Information technology has completely transformed the jobs market. Some of today’s most sought after jobs simply didn’t exist 30 years ago, and this change is only accelerating year-on-year.
One job that is in particularly high demand in the “information age,” is an information security analyst. Not only is this a crucial role that nearly every company needs to fill, but it’s also a position that is likely to increase in demand as the rate of technological development continues to speed up. We live in an era where information is king: all of us now generate a greater quantity of data than ever before, and that data is extremely valuable.
According to Cyber Seek, there are currently around 313,700 job openings in cybersecurity in the US alone, and 716,000 professionals currently employed.
Information security specialists are the gatekeepers, helping companies to maintain the trust of their clients and customers, while also protecting their assets from malicious attacks. The more data companies collect, the more connected services become, the more demand there will be for these professionals.
This is a truly future-proof job role then, and one that is vitally important. So how do you go about becoming one?
The role of the information security analyst
First, let’s assess precisely what an information security analyst is. The role of a security analyst is to help companies to maintain secure systems that are impervious to penetration. That means keeping trade secrets, client lists, and identifiable data safe, while also preventing crashes and errors brought on by attacks.
Often, this will involve staging attacks on those systems, to pinpoint weaknesses and areas for improvement. It might be that a piece of software on a CCTV camera needs updating, and until that happens, a vulnerability leaves it open to hijacking. Alternatively, an analyst may find that more training is needed to inform staff on how to deal with phishing scams and other attacks.
“Red team, blue team” simulations involve splitting a team of security analysts into two groups: one that attempts to break into the system, and another that attempts to defend it. This can further help to flush out weaknesses and security flaws.
In other situations, a data security analyst might be required to respond to an active threat, or conduct a debrief in the wake of a previous attack. The latter scenario requires the analyst to put together a report, showing precisely how the attack was carried out, the extent of the damage, and the steps that could be taken to prevent the same thing happening in the future.
Depending on your job title, your day-to-day workload might involve more or less of these specific activities. For instance, a penetration tester (pentester) is someone who focusses on testing the strength of a security system, whereas an incident responder is more concerned with active threats and writing up reports.
Certification, qualifications, and more for security analysts
If you want to become an information security analyst, then you need to consider whether you have the right qualifications and experience. Will you need a degree for example?
Undergraduate degrees can be extremely useful and will help to set you apart from the competition. There are a large number of employers that will require a degree before they will consider granting an interview. Ideally, you should seek to obtain a degree in computer science, or something specifically related to information security, before pursuing this career.
That said, this isn’t a requirement for every employer, and there are a lot of analysts who built their careers with no formal training at all! This usually involves starting in a lower position and working your way up through an organization. You can this way gain relevant experience and training as you grow, and especially if you grow alongside the corporation you are working for.
Industry-recognized information security analyst certifications
For those that don’t have the option of getting an undergraduate degree and aren’t lucky enough to land an IT role in a small business, the best strategy will be to certifications. Many of these you can study online from home, making for a highly convenient and fitting option to bolster a CV.
The good news is that there are many industry-recognized certifications and exams for hopeful information security analysts.
Which of these is best for you, will depend on the precise type of work that you want to take on. For instance, if you want to get into penetration testing specifically, then the Pentest+ exam will help demonstrate to potential employers that this is a role you understand. The CySA+ exam meanwhile is a more general exam that provides a broad overview of the role of a cybersecurity analyst.
- Pentest+: Comptia Penetration Testing
- CySA+: Cyber Security Analyst
- Security+: CompTIA Security Analyst
- GIAC: Global Information Assurance Certification
- CEH: Certified Ethical Hacker
- CISSP: Certified Information Systems Security Professional
These exams cost varying amounts. For example, Pentest+ and CYSA+ will set you back $359 for the most basic exam, or $949 for the full package including training materials. GIAC offers over 30 certifications at different levels, covering everything from Digital Forensics to Pentesting. GIAC certification is highly regarded and is even recognized by the NSA.
Each GIAC exam costs $1,899, which also includes two practice exams. Lab exams cost $2,459, and written exams are $499. GIAC also recommends SANS training.
Keep in mind that it’s also possible to gain the necessary training for these exams using sites like Udemy. For example, Information Security Management Fundamentals for Non-Techies is a popular course that can provide some background for those completely new to cybersecurity.
How to land a job as an information security analyst
Once you have the relevant training and certifications, the next step is to apply for work. This is simply a case of scouring job listing sites or LinkedIn, as you would do for any other job. However, you may also be able to find freelance work on sites like UpWork, People Per Hour, and Toptal.
Keep in mind that you are more likely to find freelance work as an auditor or incident analyst. If you are interested in becoming an information security analyst, then take a look at these sites and find the kinds of jobs you would be interested in. From there, you can look at the qualifications and certifications those employers are looking for, and use this information to help you choose the track for you.
Is information security analyst the right job for you?
Whether or not you will enjoy life as an information security analyst, will depend largely on your mindset. Familiarity with IT is a huge advantage when it comes to picking up these skills and gaining the necessary certifications.
Just as important though, is a logical approach to problem-solving, a gift for lateral thinking, and a willingness to work flexibly. While you might typically be able to work 9-5, it isn’t uncommon to be called urgently into work to respond to an active threat. This can involve dropping everything you are doing to work in a high-pressure situation.
Depending on the organization you are working for, you might also be required to fulfill a range of other IT-related jobs that only tangentially relate to your job as an information security analyst. This may include updating the website or helping with general IT problems.
If you do decide that becoming an information security analyst is right for you, then you will be entering a career that is particularly lucrative and future proof. ZipRecruiter suggests that the average salary for U.S. information security analysts is $98,710, going all the way up to $151,500 for the highest-paid workers.
As an information security analyst, you will also be preparing your CV for the future jobs market, and fulfilling a role that will be increasingly vital to businesses globally.