Information security analysts keep organizations' data safe. You can become one by getting a certification, building the right skills, or earning a related degree.
The twenty-first century has already seen large information breaches at big companies in which sensitive data—including the credit card numbers, passwords, and social security numbers of hundreds of millions of users—were compromised. Information security analysts work to protect organizations from similar threats, preventing data hacks and breaches.
Here’s what you need to know about becoming an information security analyst.
Learn more: 10 Popular Cybersecurity Certifications
Information security analysts received a median salary of $99,730 in May 2019, reports the BLS. The hourly equivalent is about $47.95 per hour .
Job prospects in the information security field are expected to grow rapidly in the next decade. The BLS estimates that information security analyst positions will grow by 31 percent from 2019 to 2029. That’s much faster than the average for all occupations.
An information security analyst protects an organization's computer networks, systems, and databases from cyberattacks and data breaches.
An information security analyst’s job description might specifically include:
Detecting, monitoring, and mediating various aspects of security—including physical security, software security, and network security
Performing compliance control testing
Developing recommendations and training programs to minimize security risk in the company
Being aware of evolving threats in cybersecurity space by communicating with external sources
Collaborating with other teams and management within a company to implement best security practices
Information security analysts are needed in companies that keep sensitive data and information. This can include almost any field—including business, governance, technology, finance, energy, and many more.
Information security is often confused with cybersecurity—which is understandable, because there is significant overlap, and many use the two interchangeably. Cybersecurity, however, refers more broadly to preventing cyberattacks that come from unauthorized electronic sources.
Information security focuses specifically on protecting the data and information of an organization, employees, or users, which can exist in both physical and electronic form. Information security also means making sure data is accessible to those who are authorized to use it.
You can take several paths to become an information security analyst. Ultimately, you’ll need to have certain skills. These include:
Computer security basics: This includes knowledge of firewalls, routers, and other security infrastructure, as well as an understanding of risk management frameworks. Some information security jobs might ask for ethical hacking or penetration testing experience.
Familiarity with privacy laws: Information security analyst positions can call for a familiarity with data privacy laws in your region. Working in specific sectors, like healthcare or finance, might also call for an understanding of those sector’s privacy laws.
Communication and teamwork: Knowing where and how security threats happen, and responding to them once they do, means you’ll be communicating frequently with your team and other players.
You can build out these skills through the following means.
IT certifications: Earning a cybersecurity certification can give you a solid knowledge base in security issues, while also giving you the credentials to show employers your competency. Certifications in security or networks are a good place to start.
Degrees: Information security analyst positions typically call for at least a bachelor’s degree. Majoring in computer science or computer engineering can set you up to be a competitive job candidate for information security jobs upon graduation.
If you don’t have a bachelor’s degree in a computer-related field, make sure you have relevant skills and look for entry-level positions that don’t call for specific degrees. You can work your way up to being an analyst from there. With a few years of experience under your belt, hiring managers may waive degree requirements. Getting an entry-level IT certification may also give you the experience needed.
Being able to keep organizations safe from ill-intentioned players can make a career as an information security analyst deeply rewarding—and not just financially. Getting the proper training, through certifications or otherwise, can be the first step to getting your career started. Look up information security analyst job postings in your area to see what specific skills local companies are looking for, and cater your resume and training around those.
1. US Bureau of Labor Statistics. "Information Security Analysts, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm." Accessed March 26, 2021.
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.