In the deeply interconnected world of the twenty-first century, the secure flow of information is a vital aspect of daily economic activity. The Information Age ushered in a new era in which information security is as large a concern as the security of mass-produced goods. Given the sheer scale and complexity of human activities in the present era, a new industry developed in response to the need to protect vital information.
The information security analyst is one type of occupation that has developed in response to our transformed economy. An information security analyst is a professional trained in ensuring the security and integrity of computer networks and related systems in which information may be transmitted or retained.
These professionals typically fulfill various responsibilities, including analyzing and assessing security risks, developing security plans and related protocols, and implementing measures to protect against potential security breaches. Such analysts perform various duties to fulfill a primary objective, namely the protection of sensitive information and the computer systems and networks that hold such information.
The field of cybersecurity and related disciplines is currently promising. The U.S. Bureau of Labor Statistics (BLS 2022) forecasts a very robust growth rate of 35 percent in the employment of information security analysts between 2021 and 2031. This growth rate is much higher than the average across all occupations and in other portions of the information and computing industry.
The aforementioned decade will add an average of 19,500 information security analyst positions. This rapid growth is due to many factors, including retirement, transfers out of the existing workforce, and continued economic growth in which the secure transmission and retention of varied forms of information is a ubiquitous aspect of countless transactions in daily business operations.
The salary of an individual trained in information security analysis depends on many factors, including the particular responsibilities of their position, their level of experience and formal training, and local job market conditions.
Information security analysts may specialize their expertise to meet various needs. Some common types of information security analysts include the following:
The BLS indicates the following salary percentiles for information security analysts (BLS May 2022):
Regional cost of living is an influence on salary data. Those interested in becoming information security analysts are encouraged to use tools such as the cost of living data series provided by the Missouri Economic Research and Information Center (MERIC 2023) to assess how much their money can buy in various markets throughout the United States. Five of the ten metropolitan areas listed above are on MERIC’s list of 10 most expensive states to live in
A career as an information security analyst may appeal to those who have long had an interest in topics such as technology and the mechanisms behind how machines function. To become a successful information security analyst, individuals must hold substantial industry-specific expertise, be willing to remain consistently informed on the latest developments in their field, and possess the soft skills necessary to collaborate with others to achieve a joint mission effectively.
Information security analysts need a strong understanding of information technology, networking, and computer security. They should also know about different types of security threats, such as viruses, malware, and phishing attacks. Besides knowledge of the actual technology, such analysts must also have strong problem-solving skills, be attentive to detail and be able to work under high levels of pressure deriving from firm deadlines and the specter of large consequences if they fail in their duties.
In terms of soft skills, information security analysts should be effective communicators. Effective communication skills are vital as information security analysts often work with other IT professionals, management personnel and other parties to implement security measures and provide guidance on security best practices. Working with audiences outside their field of knowledge proves helpful if information security analysts can communicate in language such lay audiences will understand.
Given the diversity of settings in which an information security analyst may work, there is no single training pathway that will provide all the skills and experience necessary for a person to work in this occupation. Nonetheless, a general sequence of steps should be completed to work as an information security analyst. These steps are noted below:
Step 1: Complete a high school education (four years)
To attend an undergraduate program, a person must have a high school diploma or an equivalency such as a GED.
Step 2: Obtain a bachelor’s degree in a computer or technology-related field (four years)
Most information security analyst positions will require applicants to have a bachelor’s degree in a computer- or technology-related field. A range of undergraduate degrees can qualify a person to become this type of analyst.
Students can complete generalized programs in fields such as computer science or programming. They can also pursue degrees focused on the security aspects of the computer world through something like a bachelor of science degree in cybersecurity. Another suitable pathway to consider is a bachelor of science degree in management information systems. This type of degree trains students to apply their computer security skills within a business management setting.
Step 3: Gain on-the-job experience (timeline varies)
There needs to be more than an academic degree to help a candidate stand out in an information security analyst application. As with many occupations, hands-on training is often vital to landing a job in the information security industry. While entry-level positions may require minimal experience, those who wish to reach intermediate or advanced positions will need at least several years of experience in information security.
Given the rapidly evolving nature of the technology industry, members of this profession need to dedicate time to remaining informed and trained in newly emerging technologies, methods, and issues in the field of cybersecurity. One way to remain current in industry trends is to complete optional additional certifications and training as noted in the next step below.
Step 4: Enhance and maintain skills via certifications (optional, timeline varies)
Information security analysts must remain educated on popular computer programs and systems. They must also be aware of emerging and evolving threats to information security. As a result, though such additional training is optional, these analysts are nonetheless strongly recommended to complete additional education, such as certifications, to demonstrate a commitment to maintaining the skills necessary to meet the needs of their industry.
Completing certifications is an excellent way for information system analysts to keep up with the constantly evolving cybersecurity industry. Some employers will require applicants and current employees to secure and maintain specialized technology certifications, as such certifications further demonstrate not just a candidate’s current proficiency but also a commitment to maintaining that proficiency.
Some credentials that may be particularly interesting to employers seeking information security analysts are the Certified Information Systems Security Professional, the Certified Information Systems Auditor, and the Certified Ethical Hacker credential. The topic of certification is covered in greater length further down this page.
Step 5: Pursue graduate education for advancement (optional, two years or more)
Individuals who wish to rise to the top of their field even faster or make a big contribution within the industry may choose to pursue graduate studies to make this happen. Obtaining a master’s degree in cybersecurity can effectively substitute for some of the experience necessary to advance to increasingly higher levels of responsibility and compensation within the information security industry. Individuals with a deep research interest, those with a demonstrated high level of industry proficiency, and those who learn quickly may find pursuing a graduate degree a worthwhile investment in a career focused on information security.
Information security analysts plan security measures to protect an organization’s computer networks and systems. According to the US BLS description of this particular job, an information security analyst may be responsible for any of the following:
As information security analysts develop more experience and expertise, they may be called upon to contribute to increasingly complex projects and management needs. For example, they may become critical contributors to formulating their organization’s disaster recovery plan. They may also be given significant responsibility in developing their company’s information security strategy.
Given the rapid evolution of IT and related industries, a significant responsibility an information security analyst must be continually mindful of is the need to remain informed and skilled in emergent new threats to information security. Given the rapid technological evolution, information security analysts may need to devote little time to researching new security technologies designed to protect against new threats.
Though not necessarily considered a task or responsibility per se, an information security analyst should also possess effective communication skills. Given the high stakes environment in which such analysts may work, in which their expertise leads their employers to entrust technology and reputations of significant value to their care, information security analysts need to exercise effective communication skills to ensure both effective collaboration and responsiveness to their recommendations and directives
As previously mentioned, a commitment to ongoing education and skills maintenance is vital to information security analysts’ success. One way analysts can maintain their skills and demonstrate commitment to their profession is by completing certification programs. Below is a list of some standard certifications an information security analyst may need to enhance their prospects for obtaining their first job and career advancement.
CompTIA Security+ – CompTIA Security+ is a basic certification for a career as an information security analyst. This foundational certification attests that the recipient has basic network security and risk management knowledge. The certification exam tests six domains of knowledge.
Certified Ethical Hacker (CEH) – The Certified Ethical Hacker certification covers the advanced logistics of hacking and the methods hackers often use to cause data breaches. CEH is the information security certification that teaches the tactics of the enemy. It is thus considered an essential certification for any information security professional whose duties strongly focus on hacking prevention and response.
Certified Information Systems Security Professional (CISSP) – CISSP Certification is a highly sought-after certification and is thus considered the gold standard for the information security analyst. It trains students to become professionals in the field of information security. CISSP covers many topics, including IT security, architecture, design, management, and controls
Certified Information Systems Auditor (CISA) – CISA certification covers numerous topics regarding the governance and control of enterprise IT. Students learn to create and implement effective security audits and are exposed to the acquisition, development, testing, and implementation of security systems.
Bernd Geels is a Berlin, Germany-based freelance writer and artist. He holds an undergraduate degree in atmospheric science and two graduate degrees. He completed his most recent graduate degree in international environmental studies at the Monterey Institute of International Studies in 2011. He is interested in healthcare, climate change, marine conservation, indigenous science, and refugee issues. You can reach him directly at [email protected].