When you see hackers on a show trying to break into a computer system, you might think that looks more interesting than the job of those trying to stop them. You have to be quick, innovative, and have deep knowledge of the subject to break into a system. Well, the professionals know that too, and they tend to work both sides of the problem. Cyber security analysts not only respond to cyber-attacks, they also instigate them. When assessing the vulnerability of a system, they may attempt to hack the system themselves, which gives them a deeper insight into the chinks in their own armor.
Cyber security analysts are the soldiers in the network community that deal with cyber-attack attempts and develop solutions to stave off cyber criminals and protect data. If the idea of fighting cyber-crime and coming up with new and innovative ways to prevent cyber-attacks from happening appeals to you, then keep reading to learn more about this profession.
What Does a Security Analyst Do?
Cyber security analysts work in a variety of settings, from hospitals to the Pentagon. These workers help to protect networks by analyzing the data as it comes in and goes out and creating protections in the event that a cyber-criminal tries to infiltrate the system to get to the information of its customers. Analysts generally start out as administrators, then after a few years of experience and the addition of some certification, they move into analyst positions, although some analysts do become managers.
Special training is required to be an analyst, since this is a technical field and a love of the subject matter including computers, networks, and the Internet aren’t required, but may make you more desirable as an employee.
What are Their Responsibilities, Common Duties, and Tasks?
A cyber security analyst helps a client determine where their vulnerabilities lie and, after pinpointing those areas, creates a strategy to help the business strengthen their security processes. This could mean enhancing and improving on a current security strategy or creating a new one from scratch. Once the new strategy is in place, the analyst helps to execute the procedures and ensure things are working properly and make adjustments where necessary.
The main tasks for a cyber security analyst include the following:
- Daily project coordination for assigned accounts
- Scheduling and executing status calls with assigned accounts
- Provide advice and guidance on security measures to technical contacts
- Perform risk analysis, security assessments, reviews, and vulnerability testing for assigned accounts
- Assist in crafting, honing, and executing a client’s overall security strategy, processes, policies, and procedures.
Becoming a Security Analyst
Becoming a security analyst requires several steps, including holding at least one position prior to qualifying to become an analyst.
A typical analyst will follow a path similar to the steps detailed below:
- Earn a degree
To enter into the cyber security field, most candidates earn at least a bachelor’s degree in Network Administration, Systems Administration, Computer Information Systems, or another similar degree. Many also continue their education and receive master degrees in those same areas or in Cyber Security.
- Become an Administrator
Either while attaining a degree or right after graduation, a person will accept a position as a Network Administrator, Systems Administrator, or a Security Administrator. These are entry-level positions that help a worker get into the cyber security field.
After three to five years of working as an administrator, workers can begin to attain certifications. One of the first certifications a worker should consider is the Computer Information Systems Security Professional Certification (CISSP). Once workers have passed the exam, they can then apply to become a member of the International Information System Security Certification Consortium (ISC)2.
- Move up to Analyst
Once a worker has attained the CISSP certification and worked as an administrator for a few years, he can set his sights on an analyst position.
Typical Requirements for Hiring
Cyber security analysts are often the first to recognize when an organization needs to make changes in their security protocols because they are the ones who spend the most time working with and around the security network. They also compare and contrast their network protocols with other organizations and agencies to help keep the local network as well as the overall network safe from invasion.
A position as a cyber security analyst is not an entry-level position.
The minimum requirements for the position are as follows:
- A bachelor’s degree in a related field and four years’ experience working in the cyber security field, or;
- A master’s degree in a related field and three years of experience working in the cyber security field, or;
- Seven years of work experience in the cyber security field in lieu of a degree
- The ability to pass a drug test, criminal background check, a credit check, and education verification
- Be a US Citizen (not required by all private sector employers, but it is required for government jobs)
- To have or qualify for security clearances - the type and levels vary by employer
- Certification such as MIS and CISSP, as well as membership in (ICP)2 are strongly preferred
An organization might have a team of analysts or just one or two. If there’s a team, then the possibility of being a team lead exists. This could help with the management requirement for positions above the system analyst title. Security analysts report to the systems director or the Chief Operating Officer, depending on the employment structure of the organization.
Cyber security analysts typically have the following technical skills:
- The ability to recognize threats in their various forms
- The ability to design networks that cyber criminals find hard if not impossible to breach
- Programming and troubleshooting skills for a variety of software systems and networks
- An intimate understanding of the Internet, intranets, networking systems, and computer equipment
Along with technical skills, analysts should have these soft skills:
- Excellent written and verbal skills
- The ability to multitask
- The ability to both manage and work with a team, as well as work independently
According to the US Bureau of Labor Statistics, cyber security analysts made a median income of $98,300 in 2018. The top 10% of analysts made about $156,500, while the bottom 10% earned around $56,700. Income variances are due in part to the education and experience level of the analyst. Another consideration is the geographic location of the company. Areas of the country with large technology-driven organizations tend to pay those in the systems security field more than other parts of the country. Some of the top-paying industries for system security workers including analysts are computer system design, pharmaceutical and medicine manufacturing, and legal services.
Outlook & Jobs
Like most jobs in the cyber security field, the outlook for cyber security analysts is very positive. According to the US Bureau of Labor Statistics, 112,300 workers were employed as information security analysts in 2018. Between 2018 and 2028, another 35,400 jobs are expected to be added under this title. This puts the job growth level for information security analysts at 32%, much faster than job growth in other areas and faster than job growth in all computer occupations combined, which is only set to grow by 12%.
The increase can be attributed to the ever-increasing use of the Internet, as well as a constant stream of organizations who are including cyber security teams on their staff. Most jobs will be private sector positions, but government jobs at the state and local levels will also bring additional opportunities. Barring a sudden and unexplained decrease in the use of technology and the Internet, the demand for cyber security experts, including analysts, is going to continue to grow. The growth will be nationwide, but certain areas of the country such as California, Georgia, New York, and other areas with a preponderance of tech organizations will see the most growth because the demand in those areas is so much greater.