top of page
  • Writer's pictureCSNP
    • May 1, 2023
    • 6 min read

Launch your Career in Cryptography

Updated: May 2, 2023


Cryptography is a captivating and continuously evolving field that is critical in the modern world. From securing sensitive information to protecting online transactions, strong cryptography is essential to maintaining privacy and security. There are many paths through cryptography, including theoretical or applied research, implementation of cryptographic algorithms, and consulting on the use of cryptography. These paths all require a passion and dedication to the field and the ability to stay current with the latest advancements. In this blog, I describe several different cryptography career paths, and then include resources and suggestions for those interested in pursuing a career in cryptography.


What is Cryptography and Cryptanalysis?

Cryptography is derived from the Greek words ‘kryptós’ meaning hiddenand ‘graphy’ meaning writing, which translates to ‘hidden writing.’Today, cryptography applies mathematical techniques to secure information and communication. Common cryptography practices include encryption, digital signatures, and cryptographic hashing, which are used in everyday technology such as HTTPS, SSH, and blockchain. Cryptanalysis, on the other hand, is the practice of breaking cryptography, either ethically to find flaws or improve the algorithm, or maliciously to interfere with the communication. A successful cryptanalysis attack may involve revealing secret information, making changes to data that go undetected, or posing as someone else, all of which defeat the purpose of the cryptography. If you are interested in working in cryptography, it is important to understand the concepts and techniques involved and to gain experience in the field.

But what does it mean to work in cryptography and how do you get started in it?

Navigating the Types of Cryptography Jobs

There are many roles in cryptography, such as researching theoretical cryptography, developing practical implementations, and consulting organizations to improve their cryptographic skills. Here are just a few examples of cryptography careers.

Theoretical Cryptography Researcher

Theoretical research in cryptography and cryptanalysis involves creating and proving the security of new cryptographic algorithms, as well as assessing their resilience to attacks. Jobs in this field can be found in academia, government, national labs, and big tech companies. While a PhD or master's degree is often preferred, it is not always required. A strong foundation in mathematics, including abstract algebra, linear algebra, number theory, and probability, is essential, and knowledge of complexity theory and quantum computing can also be beneficial.

Cryptography Engineer

‘Cryptography engineer’ can mean different things depending on the organization, but generally cryptography engineers are responsible for implementing and evaluating cryptographic algorithms. While knowledge of the mathematics behind these algorithms is important, a mathematics degree is not necessary. However, a strong background in programming is essential for those interested in implementing cryptography, and learning languages like Python or Go can be a great starting point, although expertise in C/C++, Java, and C# is also highly valuable. Knowing multiple programming languages is beneficial in cryptography because it allows you to implement and wrap cryptographic libraries in different languages. Understanding how the cryptography algorithm works is essential because even minor information leaks can lead to devastating attacks, which is why having a thorough understanding of the algorithm, best practices, and known attack techniques is crucial.

Cryptography Consultant

Cryptography consulting is gaining popularity, particularly with the increasing threat of quantum computing and other attacks. As cryptography is a specialized field, not all organizations can hire a full-time cryptography engineer. Instead, they turn to cryptography professionals for guidance on improving their cryptography and key management. To pursue a career in cryptography consulting, it's essential to have knowledge of data protection, key management, cryptographic algorithms, and overall cybersecurity.

Cybersecurity Professional

To excel in cybersecurity roles such as application security engineer, network engineer, or penetration tester, understanding cryptography is crucial, even though the job may not solely focus on cryptography. You can use this as an opportunity to transition into a cryptography role by positioning yourself as the cryptography expert on the team. Having unique experience in security can also help you stand out and transition into a cryptography role.

Whichever path in cryptography you choose, you can always change later on, and the skills you learn will help you immensely in your career.

Learning Cryptography

Now that you are considering a career in cryptography, what resources are there to learn cryptography?

Online Learning Platforms

Learn cryptography from interactive platforms and courses.

Books

Dive into the technical details for theoretical or applied cryptography through in-depth books on cryptography by renowned cryptographers.

  • Serious Cryptography: A Practical Introduction to Modern Encryption by Jean-Philippe Aumasson

  • Applied Cryptography: Protocols, Algorithms and Source Code in C by Bruce Schneier

  • Mathematics of Public Key Cryptography by Steven D. Galbraith

Blogs and Forums

Stay up to date on the latest cryptography trends and advancements with blogs and forums.

Organizations

Learn about research, new algorithms, and standards in cryptography from cryptography-relevant organizations.

  • National Institutes of Standards and Technology (https://csrc.nist.gov): The National Institutes of Standards and Technology (NIST) has cryptography standards and algorithm specifications. In particular, the NIST competition for new public-key cryptography that is secure against quantum computers (post-quantum cryptography) has details about the newest cryptographic algorithms and links each algorithm’s websites to learn more (https://csrc.nist.gov/Projects/post-quantum-cryptography).

  • International Association for Cryptologic Research (https://www.iacr.org/): The International Association for Cryptologic Research (IACR) is a non-profit that furthers research in cryptology and related fields.

Conferences

Attend conferences to learn about the newest research, implementations, or attacks in cryptography and network with other cryptography enthusiasts.

Software, Libraries, and Tools

Implement and break cryptographic algorithms from popular cryptographic software, libraries, and tools.

Certifications

Learn and verify your knowledge through certifications. Note that certifications are more helpful for starting out as a cybersecurity professional or cryptography consultant than for a role in theoretical cryptography or research. It’s important to research the requirements and benefits of different certifications.

For updates and more resources, visit emilystamm.com/cryptography.

Experience and Networking in Cryptography

In addition to learning cryptography, it’s helpful to gain experience in cryptography, security, or a related field. The following are ways to gain experience.

Professional Experience

Obtain practical experience in cryptography by pursuing a position or internship in the field, or by working in a related area of science and technology that involves cryptography, such as a cybersecurity role like application security engineer, network engineer, or penetration tester.

Volunteer for a Technology Nonprofit

Volunteering for a technology-oriented nonprofit organization is an excellent way to establish connections, acquire pertinent technical and non-technical skills, and foster a sense of community. One example is volunteering with a cybersecurity nonprofit to provide students with cryptography presentations.

Build Your GitHub

Build your GitHub with your own cryptography projects or contribute to others. For my first cryptography project, I implemented the well-known AES-ECB attacks (https://github.com/emilystamm/aes-ecb-attacks).

Give Presentations

Thoroughly research a topic in cryptography or cybersecurity, even an introductory or non-technical talk, and present it at a local MeetUp, your company, or even a conference.


Example talk titles include:

  • ‘An Introduction to Cryptography for Security Professionals’

  • ‘Increasing Diversity in the Cryptography Field’

  • ‘How Cryptography is used in Blockchain’

  • ‘How Does AES Work?’

Time to Launch

Cryptography is an exciting and dynamic field that requires a passion for continuous learning due to its constantly evolving nature. I hope that the recommendations and resources I provided can aid in launching your career in cryptography. Sources

About the Author: Emily Stamm has experience in quantum machine learning engineering and consulting, cryptography research and engineering, and number theory research with publications. Emily is also passionate about cybersecurity education and awareness, and is the president of CyberSecurity NonProfit (CSNP.org). They cofounded CSNP to provide security educational resources, training, and events globally, with the purpose of making security more accessible, inclusive, and diverse.

CyberSecurity Education | CSNP

CSNP (CyberSecurity NonProfit) is a 501(c)(3) nonprofit organization that provides free and accessible security education and promotes diversity and inclusivity in security.

393 views1 comment
bottom of page