Steps to Become a Cyber Security Analyst
If you want to become an information / cyber security analyst, the process will involve rigorous training and some very difficult work, but every minute will be worth it.
Importance of Cyber Security
Cyber crime is one of the fastest-growing security threats in the U.S. As more businesses, government agencies, healthcare and financial services move online, business data and their users' personal information—names and addresses, social security numbers, dates of birth, emails and credit card information—become valuable commodities for hackers. Selling and mining data on the dark web has become an enormous business for cyber criminals as they put information up for sale and hold businesses hostage through ransomware.
In 2022 alone the average cost of a data breach in the U.S. was $9.44 million, approximately $5.09 million more than in any other country in the world, says IBM. The industry hardest hit: healthcare. In fact, IBM says the cost of a healthcare industry breach was 42% more than in 2020—and it had the highest average data breach cost of any other industry.
And as digital crime grows, the need for information security analysts grows with it. In fact, the U.S. Bureau of Labor Statistics says the job growth for information security analysts will be 31.5% through 2032. While this growth is far above the national average for all other career fields combined, it's hard to imagine the need for qualified, educated professionals won't grow further with the upward growth in cyber crime, making a career as a cyber security analyst as valuable as the PII and businesses they're hired to protect.
What does a cyber security analyst do?
What does the cyber security analyst job description entail? Primarily, they are responsible for the digital security of the company or government agency where they work. As an information security analyst, you will have to analyze the cyber policies and protocols and do a thorough audit to determine any weaknesses in the company or agency security system. You will also need to anticipate future flaws which might result in disaster for everyone.
You might need to assess new firewall technology to protect your systems. After that, it may be necessary to customize the software to best suit your organization. When the security system is unique, cyber criminals will face new challenges when they encounter your domain.
Here are the daily tasks and duties for cyber security analysts, according to the U.S. Bureau of Labor Statistics:
- Monitor networks for security breaches and investigate when one occurs
- Use and maintain software, such as firewalls and data encryption programs, to protect sensitive information
- Check for vulnerabilities in computer and network systems
- Research the latest information technology security trends and recommend them to companies or individuals
- Prepare reports that document general metrics, attempted attacks and security breaches
- Develop security standards and best practices for their organization
- Recommend security enhancements to management or senior IT staff
Cyber security analysts are also involved in creating data recovery plans in case of a breach. The recovery plan usually includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.
How to become a Cyber Security Analyst in 4 steps
Earn a bachelor's degree.
In terms of cyber security analyst requirements, most companies prefer their analyst applicants to have earned a bachelor's degree in cyber security, information technology, computer science or software engineering. A bachelor's degree will take approximately four years to earn.
Gain experience.
Your experience may help you get a job, so if you are still in school you might seek out a part-time position or an internship. On top of your purely technical skills, try to also cultivate your communication abilities. Effective interpersonal communication skills can make a huge difference in your progress.
Consider earning a master's degree if you want to advance.
If you plan to move into administrative roles such as CISO or into areas such as cyber warfare, E-government, risk management or cyber security management, a two-year master's degree may give you an edge over bachelor's degree holders. It may seem like a long education road, but these six years of school should have a payoff in the end when you find you have more career flexibility and opportunity for advancement.
When you begin a master's program in cyber security, you may need to declare your area of specialty. It may even be that you will have a specific focus in mind before applying for grad school, so start looking at areas of cyber security that hold interest for you while you're still in your bachelor's program.
Find your first job.
Your first job will likely require completion of a bachelor's degree and possibly 1-to-2 years in an internship or other experience. You may be able to substitute bootcamps or industry certifications for a bachelor's when you first enter the field. Your part-time IT job in college might provide the sort of experience you need.
You will work with the senior cyber analysts to brainstorm solutions to security problems and work to synthesize the various business systems. Since your primary place of employment will most likely be a business, you'll want to look at financial, e-commerce and business institutions in your area, as they are likely candidates to utilize a cyber security analyst's unique talents and skills.
CYBER SECURITY ANALYST Salary & JOB OUTLOOK
Though cyber security analysts are technically a smaller subset of information security, they should anticipate a similar growing demand as cyber crime grows globally. The U.S. Bureau of Labor Statistics predicts a through 2032. Take a look at the median annual salaries for Information Security Analysts as documented by the BLS.
States with THE highest median security analyst salary
In terms of where you'll find the highest employment level of cyber analysts, Washington, Iowa, New York, California and New Hampshire are where you'd look. In terms of which states have the highest concentration of information security analyst jobs per capita, those would be Virginia, DC, Maryland, New Mexico and Colorado. This makes sense as three states are all in close proximity to the most guarded data near the United States Federal Government.
Here are the top five states for cyber security analysts and the median salary they earn:
| State | Average annual salary |
|---|---|
| New York | $140,770 |
| California | $140,730 |
| Iowa | $143,960 |
| New Hampshire | $139,050 |
| Washington | $148,090 |
HIGHEST-PAYING METRO AREAS FOR CYBER ANALYSTS
And here are the top 10 highest-paying metro areas for information security analysts according to the BLS:
SIMILAR PROFESSIONS AND THEIR PAY
If you're interested in what other information security careers that are similar to cyber analysts earn, take a look at the median pay for related careers:
Cyber Security career paths and Job levels
When you begin the path toward a cyber security analyst career, you will likely start in an entry-level job as an applications system analyst, progress into a senior cyber analyst position and then advance to a systems analyst specialist role.
ENTRY-LEVEL ROLES
Your entry-level job will probably require a bachelor's degree and possibly 1-to-2 years in an internship or other experience. Your part-time IT job in college might provide the sort of experience you need. You will work as a junior with the supervision of senior cyber analysts to brainstorm solutions to security problems and work to synthesize the various business systems.
SENIOR-LEVEL INFORMATION SECURITY ANALYST ROLES
When you move into the senior analyst position, you might consider a graduate-level certificate or a graduate degree in cyber security. Your duties will expand from your previous position to include coordinating the efforts of the business executives and the technical team to come up with synergistic tech strategies. When you are coordinating between non-technical people and programmers, your writing skills will be tested in that you will need to convey highly technical information to those who may not be as familiar with technical jargon.
AT THE TOP OF THIS CAREER LADDER IS THE SYSTEMS ANALYST SPECIALIST
For a systems analyst specialist job, an IT MBA that focuses on cyber security may be required. You will need to have an experienced track record that shows your excellence in the field. Your duties may include steering the IT department toward its security and systems goals and you may also be called upon to brainstorm new programming practices that will frame the culture of the work for everyone from junior cyber security analysts on up. You could choose to work as part of the Security Operations Center (SOC) team as an analyst.
Alternatively, you might gain experience in the security field and devote your time to working as a security consultant. In this role, you could work for a large consultancy firm and take on projects as they become available. You might also choose to go solo and work with small IT departments to help them maintain and secure their databases and networks. If you choose to work as a private analyst and find your workload expanding, you may need to subcontract work to other independents or small IT firms.
CERTIFICATIONS FOR CYBER SECURITY ANALYSTS
Cyber security analysts have several professional certifications to consider that may help them advance and excel in their roles. Certifications typically consist of a course of study and then an intensive exam that you must pass in order to be awarded the credential. While there are other certifications that are targeted at IT professionals, here are just some of the cyber security-based certifications, what they encompass and who they're for.
CompTIA Security+
What it is: CompTIA Security+ is considered the basic but essential industry credential that validates core skills for cyber security professionals. It's a stepping-stone to next-level roles and meets Department of Defense initiatives and compliance.
Who it's for: Network and Cloud engineers, IT project managers, security administrators, auditors, security engineers and analysts
Certified Information Systems Security Professional (CISSP)
What it is: The CISSP is a mid-level certification offered by (ISC)2 and is highly ranked in the cyber security field. The credential teaches security design, implementation and management. You should have at least five years of experience to qualify for the exam. Individuals with less experience may pursue the Associate of (ISC)2 certification.
Who it's for: Mid-level directors of information security, security systems engineers and analysts, security managers, architects, auditors and consultants
GIAC Security Essentials Certification (GSEC)
What it is: This GIAC (previously Global Information Assurance Certification) entry-level credential is for cyber security beginners. It provides basic knowledge and beyond and equips you with the tactical skills to fill IT systems roles that navigate active defense, cryptography, defensible network architecture, security policy and web security.
Who it's for: Primarily new (but established is okay) information security professionals in operations, engineering, supervisory, administrative and analytical roles
Certified Ethical Hacker (CEH)® Certification
What it is: A CEH® certification allows you to think like a cyber criminal by providing cutting-edge training on the most current trends in hacking for security professionals. Presented in a gamified format, the CEH® course includes everything from the basics of ethical hacking to solving real-world hacking challenges across platforms, systems and networks.
Who it's for: Information and cyber security analysts, managers, engineers and administrators
ARE CYBER SECURITY BOOTCAMPS WORTH IT?
You now know that a cyber security degree is essential if you want to move into management or mid-level roles in cyber security. But you've probably heard a lot about bootcamps and wondered if they're worth the investment.
Short answer: Yes. Cyber security bootcamps are a smart option for most people wanting to enter the field.
Cyber security bootcamps are intensive and focused, and pack a wealth of information and curriculum into condensed classes that cover a wide range of information security topics and tactics. Courses usually take anywhere from 12 to 25 weeks and are designed to help you learn in a hands-on, immersive learning environment. Bootcamps are, just as they sound, rigorous and intense and not for everyone, but if you're able to learn quickly and focus, they could be a good option for you.
FREQUENTLY ASKED QUESTIONS
Can cyber security analysts work from home?
Depending upon your employment, you may be able to work from home, but since the crux of your job is security you will need to have safety and security protocols in place to access your company's network and systems.
This means a VPN, remote and secure logins and firewalls, and the highest levels of virus protection. If you work for a large corporation with financial and consumer data on the line, you may be required to be in-house for at least some of your workweek when you perform the most sensitive tasks. In the event of a breach, you will likely be required to be onsite and often for more than the typical eight-hour day.
Can I get into cyber security without a degree?
Yes. If you want to get into cyber security but don't want to earn a degree, you can enroll in bootcamps and industry certification programs. This track can prepare you for entry- and mid-level roles but if you have your eye on management, you'll likely need at least a bachelor's and more often, a master's in IT or information security, to be considered. If you have a bachelor's in another area or a related area, professional certifications online could help you get into the field.
Can cyber security analysts hack?
While there's nothing to say they can't, a cyber security analyst's job is to act defensively and protect the system and network by taking all possible protective measures. If you want to hack, an ethical hacker or penetration tester role might be a better choice as a career as they act offensively to test and purposefully find flaws and weaknesses in systems so they can be patched and fixed prior to release.
Does being a cyber security analyst require coding?
Cyber security analyst roles are not usually required to code, however knowing how to code is extremely helpful as you progress in your career. Common cyber security languages include Java, JavaScript, Python, SQL and PHP among others, so if you're designing protocols to secure your company's network you should have at least a working knowledge of code and languages even if you aren't a practicing coder.
What's the difference between a cyber security analyst and cyber security engineer?
While cyber security analysts and cyber security engineers both offer solutions to security issues posed by cyber criminals, cyber security engineers are responsible for implementing the changes that a cyber security analyst recommends to protect a network. Engineers are the hands-on professionals responsible for creating the system an organization uses to protect its sensitive data.
And what about cyber security analysts vs. cyber crime investigators?
A cyber security analyst protects his agency or company from cyber criminals, while a cyber crime investigator is called in after a cyber crime is committed.
The investigator's job is to scrutinize logs and other data to determine where databases have been compromised. They may be specifically trained to recognize the means and methods of criminals. When not investigating a case, they might spend time researching new trends in cyber criminal behavior or they may attempt to hack into crime rings to gather intelligence on their activities.
An investigator will likely be called to create detailed reports and then be required to testify in court. A cyber crime investigator will need to be knowledgeable of the laws and protocols pertaining to evidence gathering, handling and assessment. They may also be called to train and consult with police or federal agencies to get them up to speed on trends in cyber crime.
Getting started
If you're committed to fighting cyber crime and to earning the education needed to enter a field that offers promising job growth as well as the opportunity to grow and advance into managerial roles, why not start taking the first steps now? Just as cyber crime is becoming more sophisticated, so are the challenges you'll face as a cyber security analyst in keeping a step ahead and outsmarting cyber criminals.
The good news? You can start learning in a bootcamp or other non-degree program and get a feel for what cyber security analysts do. All you have to do to begin is click the Find Schools button.
Updated: March 21, 2023