Updated: May 2
Author Emily Stamm
Cryptography is a captivating and continuously evolving field that is critical in the modern world. From securing sensitive information to protecting online transactions, strong cryptography is essential to maintaining privacy and security. There are many paths through cryptography, including theoretical or applied research, implementation of cryptographic algorithms, and consulting on the use of cryptography. These paths all require a passion and dedication to the field and the ability to stay current with the latest advancements. In this blog, I describe several different cryptography career paths, and then include resources and suggestions for those interested in pursuing a career in cryptography.
What is Cryptography and Cryptanalysis?
Cryptography is derived from the Greek words ‘kryptós’ meaning hiddenand ‘graphy’ meaning writing, which translates to ‘hidden writing.’Today, cryptography applies mathematical techniques to secure information and communication. Common cryptography practices include encryption, digital signatures, and cryptographic hashing, which are used in everyday technology such as HTTPS, SSH, and blockchain. Cryptanalysis, on the other hand, is the practice of breaking cryptography, either ethically to find flaws or improve the algorithm, or maliciously to interfere with the communication. A successful cryptanalysis attack may involve revealing secret information, making changes to data that go undetected, or posing as someone else, all of which defeat the purpose of the cryptography. If you are interested in working in cryptography, it is important to understand the concepts and techniques involved and to gain experience in the field.
But what does it mean to work in cryptography and how do you get started in it?
Navigating the Types of Cryptography Jobs
There are many roles in cryptography, such as researching theoretical cryptography, developing practical implementations, and consulting organizations to improve their cryptographic skills. Here are just a few examples of cryptography careers.
Theoretical Cryptography Researcher
Theoretical research in cryptography and cryptanalysis involves creating and proving the security of new cryptographic algorithms, as well as assessing their resilience to attacks. Jobs in this field can be found in academia, government, national labs, and big tech companies. While a PhD or master's degree is often preferred, it is not always required. A strong foundation in mathematics, including abstract algebra, linear algebra, number theory, and probability, is essential, and knowledge of complexity theory and quantum computing can also be beneficial.
‘Cryptography engineer’ can mean different things depending on the organization, but generally cryptography engineers are responsible for implementing and evaluating cryptographic algorithms. While knowledge of the mathematics behind these algorithms is important, a mathematics degree is not necessary. However, a strong background in programming is essential for those interested in implementing cryptography, and learning languages like Python or Go can be a great starting point, although expertise in C/C++, Java, and C# is also highly valuable. Knowing multiple programming languages is beneficial in cryptography because it allows you to implement and wrap cryptographic libraries in different languages. Understanding how the cryptography algorithm works is essential because even minor information leaks can lead to devastating attacks, which is why having a thorough understanding of the algorithm, best practices, and known attack techniques is crucial.
Cryptography consulting is gaining popularity, particularly with the increasing threat of quantum computing and other attacks. As cryptography is a specialized field, not all organizations can hire a full-time cryptography engineer. Instead, they turn to cryptography professionals for guidance on improving their cryptography and key management. To pursue a career in cryptography consulting, it's essential to have knowledge of data protection, key management, cryptographic algorithms, and overall cybersecurity.
To excel in cybersecurity roles such as application security engineer, network engineer, or penetration tester, understanding cryptography is crucial, even though the job may not solely focus on cryptography. You can use this as an opportunity to transition into a cryptography role by positioning yourself as the cryptography expert on the team. Having unique experience in security can also help you stand out and transition into a cryptography role.
Whichever path in cryptography you choose, you can always change later on, and the skills you learn will help you immensely in your career.
Now that you are considering a career in cryptography, what resources are there to learn cryptography?
Online Learning Platforms
Learn cryptography from interactive platforms and courses.
CryptoHack (https://cryptohack.org/): Solve puzzles and challenges to learn about cryptographic algorithms like RSA and AES.
Coursera Courses (https://www.coursera.org/courses?query=cryptography): Take courses in cryptography, applied cryptography, number theory, and more.
CryptoTool (https://www.cryptool.org): Learn cryptography through visual demonstrations and more.
Dive into the technical details for theoretical or applied cryptography through in-depth books on cryptography by renowned cryptographers.
Serious Cryptography: A Practical Introduction to Modern Encryption by Jean-Philippe Aumasson
Applied Cryptography: Protocols, Algorithms and Source Code in C by Bruce Schneier
Mathematics of Public Key Cryptography by Steven D. Galbraith
Blogs and Forums
Stay up to date on the latest cryptography trends and advancements with blogs and forums.
Schneier on Security by Bruce Schneier (https://www.schneier.com/)
A Few Thoughts on Cryptographic Engineering by Matthew Green (https://blog.cryptographyengineering.com/)
Crypto Stack Exchange (https://crypto.stackexchange.com/)
Learn about research, new algorithms, and standards in cryptography from cryptography-relevant organizations.
National Institutes of Standards and Technology (https://csrc.nist.gov): The National Institutes of Standards and Technology (NIST) has cryptography standards and algorithm specifications. In particular, the NIST competition for new public-key cryptography that is secure against quantum computers (post-quantum cryptography) has details about the newest cryptographic algorithms and links each algorithm’s websites to learn more (https://csrc.nist.gov/Projects/post-quantum-cryptography).
International Association for Cryptologic Research (https://www.iacr.org/): The International Association for Cryptologic Research (IACR) is a non-profit that furthers research in cryptology and related fields.
Attend conferences to learn about the newest research, implementations, or attacks in cryptography and network with other cryptography enthusiasts.
Crypto and Eurocrypt (https://iacr.org/conferences/): annual conferences on cryptography research
RSA Conference ( https://www.rsaconference.com/): an annual conference on cybersecurity that covers cryptography
Software, Libraries, and Tools
Implement and break cryptographic algorithms from popular cryptographic software, libraries, and tools.
OpenSSL - an open-source cryptography library
GitHub repository: https://github.com/openssl/openssl
Bouncy Castle - a collection of cryptographic libraries for Java and C#
GitHub repository: https://github.com/bcgit/bc-java
NaCl and libsodium - a modern, easy-to-use software library for encryption, decryption, signatures, password hashing, and more
PyCryptodome - an easy-to-use self-contained Python package of low-level cryptographic primitives.
GitHub repository: https://github.com/Legrandin/pycryptodome/
Hashcat - a password recovery tool
GitHub repository: https://github.com/hashcat/hashcat
Learn and verify your knowledge through certifications. Note that certifications are more helpful for starting out as a cybersecurity professional or cryptography consultant than for a role in theoretical cryptography or research. It’s important to research the requirements and benefits of different certifications.
EC-Council Certified Encryption Specialist (https://iclass.eccouncil.org/our-courses/certified-encryption-specialist-eces/): a certification that includes setting up a VPN, encrypting a drive, and hands-on cryptography experience.
Comptia Security+ (https://www.comptia.org/certifications/security): a great all-around security certification when starting out in cybersecurity.
IBM Certified Associate Developer - Quantum Computation using Qiskit v0.2X (https://www.ibm.com/training/certification/C0010300): While this is not a cybersecurity certification, it does show proficiency in quantum computing, which is relevant for a career in cryptography.
For updates and more resources, visit emilystamm.com/cryptography.
Experience and Networking in Cryptography
In addition to learning cryptography, it’s helpful to gain experience in cryptography, security, or a related field. The following are ways to gain experience.
Obtain practical experience in cryptography by pursuing a position or internship in the field, or by working in a related area of science and technology that involves cryptography, such as a cybersecurity role like application security engineer, network engineer, or penetration tester.
Volunteer for a Technology Nonprofit
Volunteering for a technology-oriented nonprofit organization is an excellent way to establish connections, acquire pertinent technical and non-technical skills, and foster a sense of community. One example is volunteering with a cybersecurity nonprofit to provide students with cryptography presentations.
Build Your GitHub
Build your GitHub with your own cryptography projects or contribute to others. For my first cryptography project, I implemented the well-known AES-ECB attacks (https://github.com/emilystamm/aes-ecb-attacks).
Thoroughly research a topic in cryptography or cybersecurity, even an introductory or non-technical talk, and present it at a local MeetUp, your company, or even a conference.
Example talk titles include:
‘An Introduction to Cryptography for Security Professionals’
‘Increasing Diversity in the Cryptography Field’
‘How Cryptography is used in Blockchain’
‘How Does AES Work?’
Time to Launch
Cryptography is an exciting and dynamic field that requires a passion for continuous learning due to its constantly evolving nature. I hope that the recommendations and resources I provided can aid in launching your career in cryptography. Sources
Codecademy. Programming Languages for Cryptography. Retrieved from https://www.codecademy.com/resources/blog/programming-languages-for-cryptography/
TechTarget. Cryptography. Retrieved from https://www.techtarget.com/searchsecurity/definition/cryptography#:~:text=History%20of%20cryptography,the%20Egyptian%20practice%20of%20hieroglyphics.
Cybersecurity Guide. Cryptographer. Retrieved from https://cybersecurityguide.org/careers/cryptographer/
Read This Twice. Best Cryptography Books. Retrieved from https://www.readthistwice.com/lists/best-cryptography-books
Cybersecurity Guide. Cryptanalyst. Retrieved from https://cybersecurityguide.org/careers/cryptanalyst/
Ferguson, N. Useful Cryptography Resources. Retrieved from https://blog.cryptographyengineering.com/useful-cryptography-resources/
Feedspot. Top 20 Cryptography Blogs and Websites To Follow in 2021. Retrieved from https://blog.feedspot.com/cryptography_blogs/
Centre for Applied Cryptographic Research. Retrieved from https://cacr.uwaterloo.ca/
ChatGPt https://chat.openai.com/ for edits, links, and sources
About the Author: Emily Stamm has experience in quantum machine learning engineering and consulting, cryptography research and engineering, and number theory research with publications. Emily is also passionate about cybersecurity education and awareness, and is the president of CyberSecurity NonProfit (CSNP.org). They cofounded CSNP to provide security educational resources, training, and events globally, with the purpose of making security more accessible, inclusive, and diverse.
CyberSecurity Education | CSNP
CSNP (CyberSecurity NonProfit) is a 501(c)(3) nonprofit organization that provides free and accessible security education and promotes diversity and inclusivity in security.