Cryptanalyst career guide

A cryptanalyst is someone who is able to take coded data and turn it into plain text that is easy to understand. Deciphering secret messages is one way that cryptanalysts can protect an organization’s data. After all, knowing how to do this gives you insights into how hackers could access this information and use it to their advantage. As a cryptanalyst, you want to put systems in place that prevent cyber criminals from decoding private data.

You can obtain this role in a variety of commercial, governmental, and non-governmental organizations. A cryptanalyst is an expert at data encryption and decryption. To gain these specialized skills, you’ll most likely need to study for a Bachelor’s degree in a related subject. This is often the minimum requirement to get hired as an entry-level cryptanalyst. Some companies, however, might want you to have a Master’s level qualification.

If you are interested in understanding more about the role of a cryptanalyst, we have put together a comprehensive guide on how you can pursue this career path. Read on to find out more about the daily responsibilities of this role, as well as the skills, education, and certificates you need to get hired. We also highlight the average salaries of cryptanalysts and the top companies hiring for this position.

See also: A beginner’s guide to cryptography

What is cryptanalysis?

Cryptanalysis is the science and art of deciphering coded messages without knowing the key. A ‘key’ refers to a separate piece of code that you can use to ‘unlock’ a secret message – it translates it into the original plaintext that you will be able to understand.

Hackers are able to achieve this by breaking into cryptographic security systems (systems that encrypt and decrypt private information). This gives them access to encrypted messages.

Hackers often practice cryptanalysis. But organizations need cybersecurity employees who have the same skills (also known as ethical hacking). Employed cryptanalysts can figure out vulnerabilities in the algorithms of security systems (instructions that a computer follows to encode plain text).

Cryptanalysis also involves devising ways to improve these algorithms so that hackers cannot obtain the encoded information illicitly. Cryptanalysts need to think like hackers, in much the same way that penetration testers do. For this reason, former hackers often make great cryptanalysts.

Cryptanalysis is similar to cryptography – and the two practices often overlap – but there are important differences between the two. The former is the art of revealing the contents of a message that was not intended for you to see, whereas the latter involves creating the codes that decrypt and encrypt these messages. Both cryptanalysis and cryptography are aspects of cryptology, which is the mathematical study of codes, ciphers (algorithms for performing encryption or decryption), and other related algorithms.

What does a cryptanalyst do?

The exact nature of your role as a cryptanalyst will vary depending on the following factors:

  • The type of organization (for example, a private firm, governmental body, or non-profit organization)
  • The size of the cybersecurity team
  • The organization’s cybersecurity demands
  • Your qualifications
  • Your level of experience

However, based on the above description of cryptanalysis, you can expect to carry out the following essential tasks:

  • Protecting important information from interception, modification, duplication, or deletion
  • Evaluating, analyzing, and targeting weaknesses in cryptographic security systems and algorithms
  • Designing strong security systems that prevent vulnerabilities
  • Developing statistical and mathematical models that allow you to analyze data and solve security issues
  • Testing computational models for both accuracy and reliability
  • Investigating, researching, and testing new cryptanalysis theories and applications
  • Being aware of the technologies that hackers are using
  • Identifying, configuring, implementing, and testing the latest tools in cryptanalysis
  • Developing codes or new coding methods
  • Monitoring and detecting issues in data flow or collection
  • Debugging and testing software programs
  • Analyzing and decoding encrypted messages

There are numerous tools that cryptanalysts can utilize for carrying out cryptanalysis. Some of these include:

  • CryptTool: An open-source project that produces learning programs about cryptanalysis and cryptographic algorithms.
  • Cryptol: A domain-specific language (a computer language written to deal with a specific application domain) that allows cryptanalysts to monitor how algorithms operate in software programs.
  • CryptoBench: A program that you can use to carry out cryptanalysis of encoded messages generated with common algorithms.

Cryptanalysts will use many other data security tools, such as password cracking software, although it is not unusual for cryptanalyst researchers to create their own custom tools for specific tasks and challenges.

What skills are required to become a cryptanalyst?

Just like with other subsets of cybersecurity, a cryptanalyst must have a specific skill set. If we keep in the mind the job description above, you’ll be expected to possess the following technical knowledge and soft skills:

  • Knowledge of multiple computer programming languages (for example, C, C++, Python, Java, JavaScript)
  • Advanced understanding and command of mathematics
  • Broad knowledge of computer sciences, especially network and systems analysis
  • In-depth knowledge of encryption techniques
  • Knowledge of computer data structures
  • Knowledge of key exchange and digital systems
  • Excellent communication skills (both interpersonal and in writing)
  • Problem-solving skills
  • Analytical skills
  • Critical thinking skills
  • The ability to use innovative approaches and solutions
  • Collaborating well as part of a team
  • Staying up to date with the latest technological developments in cryptanalysis
  • A high degree of self-motivation
  • A willingness to continually develop your knowledge and skills
  • A high level of ethical integrity (since you are being trusted to look after a large amount of sensitive data)

Bear in mind that significant experience in cybersecurity is often needed to gain this sort of skill set. A cryptanalyst is not considered a graduate-level cyber security position. You might need five to 10 years of experience in the field of IT before an employer will hire you as a cryptanalyst.

How to become a cryptanalyst

If the idea of being a cryptanalyst is appealing, you will have to follow some necessary steps to embark on this career path. We have created a five-step process that will help you obtain a forge your future as a cryptanalyst.

Here’s how to become a cryptanalyst:

  1. Formulate a clear and easy-to-follow plan
  2. Get educated
  3. Research relevant certificates
  4. Know where to look for cryptanalyst jobs
  5. Continue to enhance your knowledge and skill set

Let’s now explore each of these steps in more depth.

1. Formulate a clear and easy-to-follow plan

First, you need to formulate a plan as to how you will progress from your current situation to getting hired as a cryptanalyst. This plan should include clear and detailed information on:

  • How you will gain the necessary cryptanalyst skills, focusing on relevant degrees, certificates, years of IT/cyber security experience, personal development, and other cyber security roles that can lead to a cryptanalyst position (for example, penetration tester or cryptographer).
  • Whether you would prefer to work for a private firm, a governmental body, or a not-for-profit.
  • The particular industry you want to work in, which should be based on your personal preferences, interests, and values. Cryptanalysts are needed in all types of industry, including travel, transport, media, education, marketing, tech, finance, energy, and environment.
  • The specific requirements a company has for hiring a cryptanalyst. If you are unsure of what these are, you can always contact a recruiter directly. They will be able to tell you what qualifications, skills, and experiences are necessary, preferred, or desirable.

2. Get educated

As mentioned previously, you will need at least a Bachelor’s degree in cybersecurity or a relevant subject to land a role as a cryptanalyst. These subjects can also include computer programming, computer science, computer engineering, software development, or IT. Here are some examples of Bachelor’s degrees to consider:

However, many employers will ask that you have a minimum of a Master’s degree in a related subject. This is because a cryptanalyst is a more advanced cybersecurity position. It demands a thorough knowledge of many technical aspects of IT security. And even if an employer doesn’t require a Master’s degree, they might still prefer that you have one. If you want to increase your job prospects, here are a few reputable Master’s degrees worth looking into:

Another career option for hopeful cryptanalysts is a research position. Becoming a cryptanalyst researcher, where you publish original research in the field, usually requires that you hold a related doctoral degree. This level of education will give you a highly refined knowledge base and skill set, allowing you to carry out research as well as teach cryptanalysis in universities and other institutions. High-quality PhDs that will help you obtain a research or academic position, or a top cryptanalyst role, include:

3. Research relevant certificates

Certificates are extra qualifications that will supply you with skills in very specific areas of cybersecurity. Many employers will consider one or more of these certificates necessary, preferable, or beneficial for a role as a cryptanalyst.

If your current experience in cybersecurity has not given you the skills you need to attain a cryptanalyst position, it might be worth gaining a certificate from a well-respected provider. The most useful certificates for cryptanalysts include:

4. Know where to look for cryptanalyst jobs

Once you have the necessary education, certificates, and experience, you can begin to apply for cryptanalyst jobs. Many cryptanalysts enter their role through the organization they already work for. If you are currently in an entry-level or mid-level cyber security role, be aware of your organization’s internal recruitment process and if there are any cryptanalyst vacancies. When you see a vacancy, be sure to put your name forward if you feel you are ready to excel in the role.

However, you might want to switch companies or even industries. If you are interested in working for a governmental agency, check out the following resources for vacancies:

On the other hand, you may feel that your career goals and development are better aligned with the private sector. If that’s the case, some of the top companies hiring cryptanalysts include:

You can also find cryptanalyst vacancies on the major job sites, such as Indeed, LinkedIn, Glassdoor, ZipRecruiter, and Monster, as well as niche job websites like CyberSecJobs.com and CyberSecurityJobsite.com.

See the salary section below for some examples of businesses that pay particularly well for cryptanalyst roles.

5. Continue to enhance your knowledge and skill set

Given that cryptanalysis is an advanced cybersecurity skill, you want to ensure that you are highly motivated when it comes to your learning. Becoming an adept cryptanalyst will involve a continual deepening of your knowledge about encryption and decryption. After all, a cryptanalyst is a trusted expert in cybersecurity, someone that the IT team and organization as a whole relies on to keep crucial information private.

To reach this level of expertise, trustworthiness, and reliability, you should consider options for extended learning, such as a relevant Master’s program, a cybersecurity PhD degree, and additional certificates. You can also educate yourself on cryptanalysis through self-education (through reading and using cryptanalysis software in your own time) and by attending lectures, workshops, conferences, and industry and networking events.

Also, even after all this training, it’s always possible to steer your career path in a different direction, should you decide that a cryptanalyst role isn’t right for you. By learning how to engage in cryptanalysis, you will be well-equipped to explore other areas of cyber security, such as computer programming, computer engineering, software development, and penetration testing.

Cryptanalyst salary

Let’s now take a look at the salary expectations for a cryptanalyst position. The good news is that remuneration (including starting salaries) for cryptanalysts is quite high. This is due to the level of responsibility that a cryptanalyst has, the authority they have in the field of cyber security, and how critical their role is in protecting the overall security of an organization. Cryptanalysis skills are extremely valuable and in high demand.

According to the Economic Research Institute:

  • The average salary of a cryptanalyst is $82,330.The average hourly pay for cryptanalysts is $37.
  • The average bonus for cryptanalysts is $2,231.
  • The salary of cryptanalysts is estimated to reach an average of $92,479 in 2029, representing an increase of more than $10,000 over a five-year period.

Want to aim for the very best jobs in the field? Information from SimplyHired shows some of the top employers of cryptanalysts and what these companies pay for the role:

  • Institute for Defense Analyses – Adjunct Research Staff Member ($103,000–$130,000)
  • Synergy – Cryptanalytic Computer Scientist ($102,000 – $129,000)
  • Clear Resolution Consulting – Mission Access Coordinator ($81,700 – $103,000)
  • AMERICAN SYSTEMS– Vulnerability Researcher ($85,000)

See also: