The main function for a cryptographer or a cryptanalyst within an organization is to take care of all the aspects related to cryptography within an organization. You are expected to work on designing algorithms and developing them and dealing with the security systems within the organization that all have to do with encrypting sensitive data. A cryptanalyst should be the only one within an organization who can analyze encrypted data and decrypt into its original form. Hidden information is in the form of encrypted data, cipher texts, or telecommunications protocols. You should be able to analyze any.
You can think of a cryptanalyst as that someone who is both the code maker and breaker. In other words, he is supposed to make sure that any attacker will not be able to get any viable information from looking at some meaningless ciphertexts. Such private data may include financial information, national security secrets, and other important spheres. This all makes the job a very intense and important one.
First of all, you may consider yourself the white knight for data within your organization. The following list gives an idea about the most common responsibilities that you should be prepared to take while working as a cryptanalyst.
- You have to make sure that all data are protected, especially that vital information that concerns your organization the most. By protection, I mean that no one can manage to intercept the data, copy it, modify it or even worse to delete or destroy it.
- It is your responsibility to spot any existent weaknesses in the used cryptographic security systems and algorithms. You should then work on analyzing such inadequacies, evaluate them, and work on evading them.
- You should always make sure that there are no cryptographic-based security vulnerabilities in your designed systems, or at least make sure they are kept at minimal as much as possible.
- You have to work and play with math for quite a bit in this job. To analyze data, or to solve a security problem, you will usually need to design some mathematical models and statistical ones as well.
- One of your primary responsibilities is to check that all the computational data are both accurate and completely secure according to the security requirements set by the organization.
- You should always do your research in the field of cryptography to know about the new techniques and theories in the area. You should evaluate them and test whatever suitable for your organization to get it integrated into the systems.
- You always have to check for any weaknesses especially when it comes to encrypted channels such as wireless network, the secure telephone, cellphones, email, etc.
- You have to make sure that all financial data is always kept safe and secured from any cyber attackers who may even manage to get into the systems and hope to intercept any extracted data. Such financial data mainly includes information about a credit card, inter-bank, ATM, online transactions, etc.
- You have to always check for both the confidentiality and integrity of data transmission. To elaborate, message transmission data like the wireless network, secure telephone, cellphones, email, etc. cannot be interpreted by any eavesdropper or any attacker in general. Also, they should be protected against any modifications that could be applied to them by such an attacker.
- You have to be able to decode any cryptic messages and coding systems that are used within the organization when asked by military, political or any law enforcement agencies.
- You should always work on developing more efficient methods to handle the mysterious processes that your organization depends on.
- You have to be always available for any technical advice or support regarding security issues when asked by the government, any businesses and industry.
- You should always be there for your colleagues to provide them with needed advice on cryptical or mathematical methods and applications.
There is an important note that you should consider before moving forward; your job responsibilities as a cryptanalyst will be reliable on where you work. To illustrate, working for an insurance company as a cryptanalyst will have very different duties from working for the NSA or FBI. In general, a cryptanalyst or a cryptographer is usually expected to have a bright future ahead of him through either working for the public or the private sector.
In fact, there are many paths in life that you can take and lead you to the job position of a cryptanalyst. You may begin your career when you graduate from college immediately. You may spend time in this position, gaining experience and knowledge as much as possible. After that, you may consider getting a doctoral degree to make a very successful career in the field of cryptography though such a degree is not necessary. The following list gives an overview of the most important jobs that you may take after the cryptanalyst job.
- University Professor
- Financial Consultant
- Security Consultant
There are several terminologies by which folks in the security industry refer to cryptographers. The following list gives examples of the most common terminologies for jobs of the same responsibilities as a cryptographer.
- Signals Analyst
- Message Decoder
- Data Decoder
- Encryption Expert
The salary figures for the job of a cryptographer or a cryptanalyst are sometimes tricky top pinpoint. This is basically because such statistics usually treat such job as a mathematician job. The following list refers to 3 salary averages found for this job in different websites specialized in job salaries statistics.
- Looking at Salary Expert, the average salary of a cryptographer falls under the range from $60,000 to $100,000 in most major cities examined by such website team.
- Looking for the term “cryptography” at SimplyHired website, the average salary of a cryptographer is around $70,000.
Looking at All Star Jobs, a junior cryptographer is expected to earn at least $40,000 per year. On the other hand, senior cryptographers are expected to earn at least $100,000 per year.
I would say that a preferable degree by employers in the field is a bachelor’s degree in Mathematics, Computer Science, Computer Engineering or a related discipline. However, employers also look for work experience and extensive training in case you are not holding a technical degree. For example, the National Security Agency considers both those from a technical background as well those with a non-technical degree to become cryptographers. A Director’s Summer Program for talented undergraduate mathematics majors and a Cryptanalysis and Exploitation Services Summer Program (CES SP) are hosted by NSA every year which are open for undergraduate students in majors of mathematics, computer science or a related field.
In addition to that, you may consider a master’s degree with a specialization in Cryptography or a related field to give you more knowledge and experience in the area. This is powerful given that you are not holding a double major degree in both Computer Science and Mathematics. Moreover, a doctorate in Mathematics or Computer Science with a focus on cryptography is another attractive option to go for.
The required experience for this job is greatly dependent on which level of position you are shooting for. To illustrate, a job positing for a junior cryptographer usually does not require any previous work experience. Nevertheless, some other employers may be interested in candidates who have at least three years of experience in the field of IT security like security administration or engineering. Also, if you are shooting for a cryptographer position in MIT, you may be required to have at least five years of experience in a related field as well as a master’s degree or even a doctoral degree.
There are three main domain that you should have experience and related skills in computer science, engineering, and applied mathematics. The following list attempts to point out the main technical skills that you should have for this job at least to start your career in the field.
- You should have a solid knowledge of Computer architecture concepts and ideas, different data structures, and algorithms.
- You should be experienced with discrete mathematics. Also, your knowledge of linear algebra or matrix algebra is really important as well.
- You should be well aware of probability theory, information theory, complexity theory and number theory.
- You should have relevant experience with programming languages such as C, C++, Python, Java and similar programming languages.
- You have to be experienced with Symmetric/Private Key cryptography alongside with its central concepts such as symmetric encryption, hash functions, message authentication codes (MAC), etc.).
- You have to be experienced with Asymmetric/Public Key cryptography alongside with its main concepts such as asymmetric encryption, key exchange, digital signatures, etc.
If you are interested in getting to know the basics in these fields and understand the ideas behind different schemes for cryptography, it is recommended to look for Cryptography MOOCS that are offered by various websites as well as tutorials on YouTube.
A perfect cryptographer is an intelligent individual with analytical and great creativity. You should be excited about solving puzzles and taking scientific challenges that seem to be complex. Moreover, you have to hold great ethical standards when it comes to dealing with sensitive information inside the organization. You have to show your employers evidence of your trustworthiness and good judgment. This is fair enough. You will be dealing with real data without any covers on it because you are the one who covers the data (encrypt it).
In fact, cryptographers are generally expected to be newcomers to the world of security accreditations and certifications. Therefore, it is mostly the case that employers do not require a specific certification for applicants for this job. However, EC-Council has created a specific accreditation that deals mostly with encryption. You may consider taking this certification named as CES: Certified Encryption Specialist.