The Definitive Guide to Becoming a Cyber Security Analyst
What is a Cyber Security Analyst?
A cyber security analyst (sometimes called a security analyst or information security analyst) is responsible for the security of an organization’s computer systems and information technology assets.
The U.S. Bureau of Labor Statistics states that cyber security analysts “plan and carry out security measures to protect an organization’s computer networks and systems.” The nature of this work will vary somewhat based on the size and industry sector of the organization. For example, a security analyst for a financial institution will have different regulations and security threats to consider and be responsible for than a security analyst at a university. Because of the rapid rate of change in cyber security, cyber security analysts are required to continually expand their knowledge and responsibilities as the number of security threats increases and becomes more complex. This rapid rate of change presents both a challenge and an opportunity for cyber security analysts, as staying up to date can be difficult, but also provides a level of job security.
Job Outlook for Cyber Security Analysts
The employment outlook for cyber security analysts is very strong, with the U.S. Bureau of Labor Statistics citing an expected growth of 28% through the year 2026, as compared to 7% for the U.S. economy overall.
The Cyber security field in general has been experiencing an unemployment rate of zero percent in many countries, meaning that there are many more jobs than qualified people to fill them. In other words, every qualified cyber security analyst who wants a job can find one.
The strong job outlook for cyber security analysts is due to several factors, including a(n):
- Increase in cyber security attacks and threats globally
- Increase in financial transactions completed online
- Increase of persons online, including in developing countries
- Increase of connected devices, including IoT and smart devices
- Decrease in the cost of cloud and other online technologies, resulting in increased rate of use
- Increase in regulations requiring data security
- Increased use of online data in medicine and other industries
Primary job responsibilities for cyber security analysts, information security analysts or security analysts at a junior or senior level typically fall into three categories:
- Pre-incident planning and procedures. This includes developing the procedures, strategies, policies and guidance that an organization will follow to maintain security and how to respond if a security breach occurs.
- Conduct incident response and document results. This includes responding to and stopping attacks and documenting the results and causes.
- Communicating security information to others. This includes training other analysts or junior members or employees, and communicating security information to business leaders.
Here are examples of job responsibilities for cyber security analysts, as listed directly in postings:
- Determine the impact of potential security intrusions on the network.
- Conduct incident response and security event analysis and actions.
- Identify information security incidents.
- Propose methods to detect and prevent malicious activity.
- Develop and implement strategies for monitoring and preventing attacks.
- Conduct reviews of security events.
- Provide guidance on security tools to reduce false positives.
- Develop procedures to improve security incident identification.
- Develop strong working relationships with colleagues in other technical departments.
- Mentor junior team members.
- Perform and document audit procedures.
- Implement IT security systems.
- Conduct risk assessments, internal audits and compliance review.
- Create company policies governing corporate security, email and internet usage.
Job requirements for cyber security analysts vary based on position, responsibilities and level, but generally require the following:
A bachelor’s degree in cyber security, computer science or related field is usually required. In some cases, this can be substituted for substantial field experience.
Nearly all positions require some experience in an information technology department or a prior security position. Experience requirements generally range from 2 to 5 years of experience, but will vary based on that experience and the job itself. This experience can sometimes substitute for degree requirements.
Industry certifications are sometimes required or preferred, with common examples being:
- CISM – Certified Information Security Manager
- CISA – Certified Information Systems Auditor
- ITILv.3 Foundation
- CompTIA Security+
Technical skills include a familiarity or direct experience with common network and security technologies and knowledge, including but not limited to:
- Chain of custody
- Evidence handling
- System imaging
- Incident response management
- Networking, including WAPs, routers, switches, IDS/IPS and firewalls
- Common threats, including DDoS, viruses, malware and trojans
Non technical skills often include:
- Excellent written and verbal communication
- Collaboration and teamwork
- Communication with leadership
- Ability to work without direct supervision
The work environment for cyber security analysts is almost exclusively indoor, primarily in an office, cubicle or workspace setting. This environment can be found within a number of different types of facilities, including office buildings, hospitals, universities, manufacturing environments or government installations.
Most cyber security analyst positions do not require heavy lifting, and the work itself usually is or can be made fully ADA accessible.
Because systems are always on and threats can occur at any time, work as a cyber security analyst or information security analyst may require on-call or off-hours scheduling, or responding to incidents after hours. The responsibility of addressing security issues during these hours is often expected, but commonly shared with others in a rotational basis.
Typical Dress Code
Most cyber security analyst positions follow a business casual dress code, with some requiring more formal attire, such as a tie. Many positions allow for more casual clothing, including jeans. Most cyber security analyst positions do not require more formal dress, such as a suit, except during special circumstances (such as a presentation or client meeting.)
The U.S. Bureau of Labor Statistics cites a median salary of over $95,000 for information security analysts in the United States.
There are many positions in the cyber security field that have similar responsibilities but have different titles. This often depends on the individual company and their choice of title, based on their organizational structure, ranks, promotion and internal pay scales. The most important factor is to review the job’s list of responsibilities. Careers as a cyber security analyst often have job titles such as:
- Information Security Analyst
- Information Assurance Analyst
- Information Security Engineer
- IT Security Analyst
- Cyber security Engineer
- Cyber security Specialist
- Cyber security Consultant
- Cyber security Advisor
For many employers, the terms “cyber security” and “information security” are interchangeable.
An Interview with a Cyber Security Analyst
Zach D. is a cyber security analyst/engineer with more than a decade of experience in the cyber security field.
Question: What is your primary job responsibility as a cyber security analyst?
Developing, managing and accessing security programs in both the commercial and federal sectors. Also managing and conducting reviews of federal government and private sector organizations to assess the controls and security of information systems and programs at both the enterprise and technical levels.
Question: How would you describe the typical day of a cyber security analyst?
The typical day of a cyber security analyst all depends on the company you work for and customer demands, along with your responsibilities handed down by management. My typical day supporting government agencies is based around conducting certification and accreditation (C&A) activities. I continually prepare and update documentation such as configuration management plans, (CMP), Contingency Plan (CP), Incident Response Plan (IRP), System Security Plan (SSP), and other relevant documentation. I also run and monitor vulnerability scan results using tools such as Tenable Nessus and Trustwave’s DbProtect. I also generate public key infrastructure (PKI) reports and provide account access and removal of the customer’s information systems that I am supporting. I also make an update and conduct training on computer security awareness and firewall policy.
Question: What do you enjoy the most about your job?
I enjoy the flexibility of my job being able to work from home and manage my tasks by having them all completed before the deliverable due date. I also can learn new material being in an ever-evolving field by my company paying for training and further education. The main area of my enjoyment comes from being on a solid team with excellent communication allowing everyone to be on the same page when providing services for the customer.
Question: What do you dislike the most about your job?
There’s nothing that I dislike about my job other than in the past when working with team members that did not work as a team-leading to them being let go.
Question: How do you stay up to date with changes in cyber security?
I stay up to date with cyber security by continuing to push myself to learn about every area in my field and new technologies. The ability to continue my education in college and being able to attend training and earn new certifications allows me to stay updated with the capabilities to complete my job. There are also plenty of free resources out there such as websites like Cybrary and SecTools. My company also offers many free training resources using internal tools along with Skillsoft and LinkedIn Learning.
Question: Would you recommend becoming a cyber security analyst to someone just starting their career?
I recommend being a cybersecurity analyst to someone starting their career because of the wide range of areas that lead to learning and new adventures. I do need to mention that this title doesn’t always be the one you need to get your career started as I was a security administrator earlier in my career after being an information security analyst allowing me to be on both sides of the spectrum learning skills inside a data center. It’s easy to ask questions when staying in compliance for an audit, but you have even more power when being in the trenches allowing you to know the questions you’re asking.
Question: What advice would you give to someone starting their career as a cyber security analyst?
My advice would be to have an open mind and realize that you don’t know everything just because you have a degree or certifications. Technology is changing every day, and you will work with many different ranked professionals in various positions of power in the cyber security field. Don’t be afraid to ask questions and don’t just present them to security professionals. I also made sure to create relationships with database administrators (DBA), Unix administrators, Windows administrators, management, and much more.
Question: What do you believe the future holds for cyber security analysts?
I feel that this will be a job that could last for a lifetime because of how much our world relies on technology in everything. Cybersecurity professionals at one point seem to be only needed in the government, especially in the Washington, D.C. area, but now they’re required everywhere. The demand for cybersecurity analysts is in high demand as I have recently been contacted by recruiters from Belk, International Hotel Group, Las Vegas Corporation, Nike, Morgan Stanley, PNC Bank, Social Security Administration, Tesla, Western Governors University, and many more.
Question: Do all cyber security analyst positions require a security clearance?
All cyber security analysts or engineers don’t need a security clearance and probably won’t get one unless they’re hired by a company that requires them to have one to support the customer. A security clearance will allow you to be much more marketable when it comes to finding a job in the government sector but are not needed for many other open positions. Security clearances are very expensive for someone to put in for one that’s paying out of pocket.
Question: Are certifications valuable for cyber security analysts? If so, which ones?
Certifications are very valuable no matter what type of job role you have in the public or private sector when being a cybersecurity professional. There are many certifications out there and some requiring years of experience before even having the ability to test for them. The respected certifications that are known as much more challenging to pass are the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Offensive Security Certified Professional (OSCP). The CISSP also has even harder specialized credential certifications after the CISSP is passed such as the Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP), and Information Systems Security Management Professional (ISSMP). Entry level cybersecurity professionals can also choose to get an Associate of (ISC)² by taking one of the advanced certification exams offered when they have minimum experience and will be awarded it after they get the required years of work completed. (ISC)² also provides advanced specialized certifications such as the Healthcare Information Security and Privacy Practitioner (HCISSP) and Certified Cloud Security Professional (CCSP).
The entry-level CompTIA certifications is also a route to take on getting your foot in the door for your first job within the cybersecurity field. EC-Council also offers a variety of certifications such as the Certified Ethical Hacker (CEH) which looks good on your resume and isn’t as hard as the advanced certifications listed above. SANS also provides a variety of certifications for different skill levels that employers may also look for when hiring staff for their cybersecurity teams. I honestly feel that certifications are valuable when it comes to getting a job and continuing to stay marketable in the cyber security field. The ability to pass these certifications doesn’t mean you’re able to do the job at a high level accurately so make sure you’re ready to do everything you’re studying for even after you pass. You don’t want to be the individual with all of these certifications that aren’t able to perform their job functions on a daily basis. There are government and contract positions that require specific certifications for different positions based on the DOD 8570. Many companies will hire you requiring these certifications covered under DOD 8570 or provide you a monthly time frame to keep your job. I also firmly believe that going for a non-technical certification such as the Project Management Professional (PMP) offered by the Project Management Institute would benefit your career in a great deal showing a wide range of knowledge and skills after you obtain the required experience to sit for the test.
Question: Can cyber security analysts earn salaries of $100,000 or more per year?
You need to pay your dues to earn salaries of $100,000 or more per year, but it’s a realistic goal after putting in the time towards advancing your career. The entry-level salaries along with other advanced positions are much more than they were when I got into the field in 2006. The cost of living comes into play of what region you’re working in when it comes to providing cybersecurity services for your employer. The salary range based on your position could be anywhere from $51,000 to over $100,000 depending on if you’re working in the public or private sector.
Question: What are some of the skills that you list on your resume?
For my area of specialties, I list business continuity, certification, accreditation, corporate security, cyber security, disaster recovery, incident response, information assurance, information security, intrusion detection, IT audit, network security analysis, physical security, risk assessment, security awareness, security operations, technical training, and vulnerability scanning.
For technical skills, I list AlgoSec, Application Security, Inc. AppDetective Pro, Axxess Security Software System, Bosch Physical Security System, ePolicy Orchestrator, MVM Vulnerability Manager, Gold Disk, HP OpenView, Java Console, IBM Internet Security Systems (ISS) SiteProtector, IBM ISS Intrusion Detection System, Intersect Alliance’s Snare, Nessus Vulnerability Scanner (Hydra, Nikto, and Nmap), RAT, Threat Guard’s Secutor Prime, TrueCrypt, TWiki, TrustWave’s DbProtect, and Wireshark.