When you were young, were you the kid everyone asked to check out the new bike stunt before they tried it? Did you love analyzing the risk of success or failure? Did you delight in coming up with things that could be done so that success was more probable? If so, or if you would have loved to be that kid, a career in cyber security risk management might be your perfect fit.
Cyber security risk analysts spend their time figuring out what cyber attackers might try before they actually try it. They assess risks using many tools and are continually adjusting firewalls and other factors to make the organization's network stronger than the threat. If an attack is successful, the analyst tracks its path, determines how they got through and figures out what software needs to be implemented so that it can't happen again. Then he or she goes back to analyzing risks to the system.
What Does a Risk Analyst Do?
Your cyber security risk analyst career should start with a bachelor's degree in the computer industry with an emphasis on software. This can be in database administration, computer sciences, forensics, or any other degree within the field. Choose a school that offers a wide array of courses in the computer industry, as becoming a security risk analyst will require you to have a broad knowledge of many facets of software and the Internet.
Once you have a bachelor's degree, you will apply for security analyst positions, which can also fall under the titles of data security analyst or IT security analyst. To get your foot in the door, you might start with a job in IT or networking for an organization and then transfer to security as you gain experience. You can spend your entire career working as a risk analyst or you might decide to move up.Read More
What are Their Responsibilities, Common Duties, and Tasks?
As a security risk analyst, you will be expected to stay on top of all new cyber threats, hacking methods and preventative software. The Internet is an ever-changing place, and throughout your career others will turn to you to act as gatekeeper to their networking systems. To this end, you will regularly attend various conferences, or attend classes to stay ahead of the cyber-attack game. On the job you will perform the following duties. The list is not all inclusive, but it provides a solid baseline to help you understand a risk analysts role.
- Research current trends in cyber attacks
- Understand and stay updated on information technologies
- Take part in designing the organizations recovery plan so that if an attack is successful, a plan is already in place for disaster recovery
- Training employees on how to implement the plan if it happens
- Design and simulate attacks on the network to determine where there are weak spots and work to strengthen those before they can be discovered and used in an actual attack.
- Monitor your organizations networks
- Install software including data encryption programs and firewalls to ensure the protection of sensitive information
- Help design and explain the organization's best practices
- Consistently research new trends in cyber-attacks and decide the best course of action to protect your organization's network.
How to Become a Risk Analyst
Becoming a risk analyst is straightforward if you design a plan of action for it. Getting an education and working in the field are two essential steps to attaining your goal. While obtaining a bachelor's degree, you might also consider taking on an internship during the summer or after classes during the school year. An intern position can provide you with hands on experience as well as gives you contacts and networking opportunities after you graduate.
Get your resume ready prior to graduation and send it out to organizations you want to work with. It also can't hurt to get letters of recommendations from one or two professors, or people who worked where you were an intern. If you are unable to secure an actual risk analyst position right out of college, which is generally very difficult to do, you can get a different position in the field and move into risk analysis once you have some work experience. Target positions that deal primarily with software issues, whether that is in implementation or development. These are areas that will dovetail nicely when you apply to move into the cyber security department later.
While starting your career path, make sure you stay up-to-date on attack trends and security software. This will let security supervisors know you are serious about your desire to work as a risk analyst.
Typical Requirements for Hiring
Though the Internet is always changing, the basic requirements to obtain a position as a cyber security risk analysis stay consistent.
Employers generally look for the following:
- A minimum of a bachelor's degree in a computer field
- Knowledge about network management
- An understanding of attack threats and the importance of preventing them
- The ability to problem solve and think outside the box
- Certifications are not always expected if you are fresh out of school or new to the workforce but can put you ahead of applicants who do not have them
- Ability to pass a background check and drug test (Not needed in all states, but in many)
In addition to the degree and work experience in the computer field, in order to build a career as a cyber security risk analyst, you should also possess the following:
- Ability to see the large picture
As a risk analyst you will need to be able to anticipate possible future threats to the organization's system and implement tools to prevent them.
- Analytical skills
You will constantly study the Internet, new technologies, and information about cyber-attacks. You will analyze the latest information and apply it to your organization's networking system. From there you will detect weak areas. It takes strong analytical skills to do this.
- Problem solving skills
Most employers will say they want employees to have problem solving skills, but as a risk analyst this skill is very important. When there is a security risk or there has been a successful attack, you will need sharp problem-solving skills to quickly assess what happened and get it stopped.
- Ability to pass a background check
Because you will have access to the organization's most sensitive data, and possibly the data of its clients or customers, you might be required to submit to a background check.
Certifications that can help include:
ISACA: CISM -Certified Information Security Manager.
ISACA: CRISC -Certified in Risk and Information Systems Control.
ISACA: CGEIT -Certified in the Governance of Enterprise IT
EC-Council: CEH -Certified Ethical Hacker.
Payscale.com reports that a risk analyst can expect to make an average of $67,500 per year. The lowest 10% make around $47,000 while the highest-paid 10% make around $99,000 per year. According to the U.S. Bureau of Labor Statistics, the average salary for this position in 2018 was a little over $98,000. It further reports that in 2018 the bottom 10% of information security analysts earned less than $56,750 a year, while the top 10% earned more than $156,580. The median salary for a security risk analyst is higher than for other computer occupations which had a median salary of $86,320 in 2018. Your salary will also vary depending on where in the country you live, how large the company is that you work for, the industry they are in, and your education and experience level.
Outlook & Jobs
The future looks very bright for security risk analysts. The Bureau of Labor Statistics anticipates a 32% increase in these jobs from 2018-2028. The anticipated increase in other computer occupations is 12%, which means the need for risk/security analysts is increasing far more quickly than other positions in the field, which isn’t surprising considering the increase in hacking and other black hat activity going on. The BLS also reports an increase in all occupations combined at 5%, which puts a risk analyst career significantly ahead of the game.
Experts believe that part of the reason for such a fast moving increase is that, as the Internet grows, so does the risk for attacks. There will be more than 32,000 new positions created by 2028 in the information security analyst field. Overall, the future of computer careers looks excellent. As technology continues to evolve and online transactions become more common, a steadily increasing need for all things computer related will follow. This will open more jobs in computer forensics, software development, security incident responders, and other areas.