What do Information Security Analysts Do?
Info security analysts keep a company’s computer networks and systems safe. They watch for security breaches and react to cyber attacks.
They also try to prevent attacks from happening, in the first place. That includes using software like firewalls to protect data. And, analysts maintain best practices for keeping info safe. Knowing the latest trends in IT security is key to the role.
Analysts often work in IT departments. 26% work in computer systems design and related services. 18% work in finance and insurance. Many kinds of businesses need to worry about keeping data safe and need these kinds of analysts.
Jobs for info sec analysts should grow 32% from 2018 to 2028. That’s much faster than average. How to stop hackers and protect data has become a growing concern. Financial companies and health care providers may have the biggest cause for worry. So, these industries could need more analysts to stay on top of threats.
Info sec analysts play a key role in today’s world. The job growth and salary potential reflect that. If protecting data from hackers sounds like a good day’s work, learn more about this career path.
What Degree Should I Earn to Become an Information Security Analyst?
If you hope to be an IT security analyst, you should earn at least a Bachelor’s degree.
- Bachelor’s in Computer Science (CS): The field of CS includes many disciplines. It brings together topics like how to program, software engineering, and networks. You’ll learn how to design and even build computer hardware and software. And, you’ll learn how to maintain computers and IT systems. That includes how to keep them secure.
- Bachelor’s in Information Systems Security: You’ll learn how to maintain security systems. The program covers computing platforms and software that help a company run. You’ll learn how to find out when hackers try to access company info. And, you’ll prep to deal with many IT threats.
- Bachelor’s in Cyber security: This program drills down on IT threats. You’ll learn to deal with data breaches and keep hackers at bay. This program may share topics in common with Information Systems Security. But it may place more of a focus on cyber crimes. That includes solving crimes and tracking down cyber criminals.
- Bachelor’s in Computer Programming: A programming major covers how to write code. The goal is to create computer apps and software that solve problems. You’ll study many languages, like Java and C#. One possible option is to focus on cyber security. Programming skills can help you prep for and combat cyber threats.
Some IT analysts earn an MBA after their Bachelor’s. This can be in an area like Information Systems. In this program, you could focus on management skill areas and with computer courses. You’ll study the tech tools and strategies to solve business problems. And, you’ll learn how to manage a team to achieve goals in IT and beyond.
1
Southern New Hampshire University
- Take advantage of some of the nation’s most affordable tuition rates, while earning a degree from a private, nonprofit, NEASC accredited university
- Qualified students with 2.5 GPA and up may receive up to $20K in grants & scholarships
- Multiple term start dates throughout the year. 24/7 online classroom access.
Popular Programs
Business Administration, Psychology, Information Technology, Human Services…
2
Colorado State University Global
- Ranked #8 by U.S.News & World Report for Best Online Bachelor’s Programs
- Apply up to 90 transfer credits for bachelor’s students, and 9 transfer credits for master’s degree students.
- CSU Global graduates experience a return on investment of 4:1, which means they receive $4 in salary and benefits for every $1 they invest in their education.
Available Programs
Business, Computer Science, Criminal Justice, IT, Psychology…
3
Western Governors University
- Award-winning programs created to help you succeed.
- A quality education doesn’t have to be expensive. Earn an accredited degree for less.
- Programs start monthly – Apply free this week!
Sponsored Schools
5 Key Skills for Information Security Analysts
Info sec analysts may learn skills in school and on the job. Most study areas like CS, information assurance, or how to program. And, many work in IT departments before focusing on IT security.
- Cyber Security: Protect computer systems from threats. These could include hacking, damage, data theft, and more.
- IT Security & Infrastructure: Keep all parts of an IT system safe. And, understand the physical devices, software, and protocols for IT security
- Computer Security: Make sure computers are not hacked, stolen, or damaged. Use measures like firewalls to protect computers.
- Security Policies and Procedure: Know methods to maintain a company’s IT systems. Teach other employees to follow procedures.
- Security Risk Management: Plan for IT threats before they happen. Be proactive to keep risks low.
Information Security Analyst Careers
One company you could work for as an info sec analyst is CGI Inc., a global IT consulting company. CGI brings tech solutions to a business. That means keeping on top of trends in IT, security, and more.
Booz Allen Hamilton is another global IT consulting company. They serve private and public business and employ over 26,300 people. Or, consider Accenture. They also partner with business to enable IT innovation.
Consulting firms are one kind of employer. Some business have in house IT experts. These include Verizon, a major U.S. employer. As a large U.S. telecom company, cyber security is key to the company. Some roles deal with how to find and defend against cyber threats. Other roles deal with how to design and build secure infrastructure.
Do you have an interest in how IT security could enable fun? Sony Interactive Entertainment employs experts in this field. This global company may be better known as PlayStation. They make video games and digital entertainment.
On the financial side of things, check out Visa. As a global payments company, security is top of mind for Visa. So, they may hire for many kinds of security roles. The same goes for American Express and other finance companies or banks.
And, don’t overlook health care and pharma. Patient privacy makes security a key concern in this industry. Employer is PharMerica, a Fortune 1000 company that handles seniors’ health needs. Their tech enables their medication programs. So, they need IT security experts on staff!
In short, large employers need info sec analysts. You can learn more about the above companies or start your search.
How Do I Become an Information Security Analyst?
Most analysts earn at least a Bachelor’s degree. This should be in a computer related field. CS and programming are common majors. But you could study cyber security or a similar field.
Your degree program should cover the basics of how IT systems work. You could study things from computer architecture to coding. And, you’ll learn best practices for how to handle cyber threats.
Some employers ask analysts earn a MBA in info systems. This program teaches both business and computer courses. So, it could help you learn the big picture of how IT security benefits companies.
Analysts often have some work experience, too. They may start out in another IT role, and learn the field from the ground up. Later, they may zero in on info sec. Employers look for analysts with experience tailored to the role. For example, employers may prefer someone with data base admin experience data base security role.
Finally, analysts often earn info sec certs. This helps proves their knowledge to employers. You could earn a general cert, like Certified Information Systems Security Professional (CISSP). Other certs cover more specific skill areas, like systems auditing.
Top Industries for Information Security Analysts
Info sec analysts could work in any field where cyber threats are a concern. That said, some top places employ these experts. These include:
| Industry | Annual Mean Wage |
| Computer systems design | $102,620 |
| Finance and insurance | $101,130 |
| Information | $96,580 |
| Management of companies | $94,180 |
| Admin and support services | $94,120 |
Top States by Employment for Information Security Analysts
The state of Virginia employs the most Info Sec Analysts – over 14,000! This state also has the highest number of analysts. And, it features one of the highest average salaries for this role: $111,780.
Other states with high employment numbers include:
- Texas, with an average salary of $104,170
- California, with an average salary of $110,340
- New York, with an average salary of $122,000
- Florida, with an average salary of $91,950
Professional Certifications for Information Security Analysts
Many employers want info sec analysts to earn certification. Certification helps prove you have the latest skills in IT security. You could also pursue certification in certain skill areas. Like, ethical hacking or systems auditing.
Each of these agency calls for different steps from you. Let’s go over a few of the top certs you could earn.
CEH: Certified Ethical Hacker
CEH certification proves you have the skills to look for weak spots in IT systems. These ethical hackers have the same skills as malicious hackers. Becoming a CEH means you can help a business plan for strong security to keep hackers out. To earn this cert, you must:
Pursue training. This must be an official EC Council training program. You could take it at an accredited training center, accredited school, or online.
OR
Proceed without training. To be considered, you must apply. You’ll need at least two years of work experience related to information security. The application fee is $100.
Pass an exam. The exam takes four hours and has 125 questions.
Keep learning. Your cert is valid for three years. For renewal, you must take 120 CE credits within this time frame. Learn more about the EC Council Continuing Education (ECE) Program, here.
ECSA: EC Council Certified Security Analyst
ECSA certification is a potential next step after becoming a CEH. It covers more advanced knowledge. The focus is doing penetration testing for enterprise clients. To earn the cert, you must:
Complete official training. You should take an EC Council training program. This training covers the material you need to know for your exam.
OR
Skip training. If you don’t want to pursue training, you need to apply to take the exam. You’ll need at least two years of related work experience. And, you must pay a $100 application fee.
Score at least 70% on the exam. This one takes four hours and has 150 questions.
Continue your education. The ECSA cert lasts three years. After that, you must renew. To qualify, you’ll need 120 credits of continuing education each time.
GSEC / GCIH / GCIA: GIAC Security Certifications
GIAC (Global Information Assurance Certification) certifies information security professionals. They award certificates at different levels and focus areas. These include:
GIAC Security Essentials (GSEC): Start with the basics. This cert covers the security skills you need for hands on IT roles. That includes Windows, Linux security, cryptography, and more. You must score at least 73% on a five hour, 180 question exam.
GIAC Certified Incident Handler (GCIH): The GCIH cert also covers basic security skills. Testing your skills for handling security incidents come first. That means knowing hacker methods, how to defend against attacks, and more. You’ll need to score at least 73% on a four hour exam. The exam has between 100 and 150 questions.
GIAC Certified Intrusion Analyst (GCIA): This cert tests for intrusion detection skills. GCIA certification covers network monitoring, traffic analysis, reading log files and more. You must pass a four hour exam with a score of at least 68%. The test has 100 to 150 questions.
GIAC certs are valid for four years. Renewal comes with two options. You could retake the current version of your exam. Or, you could keep up with your Continuing Professional Education credits (CPEs). You must earn 36 CPEs over the four year period. CPE’s are also earned through work experience, industry training, and more.
CISSP: Certified Information Systems Security Professional
CISSP certifies your ability to create effective cyber security programs. Offered by (ISC)², it covers a range of security skills and concepts. So, it may be a good general cert for an info sec analyst. To earn it, you should:
Prep for the exam. You could prep for the CISSP exam in the class, online, or on your own. (ISC)² offers different options. Exam prep is optional but suggested.
Take the exam. It tests you on eight security domains. Security and Risk Management, Asset Security, and Security Operations are a few.
Have enough work experience. You must have at least five years of experience in at least two of the eight security domains. Earning a degree or other credential may count toward a year of work experience. You could even pass the exam while you keep working toward your five years.
Stay current. You must renew every three years. To do so, keep on top of your CPEs.
Professional Organizations
Joining a professional group could help you with your career path. And, it could be a great way to stay on top of trends in tech and security. Here are some to check out.
- ISSA: ISSA is a global group for cyber security pros. It serves as a forum to network and share insights. You could attend meet ups on a local and global level. Attending some events could even help you earn CPEs. There are many options to join. General membership costs $95 per year, plus chapter dues.
- ISACA: This group focuses on info systems. That includes best practices and the latest industry knowledge. Those who work in IT auditing, security, and governance / risk may benefit. Local chapter meetings and larger events let you engage with other pros. Membership is $30, or $10 if you apply online.