How to Become an Information Security Analyst

Get Matched to a Degree for FREE!!

Degree description image

What do Information Security Analysts Do?

Info security analysts keep a company’s computer networks and systems safe. They watch for security breaches and react to cyber attacks.

They also try to prevent attacks from happening, in the first place. That includes using software like firewalls to protect data. And, analysts maintain best practices for keeping info safe. Knowing the latest trends in IT security is key to the role.

Analysts often work in IT departments. 26% work in computer systems design and related services. 18% work in finance and insurance. Many kinds of businesses need to worry about keeping data safe and need these kinds of analysts.

Jobs for info sec analysts should grow 32% from 2018 to 2028. That’s much faster than average. How to stop hackers and protect data has become a growing concern. Financial companies and health care providers may have the biggest cause for worry. So, these industries could need more analysts to stay on top of threats.

Info sec analysts play a key role in today’s world. The job growth and salary potential reflect that. If protecting data from hackers sounds like a good day’s work, learn more about this career path.

What Degree Should I Earn to Become an Information Security Analyst?

If you hope to be an IT security analyst, you should earn at least a Bachelor’s degree.

  • Bachelor’s in Computer Science (CS): The field of CS includes many disciplines. It brings together topics like how to program, software engineering, and networks. You’ll learn how to design and even build computer hardware and software. And, you’ll learn how to maintain computers and IT systems. That includes how to keep them secure.
  • Bachelor’s in Information Systems Security: You’ll learn how to maintain security systems. The program covers computing platforms and software that help a company run. You’ll learn how to find out when hackers try to access company info. And, you’ll prep to deal with many IT threats.
  • Bachelor’s in Cyber security: This program drills down on IT threats. You’ll learn to deal with data breaches and keep hackers at bay. This program may share topics in common with Information Systems Security. But it may place more of a focus on cyber crimes. That includes solving crimes and tracking down cyber criminals.
  • Bachelor’s in Computer Programming: A programming major covers how to write code. The goal is to create computer apps and software that solve problems. You’ll study many languages, like Java and C#. One possible option is to focus on cyber security. Programming skills can help you prep for and combat cyber threats.

Some IT analysts earn an MBA after their Bachelor’s. This can be in an area like Information Systems. In this program, you could focus on management skill areas and with computer courses. You’ll study the tech tools and strategies to solve business problems. And, you’ll learn how to manage a team to achieve goals in IT and beyond.

5 Key Skills for Information Security Analysts

Info sec analysts may learn skills in school and on the job. Most study areas like CS, information assurance, or how to program. And, many work in IT departments before focusing on IT security.

  1. Cyber Security:  Protect computer systems from threats. These could include hacking, damage, data theft, and more.
  2. IT Security & Infrastructure: Keep all parts of an IT system safe. And, understand the physical devices, software, and protocols for IT security
  3. Computer Security: Make sure computers are not hacked, stolen, or damaged. Use measures like firewalls to protect computers.
  4. Security Policies and Procedure: Know methods to maintain a company’s IT systems. Teach other employees to follow procedures.
  5. Security Risk Management: Plan for IT threats before they happen. Be proactive to keep risks low.

Information Security Analyst Careers

One company you could work for as an info sec analyst is CGI Inc., a global IT consulting company. CGI brings tech solutions to a business. That means keeping on top of trends in IT, security, and more.

Booz Allen Hamilton is another global IT consulting company. They serve private and public business and employ over 26,300 people. Or, consider Accenture. They also partner with business to enable IT innovation.

Consulting firms are one kind of employer. Some business have in house IT experts. These include Verizon, a major U.S. employer. As a large U.S. telecom company, cyber security is key to the company. Some roles deal with how to find and defend against cyber threats. Other roles deal with how to design and build secure infrastructure.

Do you have an interest in how IT security could enable fun? Sony Interactive Entertainment employs experts in this field. This global company may be better known as PlayStation. They make video games and digital entertainment.

On the financial side of things, check out Visa. As a global payments company, security is top of mind for Visa. So, they may hire for many kinds of security roles. The same goes for American Express and other finance companies or banks.

And, don’t overlook health care and pharma. Patient privacy makes security a key concern in this industry.  Employer is PharMerica, a Fortune 1000 company that handles seniors’ health needs. Their tech enables their medication programs. So, they need IT security experts on staff!

In short, large employers need info sec analysts. You can learn more about the above companies or start your search.

How Do I Become an Information Security Analyst?

Most analysts earn at least a Bachelor’s degree. This should be in a computer related field. CS and programming are common majors. But you could study cyber security or a similar field.

Your degree program should cover the basics of how IT systems work. You could study things from computer architecture to coding. And, you’ll learn best practices for how to handle cyber threats.

Some employers ask analysts earn a MBA in info systems. This program teaches both business and computer courses. So, it could help you learn the big picture of how IT security benefits companies.

Analysts often have some work experience, too. They may start out in another IT role, and learn the field from the ground up. Later, they may zero in on info sec. Employers look for analysts with experience tailored to the role. For example, employers may prefer someone with data base admin experience data base security role.

Finally, analysts often earn info sec certs. This helps proves their knowledge to employers. You could earn a general cert, like Certified Information Systems Security Professional (CISSP). Other certs cover more specific skill areas, like systems auditing.

Top Industries for Information Security Analysts

Info sec analysts could work in any field where cyber threats are a concern. That said, some top places employ these experts. These include:

IndustryAnnual Mean Wage
Computer systems design$102,620
Finance and insurance$101,130
Information$96,580
Management of companies$94,180
Admin and support services$94,120

Top States by Employment for Information Security Analysts

The state of Virginia employs the most Info Sec Analysts – over 14,000! This state also has the highest number of analysts. And, it features one of the highest average salaries for this role: $111,780.

Other states with high employment numbers include:

  • Texas, with an average salary of $104,170
  • California, with an average salary of $110,340
  • New York, with an average salary of $122,000
  • Florida, with an average salary of $91,950

Professional Certifications for Information Security Analysts

Many employers want info sec analysts to earn certification. Certification helps prove you have the latest skills in IT security. You could also pursue certification in certain skill areas. Like, ethical hacking or systems auditing.

Each of these agency calls for different steps from you. Let’s go over a few of the top certs you could earn.

CEH: Certified Ethical Hacker

CEH certification proves you have the skills to look for weak spots in IT systems. These ethical hackers have the same skills as malicious hackers. Becoming a CEH means you can help a business plan for strong security to keep hackers out. To earn this cert, you must:

Pursue training. This must be an official EC Council training program. You could take it at an accredited training center, accredited school, or online.

OR

Proceed without training. To be considered, you must apply. You’ll need at least two years of work experience related to information security. The application fee is $100.

Pass an exam. The exam takes four hours and has 125  questions.

Keep learning. Your cert is valid for three years. For renewal, you must take 120 CE credits within this time frame. Learn more about the EC Council Continuing Education (ECE) Program, here.

ECSA: EC Council Certified Security Analyst

ECSA certification is a potential next step after becoming a CEH. It covers more advanced knowledge. The  focus is doing penetration testing for enterprise clients. To earn the cert, you must:

Complete official training. You should take an EC Council training program. This training covers the material you need to know for your exam.

OR

Skip training. If you don’t want to pursue training, you need to apply to take the exam. You’ll need at least two years of related work experience. And, you must pay a $100 application fee.

Score at least 70% on the exam. This one takes four hours and has 150 questions.

Continue your education. The ECSA cert lasts three years. After that, you must renew. To qualify, you’ll need 120 credits of continuing education each time.

GSEC / GCIH / GCIA: GIAC Security Certifications

GIAC (Global Information Assurance Certification) certifies information security professionals. They award certificates at different levels and focus areas. These include:

GIAC Security Essentials (GSEC): Start with the basics. This cert covers the security skills you need for hands on IT roles. That includes Windows, Linux security, cryptography, and more. You must score at least 73% on a five hour, 180 question exam.

GIAC Certified Incident Handler (GCIH): The GCIH cert also covers basic security skills. Testing your skills for handling security incidents come first. That means knowing hacker methods, how to defend against attacks, and more. You’ll need to score at least 73% on a four hour exam. The exam has between 100 and 150 questions.

GIAC Certified Intrusion Analyst (GCIA): This cert tests for intrusion detection skills. GCIA certification covers network monitoring, traffic analysis, reading log files and more. You must pass a four hour exam with a score of at least 68%. The test has 100 to 150 questions.

GIAC certs are valid for four years. Renewal comes with two options. You could retake the current version of your exam. Or, you could keep up with your Continuing Professional Education credits (CPEs). You must earn 36 CPEs over the four year period. CPE’s are also earned through work experience, industry training, and more.

CISSP: Certified Information Systems Security Professional

CISSP certifies your ability to create effective cyber security programs. Offered by (ISC)², it covers a range of security skills and concepts. So, it may be a good general cert for an info sec analyst. To earn it, you should:

Prep for the exam. You could prep for the CISSP exam in the class, online, or on your own. (ISC)² offers different options. Exam prep is optional but suggested.

Take the exam. It tests you on eight security domains. Security and Risk Management, Asset Security, and Security Operations are a few.

Have enough work experience. You must have at least five years of experience in at least two of the eight security domains. Earning a degree or other credential may count toward a year of work experience. You could even pass the exam while you keep working toward your five years.

Stay current. You must renew every three years. To do so, keep on top of your CPEs.

Professional Organizations

Joining a professional group could help you with your career path. And, it could be a great way to stay on top of trends in tech and security. Here are some to check out.

  • ISSA: ISSA is a global group for cyber security pros. It serves as a forum to network and share insights. You could attend meet ups on a local and global level. Attending some events could even help you earn CPEs. There are many options to join. General membership costs $95 per year, plus chapter dues.
  • ISACA: This group focuses on info systems. That includes best practices and the latest industry knowledge. Those who work in IT auditing, security, and governance / risk may benefit. Local chapter meetings and larger events let you engage with other pros. Membership is $30, or $10 if you apply online.
  • (ISC)²: A global group of cyber security pros, (ISC)2 offers many benefits to members. These include courses, discounts, and an industry magazine. You can also join or start a local chapter. To become a member, you must earn an (ISC)2 cert, like CISSP.
  • IAPP: This group is for privacy pros. That could include anyone who works to keep data private and secure. Benefits include chances to network, learn, and attend web conferences for CPE credits. Membership costs $275. IAAP offers other tiers to students and non profit workers.

Top Salaries by State for Information Security Analysts

StateEmploymentAnnual Mean Wage
NY6,930$122,000
NJ3,480$121,600
DC1,660$118,080
CT980$112,900
VA14,180$111,780

Types of Careers in Information Security Analysis

 Information Security Analyst

Info Sec Analysts protect computer and IT systems in companies. That means being able to create a security plan and check for threats. They use firewalls, data encryption, and other tools.

And, they do testing to find weak spots that hackers could exploit. Since hackers change up their methods, these pros must stay on top of the latest IT security trends.

Median Salary: $98,350

Job Growth Through 2028: 32% (Much faster than average)

Common Entry level Education: Bachelor’s degree

Computer Systems Analyst

These pros help computer systems run faster. They’re also called systems architects. They bring together business and tech smarts to solve problems in both areas. That means being able to work with business managers to understand how companies run. Then, suggesting tech solutions to better serve that business.

Median Salary: $88,740 per year

Job Growth Through 2028: 9% (Faster than average)

Common Entry level Education: Bachelor’s degree

Computer Network Architect

Computer Network Architects design data communication networks. They also build the networks. These include local area networks (LANs), wide area networks (WANs), and Intranets. Architects must understand a business’s goals, then create a plan that works for that company. Info sec is a key part of this planning.  

Median Salary: $109,020 per year

Job Growth Through 2028: 5% (Average)

Common Entry level Education: Bachelor’s degree

Computer Information Systems Manager

These pros manage IT activities in a business. They assess their company’s computing needs. Then, they recommend upgrades or solutions. Areas they need to consider range from security to computer maintenance. They may hire staff and work with vendors to get the company’s needs met.

Median Salary: $142,530 per year

Job Growth Through 2028: 11% (Much faster than average)

Common Entry level Education: Bachelor’s degree

Network and Computer Systems Administrator

Network Admins deal with the everyday functions of networks in companies. Tasks include being able to organize and install networks, and provide ongoing support. Common tasks include upgrades, repairs, and daily security needs. And, they may help other employees use hardware and software or trouble shoot issues.

Median Salary: $82,050 per year 

Job Growth Through 2028: 5% (Average) 

Common Entry level Education: Bachelor’s degree 

© Education Connection 2019. All Rights Reserved.

EducationDynamics maintains business relationships with the schools it features.

Sources for school statistics is the U.S. Department of Education’s National Center for Education Statistics.

This is an offer for educational opportunities that may lead to employment and not an offer for nor a guarantee of employment. Students should consult with a representative from the school they select to learn more about career opportunities in that field. Program outcomes vary according to each institution’s specific program curriculum.