Headlines in recent years have been filled with a gush of data breaches and cybersecurity attacks, from millions of credit card account numbers being stolen from retailers’ databases to corporate secrets being hacked and exposed.
The people tasked with preventing these kinds of problems and safeguarding data systems are called information security analysts.
What Do Information Security Analysts Do?
The job of an information security analyst is to anticipate, monitor and investigate breaches to an organization’s computer networks and systems. They install firewalls and encryption programs to defend information systems from intruders and unauthorized users. They update software, check for network vulnerabilities, and advise senior information technology (IT) staff on how to enhance security and to handle potential emergencies.
Information Security Analysts Key Skills
Information security analysts will often have to match their wits with increasingly sophisticated cybercriminals. Strong problem-solving, analytical, and organizational skills can help you get that done. As an information security analyst, you must be technically savvy and have the ability to work with tools such as intrusion detection systems (IDS) to monitor networks for suspicious traffic. Keeping pace with fast-evolving advances in software and data networking can also help you succeed on the job.
The ideal cyber security analysts are like detectives – keenly observant, dogged about chasing clues, and remain cool under pressure.
How to Become an Information Security Analyst?
You usually need a bachelor’s degree, ideally in computer science or programming, or a related field like math or science, to enter the field of information security analysis. Some universities offer a Bachelor of Science in Cybersecurity or Information Systems Management.
Earning a master’s in cyber security is another way to launch a career in the field. This graduate degree program allows you to pair academic courses rooted in computer forensics with on-the-job experience. Graduate programs also offer you a chance to branch your knowledge into unique focus areas, business being one of them.
Your master’s in cyber security may give you a competitive advantage in the job market. A number of employers may look for candidates with advanced degrees to fill higher-level positions such as Chief Information Security Officer or Network Architect.
Other advanced degree options include a Master of Science in Computer Information Systems with a concentration in security.
You can earn a master’s degree online in as little as 12 months. Some colleges offer evening and weekend classes, and don’t require you to take the Graduate Record Examination (GRE) or the Graduate Management Admission Test (GMAT).
Some companies may accept equivalent level of professional on-the-job experience in place of a college degree. Your employment prospects will be greater if you have background or expertise in specific areas that hiring managers may be looking for. That might include cloud computing or strong grasp of applications such as Cisco products, SQL server platforms, or Python.
Other firms may want someone with experience in reviewing computer security breaches or forensic investigations, and exporting log and event data after security incidents. Or, they may be hiring candidates who are most familiar with emerging, “next gen” technologies and practices.
You can earn certifications to beef up your core skills, learn about latest variants of software and networking technology, or branch out into specialty niches. This might be particularly useful if you are interested in advancing to intermediate-level positions after you’ve been working for some time. Employers may not necessarily require specific certification, but your chosen certification is indicative of your competency in a specialty area.
Some of the most common certifications include:
- Certified Information Systems Security Professional (CISSP). This is a widely recognized credential for general knowledge in information security. It’s issued by the International Information System Security Certification Consortium (ISC)².
- Certified Information Systems Auditor (CISA). This credential is used around the world by audit control, assurance and security professionals as a badge of their capabilities. It’s issued by the Information Systems Audit and Control Association.
- Certified Information Security Manager (CISM). This credential is for people who aim to design, manage, and assess an organization’s entire information security system. A CISM may be helpful in boosting your earning potential. It’s also issued by the Information Systems Audit and Control Association.
- Certified Reverse Engineering Analyst (CREA). This credential is for people who want to develop advanced skills to combat malware attacks, which is what happens when hackers install malicious software on their targets’ devices to steal data or personal information. The InfoSec Institute provides this certification.
- Certified Ethical Hacker (CEH). This international credential shows that you can think like a hacker to expose network flaws and vulnerabilities. It’s issued by the US-based International Council of Electronic Commerce Consultants (EC-Council).
- GIAC Certified Intrusion Analyst (GCIA). This certification is for specialists who monitor and analyze network traffic to flag intrusions. You also learn how to read and interpret traffic-related log files. This certification is one of many Global Information Assurance Certifications available.
Similar Career Options
Information security is a large, diverse, and fast-changing field. You can pursue cybersecurity positions with private companies, banks and insurers, retailers, nonprofits, government agencies, the military, and utilities, among others.
You also can choose related jobs in the computer and information technology sector. Some of them are:
- Computer Programmer
- Software Developer
- Database Administrator
- Computer Network Architect
- Computer and Information Research Scientist
- Network Systems Administrator
- Computer Support Specialist
- Web Developer
Information Security Analysts Salary
The proliferation of cybercrimes is creating a demand for cyber security workers. The United States is expected to add 35,500 information security analyst positions – a gain of 32% – between 2018 and 2028, according to the Bureau of Labor Statistics (BLS). That’s nearly three times the growth rate for computer occupations and more than six times as fast for all jobs.
The growing job demand may mean you can enjoy job security. But that’s not the only factor to consider when making the decision to obtain an advanced degree in this field. There is also financial compensation. The median annual salary for information security analysts in 2018 was $98,350, according to the BLS. That means half the workers earned more than that, and half earned less. Experienced or senior-level cybersecurity analysts can expect to earn even more. Even the lowest 10% of information security analysts command salaries above the national median wage of $38,646. BLS data shows that they earned less than $56,750 in May 2018.
Among the best-paying information security jobs are those that involve designing computer systems. The median salary for those jobs in 2018 was $102,620. People who worked in administrative and support services, such as in corporate IT departments, typically earn less, with a median annual income of $94,120.