How to Become an Information Security Analyst

Get Matched to a Degree for FREE!!

Degree description image

What do Information Security Analysts Do?

Information security analysts keep a company’s computer networks and systems safe. They watch for security breaches and react to cyber attacks.

They also try to prevent attacks from happening, in the first place. That includes using software like firewalls to protect data. And, analysts maintain best practices for keeping info safe. Knowing the latest trends in IT security is key to the role.

Analysts often work in IT departments. 26% work in computer systems design and related services. 18% work in finance and insurance. Many kinds of businesses need to worry about keeping data safe and need analysts.

Jobs for information security analysts should grow 32% from 2018 to 2028. That’s much faster than average. Stopping hackers and protecting sensitive data has become a growing concern. Financial companies and healthcare providers may have the biggest cause for worry. So, these industries could need more analysts to stay on top of threats.

Information security analysts play a key role in today’s world. Their projected job growth and salary potential reflect that. If protecting data from hackers sounds like a good day’s work, learn more about this career path.

5 Key Skills for Information Security Analysts

Information security analysts may learn skills in college and on the job. Most study areas like computer science, information assurance, or programming. And, many work in IT departments before focusing on IT security.

  1. Cyber Security:  Protecting computer systems from threats. These could include hacking, damage, data theft, and more.
  2. IT Security & Infrastructure: Keeping all parts of an IT system safe. Understanding the physical devices, software, and protocols for IT security
  3. Computer Security: Making sure computers are not hacked, stolen, or damaged. Using measures like firewalls to protect computers.
  4. Security Policies and Procedure: Knowing protocol for maintaining a company’s IT systems. Teaching other employees to follow procedures.
  5. Security Risk Management: Planning for possible IT threats before they happen. Being proactive to keep risks low.

How Do I Become an Information Security Analyst?

Most analysts earn at least a Bachelor’s degree. This should be in a computer related field. Computer science and programming are common majors. But you could study cybersecurity or a similar field.

Your degree program should cover the basics of how IT systems work. You could study everything from computer architecture to coding. And, you’ll learn best practices for handling cyber threats.

Some employers ask analysts earn a MBA in information systems. This program teaches both business and computer courses. So, it could help you learn the big picture of how IT security benefits companies.

Analysts usually have related work experience, too. They may start out in another IT role, learning the field from the ground up. Later, they may zero in on information security. Employers look for analysts with experience tailored to the role. For example, employers may prefer someone with database administration experience database security role.

Finally, analysts often earn information security certifications. This helps proves their knowledge to employers. You could earn a general certificate, like Certified Information Systems Security Professional (CISSP). Other certificates cover more specific skill areas, like systems auditing.

What Degree Should I Earn to Become an Information Security Analyst?

If you hope to be an IT security analyst, you should earn at least a Bachelor’s degree.

  • Bachelor’s in Computer Science: The field of computer science includes many disciplines. It brings together topics like programming, software engineering, and networks. You’ll learn how to design and even build computer hardware and software. And, you’ll learn how to maintain computers and IT systems. That includes keeping them secure.
  • Bachelor’s in Information Systems Security: You’ll learn how to maintain security systems. The program covers computing platforms and software that help companies run. You’ll learn how to find out when hackers try to access company info. And, you’ll prepare to handle various IT threats.
  • Bachelor’s in Cybersecurity: This program drills down on IT threats. You’ll learn to handle data breaches and keep hackers at bay. This program may share topics in common with Information Systems Security. But it may place a greater focus on cyber crimes. That includes solving crimes and tracking down cyber criminals.
  • Bachelor’s in Computer Programming: A programming major covers how to write code. The goal is to create computer applications and software that solve problems. You’ll study different programming languages, like Java and C#. One possible option is to focus on cyber security. Programming skills can help you prepare for and combat cyber threats.

Some IT security analysts earn an MBA after their Bachelor’s. This is usually in an area like Information Systems. In this program, you could focus on management skill areas and with computer courses. You’ll study the tech tools and strategies to solve business problems. And, you’ll learn how to manage a team to achieve goals in IT and beyond.

Working as an Information Security Analyst

The state of Virginia employs the most Information Security Analysts – over 14,000! This state also has the highest concentration of analysts. And, it features one of the highest average salaries for this role: $111,780.

Other states with high employment numbers include:

  • Texas, with an average salary of $104,170
  • California, with an average salary of $110,340
  • New York, with an average salary of $122,000
  • Florida, with an average salary of $91,950

To pursue a role in the information security field, you could start here. These states host many large employers that need security analysts. One such company is CGI Inc., a global IT consulting company. CGI brings technology solutions to businesses. That means keeping on top of trends in IT, security, and more.

Booz Allen Hamilton is another global IT consulting company. Booz Allen serves private and public businesses and employs over 26,300 people. Or, consider Accenture. They also partner with businesses to enable IT innovation.

Consulting firms are one kind of employer. Some businesses have in house IT experts. These include Verizon, a major U.S. employer. As a large U.S. telecom company, cyber security is crucial to the company. Some roles involve finding and defending against cyber threats. Other roles include designing and building secure infrastructure.

Interested in how IT security could enable fun? Sony Interactive Entertainment employs experts in this field. This global company may be better known as PlayStation. They make video games and digital entertainment.

On the financial side of things, check out Visa. As a global payments company, security is top of mind for Visa. So, they may hire for many kinds of security roles. The same goes for American Express and other financial companies or banks.

And, don’t overlook healthcare and pharma. Patient privacy makes security a key concern in this industry.  Employer is PharMerica, a Fortune 1000 company that handles seniors’ health needs. Technology enables their medication programs. So, they need IT security experts on staff!

In short, large employers in many industries need information security analysts. You can learn more about the above companies or start your search locally.

Top Industries for Information Security Analysts

Information security analysts could work wherever cyber threats are a concern. That said, some top industries employ these experts. These include:

IndustryAnnual Mean Wage
Computer systems design and related services$102,620
Finance and insurance$101,130
Management of companies and enterprises$94,180
Administrative and support services$94,120

Professional Certifications for Information Security Analysts

Many employers want information security analysts to earn certification. Certification helps prove you have the latest skills in IT security. You could also pursue certification in specific skill areas. For instance, ethical hacking or systems auditing.

Each certifying agency calls for different steps from you. Let’s go over a few of the top certifications you could earn.

CEH: Certified Ethical Hacker

CEH certification proves you have the skills to look for weak spots in IT systems. Certified ethical hackers have the same skills as malicious hackers. Becoming a CEH means you can help businesses plan for stronger security to keep hackers out. To earn this certification, you must:

Pursue training. This must be an official EC Council training program. You could take it at an accredited training center, accredited school, or online.


Proceed without training. For consideration, you must apply. You’ll need at least two years of work experience related to information security. The application fee is $100.

Pass an exam. The exam takes four hours and has 125  questions.

Keep learning. Your certificate is valid for three years. For recertification, you must take 120 CE credits within this time frame. Learn more about the EC Council Continuing Education (ECE) Program, here.

ECSA: EC Council Certified Security Analyst

ECSA certification is a potential next step after becoming a CEH. It covers more advanced security knowledge. The  focus is doing penetration testing for enterprise clients. To earn the certificate, you must:

Complete official training. You should take an EC Council training program. This training covers the material you need to know for your exam.


Skip training. If you don’t want to pursue training, you need to apply to take the exam. You’ll need at least two years of related work experience. And, you must pay a $100 application fee.

Score at least 70% on the exam. This one takes four hours and has 150 questions.

Continue your education. The ECSA certificate lasts three years. After that, you must recertify. To qualify, you’ll need 120 credits of continuing education each time.

GSEC / GCIH / GCIA: GIAC Security Certifications

GIAC (Global Information Assurance Certification) certifies information security professionals: They award certificates at different levels and focus areas. These include:

GIAC Security Essentials (GSEC): Start with the basics. This certificate covers the security skills you need for hands on IT roles. That includes Windows, Linux security, cryptography, and more. You must score at least 73% on a five hour, 180 question exam.

GIAC Certified Incident Handler (GCIH): The GCIH certificate also covers basic security skills. Testing your skills for handling security incidents come first. That means understanding hacker methods, how to defend against attacks, and more. You’ll need to score at least 73% on a four hour exam. The exam has between 100 and 150 questions.

GIAC Certified Intrusion Analyst (GCIA): This cert tests for intrusion detection skills. GCIA certification covers network monitoring, traffic analysis, reading log files and more. You must pass a four hour exam with a score of at least 68%. The test has 100 to 150 questions.

GIAC certificates are valid for four years. Recertification comes with two options. You could retake the current version of your exam. Or, you could keep up with your Continuing Professional Education credits (CPEs). You must earn 36 CPEs over the four year period. CPE’s are also earned through work experience, industry training, and more.

CISSP: Certified Information Systems Security Professional

CISSP certifies your ability to create effective cyber security programs. Offered by (ISC)², it covers a range of security skills and concepts. So, it may be a good general certificate for information security analysts. To earn it, you should:

Prepare for the exam. You could prepare for the CISSP exam in a classroom, online, or on your own. (ISC)² offers different options. Exam prep is optional but recommended.

Take the exam. It tests you on eight security domains. Security and Risk Management, Asset Security, and Security Operations are a few.

Have enough work experience. You must have at least five years of experience in at least two of the eight security domains. Earning a college degree or other credential may count toward a year of work experience. You could even pass the exam while you keep working toward your five years.

Stay current. You must recertify every three years. To do so, keep on top of your Continuing Professional Education credits, or CPEs.

Professional Organizations

Joining a professional group could help you with your career path. And, it could be a great way to stay on top of trends in tech and security. Here are some to check out.

  • ISSA: ISSA is a global group for cyber security pros. It serves as a forum to network and share insights. You could attend meetups on a local and global level. Attending some events could even help you earn CPEs. There are several options to join. General membership costs $95 per year, plus chapter dues.
  • ISACA: This group focuses on information systems. That includes best practices and the latest industry knowledge. Those who work in IT auditing, security, and governance / risk may benefit. Local chapter meetings and larger events let you engage with other pros. Professional membership is $30, or $10 if you apply online.
  • (ISC)²: A global group of cyber security pros, (ISC)2 offers many benefits to members. These include courses and webinars, discounts, and an industry magazine. You can also join or start a local chapter. To become a member, you must earn an (ISC)2 certification, like CISSP.
  • IAPP: This group is for privacy pros. That could include anyone who works to keep data private and secure. Benefits include opportunities to network, learn, and attend web conferences for CPE credits. Professional membership costs $275. IAAP offers other tiers to students and nonprofit workers.

Top Salaries by State for Information Security Analysts

StateEmploymentAnnual Mean Wage

Types of Careers in Information Security Analysis

 Information Security Analyst

Information Security Analysts protect computer and IT systems in companies. That means creating a security plan and checking for threats. They use firewalls, data encryption, and other tools.

And, they do penetration testing to find weak spots that hackers could exploit. Since hackers change up their methods, these pros must stay on top of the latest IT security trends.

Median Salary: $98,350

Job Growth Through 2028: 32% (Much faster than average)

Common Entry level Education: Bachelor’s degree

Computer Systems Analyst

Computer Systems Analysts help computer systems run faster. They’re also called systems architects. These pros bring together business and tech smarts to solve problems in both areas. That means working with business managers to understand how companies run. Then, suggesting technology solutions to better serve that business.

Median Salary: $88,740 per year

Job Growth Through 2028: 9% (Faster than average)

Common Entry level Education: Bachelor’s degree

Computer Network Architect

Computer Network Architects design data communication networks. They also build the networks. These include local area networks (LANs), wide area networks (WANs), and Intranets. Architects must understand a business’s goals, then create a plan that works for that company. Information security is an important part of this planning.  

Median Salary: $109,020 per year

Job Growth Through 2028: 5% (Average)

Common Entry level Education: Bachelor’s degree

Computer Information Systems Manager

Computer Information Systems Managers manage IT activities in a business. These pros assess their company’s computing needs. Then, they recommend upgrades or solutions. Areas they need to consider range from security to computer maintenance. They may hire staff and work with vendors to get the company’s needs met.

Median Salary: $142,530 per year

Job Growth Through 2028: 11% (Much faster than average)

Common Entry level Education: Bachelor’s degree

Network and Computer Systems Administrator

Network and Computer Systems Administrators handle the everyday operation of networks in companies. Tasks include organizing and installing networks, while providing ongoing support and maintenance. Common duties include upgrades, repairs, and daily security needs. And, they may help other employees use hardware and software or troubleshoot issues.

Median Salary: $82,050 per year 

Job Growth Through 2028: 5% (Average) 

Common Entry level Education: Bachelor’s degree 

© Education Connection 2019. All Rights Reserved.

EducationDynamics maintains business relationships with the schools it features.

Sources for school statistics is the U.S. Department of Education’s National Center for Education Statistics.

This is an offer for educational opportunities that may lead to employment and not an offer for nor a guarantee of employment. Students should consult with a representative from the school they select to learn more about career opportunities in that field. Program outcomes vary according to each institution’s specific program curriculum.