Cryptography is a method used to keep messages and other information secrets. It typically involves the use of ciphers, which are defines as a ‘secret or disguised way of writing.’ In the business world, the field of Cryptography in itself is a recent profession. Its purpose is to use mathematically-based encryption methods to keep data and information away from any unauthorized individuals. Borne out of code-making and code-breaking, the fields of cryptography and cryptanalysis have a long and informal history. Codes, ciphers, puzzles and brain-teasers have been around as long as language has existed. When applied to the realm of security, cryptography and cryptanalysis have very specific meanings and purpose: it is designed to restrict access to data and information from unauthorized individuals and organizations. The Cryptographer is the one who “created the lock” and administers the primary key for a computer-based database or other electronically stored information. The role is essentially that of puzzle-maker, a very complex puzzle maker!
Foundations – Education
A strong background in computer technology, information technology and mathematics make up the groundwork for cryptography. Computer Science, Computer Engineering or other more technical degrees comprise the requirements for entry into the field. As with many highly technical fields, a Master’s Degree is very desirable; although the lack of a Master’s Degree may be compensated by a double-major in Computer Science or Computer Engineering and Mathematics (preferably with a concentration on cryptography). While rare, there are those employers who will consider a candidate without higher degrees if there is a great deal of applicable experience demonstrated.
Foundations – Experience and Certifications
Generally speaking, an employer wants to see 3-5 years’ of cryptography or related experience in a candidate. Because a specific standard has not been set by the employment market, employer work experience requirements will vary. In some cases, good experience in a related field may open the door to a cryptography position. There are entry-level positions by which experience can be gained.
One Certificate for cryptography, sponsored by the International Council of Electronic Commerce Consultants (EC-Council): EC-Council Certified Encryption Specialist (ECES). The School of Cyber Security offers a Certified Expert Crypto Professional (CECP) certification. A general certification such as Certified Information Systems Security Professional (CISSP) can be useful. Other cybersecurity-related certificates are available to enhance a resume and background.
It is worthwhile to note that the National Security Agency offers summer programs in a cyber-security environment in order to meet the following goals:
Increase interest in cybersecurity careers and diversity in the cybersecurity workforce of the Nation
Help all students understand correct and safe on-line behavior, and how they can be good digital citizens
Improve teaching methods for delivery of cybersecurity content in K-12 curricula
Foundations – Continuing Education
Due to the ever-changing nature of the Security Industry, continuing education is vital for the long-term success of the Cryptographer. Information travels at light-speed and code-breaking cryptanalysts and hacker work around the clock to defeat the Cryptographer’s work. It is imperative that one stay informed of technology advancement through trade publications, news, blog and organizational affiliations; continuing education programs, classroom training and field exercises are critical to staying current (and effective) in the industry. As many other professional roles have designated requirements for continuing education; within the computer and technology industry, many certifications must be refreshed every few years and it simply makes sense to understand that trends and technology will change over time. The successful Cryptographer willingly keeps learning about the world of computer security.
Employment Opportunities – Job Titles
There are several job titles that encompass the work of cryptography; some examples are:
Of course, the duties of cryptography can be embedded within any number of cyber-security job roles; the list above represents a sampling of job titles that specifically incorporate the cryptography keywords.
The career path may lead to different areas of the Information Security industry, including Security Consultant, Financial Consultant or University Professor.
Employment Opportunities – Job Duties, General
The Cryptographer is the one who creates ciphers, algorithms and various security systems – they are the ‘code-maker’ who is tasked with protecting sensitive data and information. Their role spans the entire social sphere: public sector, private sector, businesses and organizations large and small. Cryptographers work with security specialists, organizational leaders, military and law enforcement personnel. In the most general terms, a Cryptographer will apply mathematical theories to solution for security vulnerabilities in any organization. They resolve existing gaps and propose, design and implement new solutions to maintain the integrity and security of data, networks and information. The Cryptographer works hard to stay ahead of external, malicious attacks aimed at breaching the security of an organization; the Cryptographer also works to help solve existing cyber puzzles within a more forensic environment (typically with law enforcement and government arenas).
There are specific tasks assigned to the Cryptographer; although it is important to realize that duties vary from organization to organization. The daily duties within the National Security Agency will differ from those in a large insurance company. That said, on any given day, a Cryptographer may be tasked with the following:
Create a robust security suite of systems to overcome vulnerabilities
Evaluate, analyze and expose weaknesses in existing cryptographic security systems
Research and test new cryptology theories and products
Generate computer models to analyze data and solve existing information security problems
Test experimental computer models for accuracy and integrity
Maintain the integrity of current encryption systems to protect financial data
Confirm that message transmission data is secure
Create, update and maintain encryption processes for efficiency
Provide technical support to government, businesses and law-enforcement to help solve security issues
Act as resource for current, trending and novel encryption methods and theories for the organization
Apart from specified duties as described above, a Cryptographer must have specific skills to complete their work effectively. These skills include (but are not limited to) the following:
Good understanding of major programming languages (C, C++, Java, Python, etc.)
Good understanding of computer architecture
Excellent mathematics skills (linear, matrix algebra, probability)
Good understanding of complexity theory, number theory and information theory
Expertise in encryption, key exchange and digital signatures
Expertise in symmetric and asymetric cryptography in areas of hash functions, authentication coding and encryption
Expertise in data structures, statistics and algorithms
Additionally, there are other, somewhat more universal skills required for excellence in the field:
‘Challenge accepted!’ mindset and an interest in puzzles
Strong ethics and good judgment
Employment Opportunities – Job Duties, Private Sector
Businesses and non-governmental organizations use cryptography in daily activities. Encrypted emails, secure websites and secure cellphone transmissions are just a few examples of the specific application of cryptography skills. Nearly all purchase transactions – both point-of-sale and online – involve encryption to keep the buyer’s financial data and information secure. Brick-and-mortar retailers use encryption in their check-out lines as well as their general security systems. “Shrinkage,” or loss due to theft, costs retailers millions of dollars annually. A Cryptographer will create, design and implement a component of a business’ security system to reduce such losses.
Online retailers rely on data encryption to protect their customers’ private data within the transaction. The secure webpage provides the consumer with the confidence that the business’ online security is robust enough to allow buyers to purchase with confidence. That confidence is provided by the Cryptographer and their skills in their trade. The once-described “strong encryption” techniques formerly used in military applications are now widespread throughout all business sectors.
Cellphone providers are researching a methodology to encrypt cell phone signals to ensure privacy of conversations and prevent unauthorized access. This idea is not new, but after the events surrounding the investigation of the San Bernadino shooting (contained in the case FBI v Apple), phone security and privacy issues are at the forefront of business thought.
Business runs on email conversations; encryption programs protect information and require monitoring, evaluation and upgrades in order to maintain a high level of information security and integrity. There are specific companies that offer encryption software and larger organizations may have internal security teams develop proprietary protection software.
Employment Opportunities – Job Duties, Public Sector
The National Security Agency (NSA) is considered to be “security central” when it comes to cyber-security. Protection of data is critical within governmental agencies, military and federal law enforcement teams. Cryptographers will assist law enforcement to solve crimes, mitigate threats or other security concerns; they will also ensure the protection of all conversations (voice, text and email) within governmental agencies.
Each branch of the military requires data and information security similar to that of the NSA, with the additional level of importance being the national defense. Troop/personnel orders, statistics and locations must be shared with appropriate individuals and kept away from enemy combatants. Launch codes, weaponry locations and other critical data must be protected as well.
The Cryptographer’s role is uniquely challenging as they must stay ahead of the opposite role (cryptanalysis) to maintain security of information and data. Because the nature of the business is so complex and changeable, the cryptographer is always learning. This is a role that has universal application and a never-ending learning curve!