Cyber Security Analyst Career Guide & Outlook

Learn What a Security Analyst Does, the Requirements Needed and Job Growth

When you see hackers on a show trying to break into a computer system, you might think that looks more interesting than the job of those trying to stop them. You have to be quick, innovative, and have deep knowledge of the subject to break into a system. Well, the professionals know that too, and they tend to work both sides of the problem. Cyber security analysts not only respond to cyber-attacks, they also instigate them. When assessing the vulnerability of a system, they may attempt to hack the system themselves, which gives them a deeper insight into the chinks in their own armor.

Cyber security analysts are the soldiers in the network community that deal with cyber-attack attempts and develop solutions to stave off cyber criminals and protect data. If the idea of fighting cyber-crime and coming up with new and innovative ways to prevent cyber-attacks from happening appeals to you, then keep reading to learn more about this profession.

What Does a Security Analyst Do?

Cyber security analysts work in a variety of settings, from hospitals to the Pentagon. These workers help to protect networks by analyzing the data as it comes in and goes out and creating protections in the event that a cyber-criminal tries to infiltrate the system to get to the information of its customers. Analysts generally start out as administrators, then after a few years of experience and the addition of some certification, they move into analyst positions, although some analysts do become managers.

Special training is required to be an analyst, since this is a technical field and a love of the subject matter including computers, networks, and the Internet aren’t required, but may make you more desirable as an employee.

What are Their Responsibilities, Common Duties, and Tasks?

A cyber security analyst helps a client determine where their vulnerabilities lie and, after pinpointing those areas, creates a strategy to help the business strengthen their security processes. This could mean enhancing and improving on a current security strategy or creating a new one from scratch. Once the new strategy is in place, the analyst helps to execute the procedures and ensure things are working properly and make adjustments where necessary.

The main tasks for a cyber security analyst include the following:

  • Daily project coordination for assigned accounts
  • Scheduling and executing status calls with assigned accounts
  • Provide advice and guidance on security measures to technical contacts
  • Perform risk analysis, security assessments, reviews, and vulnerability testing for assigned accounts
  • Assist in crafting, honing, and executing a client’s overall security strategy, processes, policies, and procedures.

Becoming a Security Analyst

Becoming a security analyst requires several steps, including holding at least one position prior to qualifying to become an analyst.

A typical analyst will follow a path similar to the steps detailed below:

  • Earn a degree
    To enter into the cyber security field, most candidates earn at least a bachelor’s degree in Network Administration, Systems Administration, Computer Information Systems, or another similar degree. Many also continue their education and receive master degrees in those same areas or in Cyber Security.
  • Become an Administrator
    Either while attaining a degree or right after graduation, a person will accept a position as a Network Administrator, Systems Administrator, or a Security Administrator. These are entry-level positions that help a worker get into the cyber security field.
  • Certification
    After three to five years of working as an administrator, workers can begin to attain certifications. One of the first certifications a worker should consider is the Computer Information Systems Security Professional Certification (CISSP). Once workers have passed the exam, they can then apply to become a member of the International Information System Security Certification Consortium (ISC)2.
  • Move up to Analyst
    Once a worker has attained the CISSP certification and worked as an administrator for a few years, he can set his sights on an analyst position.

Typical Requirements for Hiring

Cyber security analysts are often the first to recognize when an organization needs to make changes in their security protocols because they are the ones who spend the most time working with and around the security network. They also compare and contrast their network protocols with other organizations and agencies to help keep the local network as well as the overall network safe from invasion.

A position as a cyber security analyst is not an entry-level position.

The minimum requirements for the position are as follows:

  • A bachelor’s degree in a related field and four years’ experience working in the cyber security field, or;
  • A master’s degree in a related field and three years of experience working in the cyber security field, or;
  • Seven years of work experience in the cyber security field in lieu of a degree
  • The ability to pass a drug test, criminal background check, a credit check, and education verification
  • Be a US Citizen (not required by all private sector employers, but it is required for government jobs)
  • To have or qualify for security clearances - the type and levels vary by employer
  • Certification such as MIS and CISSP, as well as membership in (ICP)2 are strongly preferred

An organization might have a team of analysts or just one or two. If there’s a team, then the possibility of being a team lead exists. This could help with the management requirement for positions above the system analyst title. Security analysts report to the systems director or the Chief Operating Officer, depending on the employment structure of the organization.

Skills Needed

Cyber security analysts typically have the following technical skills:

  • The ability to recognize threats in their various forms
  • The ability to design networks that cyber criminals find hard if not impossible to breach
  • Programming and troubleshooting skills for a variety of software systems and networks
  • An intimate understanding of the Internet, intranets, networking systems, and computer equipment

Along with technical skills, analysts should have these soft skills:

  • Excellent written and verbal skills
  • The ability to multitask
  • The ability to both manage and work with a team, as well as work independently

Salary

According to the US Bureau of Labor Statistics, cyber security analysts made a median income of $98,300 in 2018. The top 10% of analysts made about $156,500, while the bottom 10% earned around $56,700. Income variances are due in part to the education and experience level of the analyst. Another consideration is the geographic location of the company. Areas of the country with large technology-driven organizations tend to pay those in the systems security field more than other parts of the country. Some of the top-paying industries for system security workers including analysts are computer system design, pharmaceutical and medicine manufacturing, and legal services.

Outlook & Jobs

Like most jobs in the cyber security field, the outlook for cyber security analysts is very positive. According to the US Bureau of Labor Statistics, 112,300 workers were employed as information security analysts in 2018. Between 2018 and 2028, another 35,400 jobs are expected to be added under this title. This puts the job growth level for information security analysts at 32%, much faster than job growth in other areas and faster than job growth in all computer occupations combined, which is only set to grow by 12%.

The increase can be attributed to the ever-increasing use of the Internet, as well as a constant stream of organizations who are including cyber security teams on their staff. Most jobs will be private sector positions, but government jobs at the state and local levels will also bring additional opportunities. Barring a sudden and unexplained decrease in the use of technology and the Internet, the demand for cyber security experts, including analysts, is going to continue to grow. The growth will be nationwide, but certain areas of the country such as California, Georgia, New York, and other areas with a preponderance of tech organizations will see the most growth because the demand in those areas is so much greater.

Cyber Security Careers and Jobs

Chief Information Security Officer (CISO)

These executives oversee information systems and company-wide information security, as well as all departments associated with these systems.

Chief Security Officer (CSO)

These executives deal with information and physical security systems, controlling database and facility entry and all departments that deal with security and surrounding policies.

Chief Technology Officer (CTO)

This executive deals with technology development and implementation. They receive company-wide reports on the use and effectiveness of technology.

Computer Forensics Investigator

Analyze computers or web-based applications in the search for forensic evidence of a crime. This is done in support of the law after commission of a crime, or in efforts to support a company by assessing network vulnerabilities.

Cryptographer

Cryptographers are responsible for deciphering encrypted data. They might do after the commission of a crime. They also work to create better encryption to create stronger networks and safer data storage.

Incident Responder

Incident responders work with companies or governments to respond quickly after a possible threat has been detected. They find the source of the issue, determine if it’s a real threat, and discover how the incursion occurred.

Penetration Tester

Penetration testers seek to create an incursion. By doing so, they reveal the weak points of a security system so that these points can be secured better in the future.

Risk Analyst

Risk analysts spend their time looking for systems, procedures, or malware which could cause unintended negative occurrences, such as system crashes or slowdowns. They help create procedures to fix these problems quickly if they do occur.

Security Administrator

Administrators are responsible for dealing with all security and safety issues. They may create procedures or policies in order to maintain security company-wide.

Security Analyst

Security analysts maintain company networks and fix issues that come up during normal operation. They may also identify threats and neutralizing them as quickly as possible.

Security Architect

This position requires you to choose or design security elements, whether physical parts that will become a part of the system or the virtual system that will provide access to all the company’s data.

Security Auditor

These specialists may be kept on retainer or brought in after changes are made to a system. They provide a system-wide audit to make sure there are no chinks in the armor of the network or system.

Security Consultant

Security consultants devise plans for a company should they experience an incursion or help companies that are just getting started set up their security system from the ground up.

Security Director

The director of security helps create and review all policies and procedures related to security. They also ensure compliance with local or federal laws related to security concerns, such as the safety of patient data.

Security Engineer

A security engineer is responsible for creating computing systems which increase their company’s security and they solve any issues turned up by a security audit or incursion incident.

Security Manager

These managers oversee security staff on a day-to-day basis, making sure staffing is steady and all issues are dealt with and reported to the highest-level security professional in the company.

Security Software Developer

Specializing in security software solutions, they create software for individuals to use on home computers or advanced solutions meant for multi-billion-dollar industries or even government agencies.

Security Specialist

This is an entry-level position in which a specialist may monitor or troubleshoot system or network issues. They may perform basic test procedures, reporting all activity and feedback to their manager.

Vulnerability Assessor

These specialists test systems for vulnerabilities, much in the same way penetration testers do. Instead of performing penetration testing, they look through applications or software for possible weaknesses.

Leaders in Cyber Security Education: Find Your Career Today

Get started today on your path to advance your career!