Your bank transactions, your family’s medical history or an organization's financial records—all of these exist in the form of data that are stored somewhere out there in the digital web. And this data is in desperate need of protection.
“The bargain we strike is that being so open and connected makes us vulnerable,” says Peter Nguyen of Palo Alto Networks. In this digital age, the unfortunate reality is that we are easily compromised.
The good news is there are professionals waging wars behind-the-screen to ensure our national, corporate and personal data is kept safe and secure. But the demand for these experts is growing, and positions are becoming harder to fill.
Maybe you know you want to join this fight, or perhaps you’re just curious about what it takes to become a security analyst. In any case, if you’re at all interested in how to become an information security analyst or what the position entails, you came to the right place. Read on for the answers to all of your questions.
What does an information security analyst do?
Information security analyst job duties
Information security analysts must always be ready to adapt to an evolving digital world in order to stay a step ahead of cybercriminals. In doing so, they are responsible for a variety of tasks.
Here’s a look at a few common job duties, according to the U.S. Bureau of Labor Statistics (BLS)1:
- Monitoring networks for security breaches and investigating when one is detected
- Installing and maintaining software to protect sensitive information
- Simulating attacks to identify potential areas of vulnerability
- Develop security standards and best practices for the company
You’ll also be expected to stay up-to-date on the latest trends and technology in order to develop professionally and recommend security advancements for your organization.
How to become an information security analyst
There is no set-in-stone path to becoming an information security analyst. But there are some important skills, training and experience that can help you on your way to joining the field. Consider the following information when planning your next steps.
In-demand information security analyst skills
Information security professionals, sometimes called cyber security professionals, must possess a handful of technical skills. But with so many different techniques and software out there, it’s hard to know where to focus your efforts.
We used real-time job analysis software to examine nearly 115,000 information security job postings.2 This data helped us identify the top 10 technical skills and qualifications employers are seeking. Here’s what we found:
- Network security
- Information assurance
- Transmission Control Protocol / Internet Protocol (TCP/IP)
- System and network configuration
But it takes more than technical skills to succeed as an information security analyst. Employers are looking for candidates who possess a healthy balance of hard and soft skills to get the job done properly.
Our analysis also revealed the importance of critical thinking and complex problem-solving skills. Information security analysts should also be effective communicators who employ active-listening skills, because they often interact with various members of the company and must explain complex information in a simple way.
Education and experience needed to become an information security analyst
Don’t be intimidated by the list of skills and competencies highlighted above. Information security analysts are responsible for very complex technical tasks, which is why undergoing a formal education is so critical. These are precisely the skills and proficiencies you’ll master in a Cyber Security degree program.
Our analysis indicated that 87 percent of employers are seeking candidates who have at least a Bachelor’s degree.2 Additionally, you’ll likely need some work experience—many information security professionals get their start in IT or other network-related positions, but there are several viable paths. Analysts need an in-depth understanding of network structures and their potential vulnerabilities, so the knowledge of network hardware and configurations is an excellent foundation to build upon.
In-demand information security certifications
In the tech world, certifications are regarded as a badge of approval. It’s another way to prove you’re ready and equipped for the job at hand. Here are the four certifications in highest demand for aspiring information security analysts2:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- SANS/GIAC Certification
Advice for becoming an information security analyst
Education can go a long way, but what else can be done to stand out to employers? Rudraksh Khanna, owner of Khanna Security Solutions, says there are several things you can do to establish yourself in the information security field. Khanna suggests contributing to open-source security projects and bug bounty programs as a way to gain experience and learn more about current exploits.
Additionally, much of an information security professional’s career is based on their ability to think like a hacker. To better develop that mentality, Khanna recommends seeking out and participating in hacking challenges.
“There are several companies that organize these challenges in order to check the vulnerability of their own software products,” Khanna explains. “Regular participation in these hacking challenges can help you learn more and sharpen your knowledge.”
Information security analyst salary and career outlook
You’re probably wondering if acquiring the education, experience and certification is worth it. The compensation may be enough to convince you. The BLS reports the median annual salary for information security analysts in 2016 was $92,600.1 This is more than twice the national average for all occupations.
But keep in mind that your salary range will depend on your education, experience, location and the industry in which you’re working. Top-tier security analysts are earning upwards of $147,000 annually, while analysts in the lowest tenth percentile earn $53,760, according to the BLS.1
As cyber attacks continue to grow in frequency and attackers become more sophisticated, the demand for information security analysts remains high. The BLS projects positions will grow at the much-faster-than-average rate of 28 percent through 2026.1 The predicted areas of highest opportunity for information security analysts are the federal government and the healthcare field.
Is your future in information security?
Now you have a better understanding of how to become an information security analyst and what you can expect in the field. Do you feel compelled to join the fight against cyber crime? If so, then it’s time to start preparing yourself to qualify for one of those coveted positions.
Learn more about how a degree can help get you there by reading our article, “Is a Cyber Security Degree Worth it? The Facts You Can’t Ignore.”
1Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, [career information accessed April 4, 2018] www.bls.gov/ooh/. Salary data represents national, averaged earnings for the occupations listed and includes workers at all levels of education and experience. This data does not represent starting salaries, and employment conditions in your area may vary.
2Burning-Glass.com (analysis of 102,508 information security analyst job postings, Mar. 22, 2017 – Mar. 21, 2018)
EDITOR’S NOTE: This article was originally publish in April 2016. It has since been updated to include information relevant to 2018.