environment.
- The specific requirements a company has for hiring a cryptanalyst. If you are unsure of what these are, you can always contact a recruiter directly. They will be able to tell you what qualifications, skills, and experiences are necessary, preferred, or desirable.
2. Get educated
As mentioned previously, you will need at least a Bachelor’s degree in cyber security or a relevant subject to land a role as a cryptanalyst. These subjects can also include computer programming, computer science, computer engineering, software development, or IT. Here are some examples of Bachelor’s degrees to consider:
- Rice University’s BA in Computer Science
- Bellevue University’s Bachelor of Science Cybersecurity Degree
- Norwich University’s Bachelor of Science in Cyber Security
However, many employers will ask that you have a minimum of a Master’s degree in a related subject. This is because a cryptanalyst is a more advanced cyber security position. It demands a thorough knowledge of many technical aspects of IT security. And even if an employer doesn’t require a Master’s degree, they might still prefer that you have one. If you want to increase your job prospects, here are a few reputable Master’s degrees worth looking into:
- UC Berkeley School of Information’s Master of Information and Cybersecurity (MICS)
- A. James Clark School of Engineering’s Masters of Engineering in Cybersecurity
- University of Delaware’s Master of Science in Cybersecurity
Another career option for hopeful cryptanalysts is a research position. Becoming a cryptanalyst researcher, where you publish original research in the field, usually requires that you hold a related doctoral degree. This level of education will give you a highly refined knowledge base and skill set, allowing you to carry out research as well as teach cryptanalysis in universities and other institutions. High-quality PhDs that will help you obtain a research or academic position, or a top cryptanalyst role, include:
- Capitol Technology University’s Doctorate (DSc) in Cybsersecurity
- University of Fairfax’s Doctorate of Information Assurance
- Dakota State University’s Doctor of Philosophy in Cyber Operations
3. Research relevant certificates
Certificates are extra qualifications that will supply you with skills in very specific areas of cyber security. Many employers will consider one or more of these certificates necessary, preferable, or beneficial for a role as a cryptanalyst. If your current experience in cyber security has not given you the skills you need to attain a cryptanalyst position, it might be worth gaining a certificate from a well-respected provider. The most useful certificates for cryptanalysts include:
- EC-Council’s Certified Encryption Specialist (ECES)
- CISSP – Certified Information Systems Security Professional
- GIAC’s (Global Information Assurance Certification) GPEN certification
- CompTIA Security+
- CEH – Certified Ethical Hacker Certification
- GIAC’s (Global Information Assurance Certification) GPEN certification
- IACRB’s CPT – Certified Penetration Tester
- IARCB’s CEPT – Certified Expert Penetration Tester
- CompTIA’s PenTest+
- EC-Council’s Certified Blockchain Professional (CBP)
4. Know where to look for cryptanalyst jobs
Once you have the necessary education, certificates, and experience, you can begin to apply for cryptanalyst jobs. Many cryptanalysts enter their role through the organization they already work for. If you are currently in an entry-level or mid-level cyber security role, be aware of your organization’s internal recruitment process and if there are any cryptanalyst vacancies. When you see a vacancy, be sure to put your name forward if you feel you are ready to excel in the role.
However, you might want to switch companies or even industries. If you are interested in working for a governmental agency, check out the following resources for vacancies:
On the other hand, you may feel that your career goals and development are better aligned with the private sector. If that’s the case, some of the top companies hiring cryptanalysts include:
You can also find cryptanalyst vacancies on the major job sites, such as Indeed, LinkedIn, Glassdoor, ZipRecruiter, and Monster, as well as niche job websites like CyberSecJobs.com and CyberSecurityJobsite.com.
See the salary section below for some examples of businesses that pay particularly well for cryptanalyst roles.
5. Continue to enhance your knowledge and skill set
Given that cryptanalysis is an advanced cyber security skill, you want to ensure that you are highly motivated when it comes to your learning. Becoming adept as a cryptanalyst will involve a continual deepening of your knowledge about encryption and decryption. After all, a cryptanalyst is a trusted expert in cyber security, someone that the IT team and organization as a whole relies on to keep crucial information private.
To reach this level of expertise, trustworthiness, and reliability, you should consider options for extended learning, such as a relevant Master’s program, a cyber security PhD degree, and additional certificates. You can also educate yourself on cryptanalysis through self-education (through reading and using cryptanalysis software in your own time) and by attending lectures, workshops, conferences, and industry and networking events.
Also, even after all this training, it’s always possible to steer your career path in a different direction, should you decide that a cryptanalyst role isn’t right for you. By learning how to engage in cryptanalysis, you will be well-equipped to explore other areas of cyber security, such as computer programming, computer engineering, software development, and penetration testing.
Let’s now take a look at the salary expectations for a cryptanalyst position. The good news is that remuneration (including starting salaries) for cryptanalysts is quite high. This is due to the level of responsibility that a cryptanalyst has, the authority they have in the field of cyber security, and how critical their role is in protecting the overall security of an organization. Cryptanalysis skills are extremely valuable and in high demand.
According to the Economic Research Institute:
- The average salary of a cryptanalyst is $76,234.
- The average hourly pay for cryptanalysts is $37.
- The average bonus for cryptanalysts is $2,066.
- The salary of cryptanalysts is estimated to reach an average of $84,127 in 2026, representing a 10 percent increase over a five-year period.
Want to aim for the very best jobs in the field? Information from SimplyHired shows some of the top employers of cryptanalysts and what these companies pay for the role:
- Intel – Homomorphic Encryption Software Engineer ($130,000–$160,000)
- Sentar – Reverse Engineer – EIA-CSS ($88,000–$110,000)
- Novetta – Digital Network Exploitation Analyst ($56,000–$73,000)