Steps to Become a Cyber Security Analyst

If you want to become an information / cyber security analyst, the process will involve rigorous training and some very difficult work, but every minute will be worth it.

Importance of Cyber Security


Cyber crime is one of the fastest-growing security threats in the U.S. As more businesses, government agencies, healthcare and financial services move online, business data and their users' personal information—names and addresses, social security numbers, dates of birth, emails and credit card information—become valuable commodities for hackers. Selling and mining data on the dark web has become an enormous business for cyber criminals as they put information up for sale and hold businesses hostage through ransomware. 

In 2022 alone the average cost of a data breach in the U.S. was $9.44 million, approximately $5.09 million more than in any other country in the world, says IBM. The industry hardest hit: healthcare. In fact, IBM says the cost of a healthcare industry breach was 42% more than in 2020—and it had the highest average data breach cost of any other industry.

And as digital crime grows, the need for information security analysts grows with it. In fact, the U.S. Bureau of Labor Statistics says the job growth for information security analysts will be 31.5% through 2032. While this growth is far above the national average for all other career fields combined, it's hard to imagine the need for qualified, educated professionals won't grow further with the upward growth in cyber crime, making a career as a cyber security analyst as valuable as the PII and businesses they're hired to protect.

What does a cyber security analyst do?

What does the cyber security analyst job description entail? Primarily, they are responsible for the digital security of the company or government agency where they work. As an information security analyst, you will have to analyze the cyber policies and protocols and do a thorough audit to determine any weaknesses in the company or agency security system. You will also need to anticipate future flaws which might result in disaster for everyone.

You might need to assess new firewall technology to protect your systems. After that, it may be necessary to customize the software to best suit your organization. When the security system is unique, cyber criminals will face new challenges when they encounter your domain.

Here are the daily tasks and duties for cyber security analysts, according to the U.S. Bureau of Labor Statistics:

  • Monitor networks for security breaches and investigate when one occurs
  • Use and maintain software, such as firewalls and data encryption programs, to protect sensitive information
  • Check for vulnerabilities in computer and network systems
  • Research the latest information technology security trends and recommend them to companies or individuals
  • Prepare reports that document general metrics, attempted attacks and security breaches
  • Develop security standards and best practices for their organization
  • Recommend security enhancements to management or senior IT staff

Cyber security analysts are also involved in creating data recovery plans in case of a breach. The recovery plan usually includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.

How to become a Cyber Security Analyst in 4 steps

Earn a bachelor's degree.

team of cyber security professionals look at hacked areas on projected image

In terms of cyber security analyst requirements, most companies prefer their analyst applicants to have earned a bachelor's degree in cyber security, information technology, computer science or software engineering. A bachelor's degree will take approximately four years to earn.

Gain experience.

two cyber security coworkers in colo check performance

Your experience may help you get a job, so if you are still in school you might seek out a part-time position or an internship. On top of your purely technical skills, try to also cultivate your communication abilities. Effective interpersonal communication skills can make a huge difference in your progress.

Consider earning a master's degree if you want to advance.

man checks mobile security

If you plan to move into administrative roles such as CISO or into areas such as cyber warfare, E-government, risk management or cyber security management, a two-year master's degree may give you an edge over bachelor's degree holders. It may seem like a long education road, but these six years of school should have a payoff in the end when you find you have more career flexibility and opportunity for advancement.

When you begin a master's program in cyber security, you may need to declare your area of specialty. It may even be that you will have a specific focus in mind before applying for grad school, so start looking at areas of cyber security that hold interest for you while you're still in your bachelor's program.

Find your first job.

cyber security analyst looks at security vulnerabilities on computer screen

Your first job will likely require completion of a bachelor's degree and possibly 1-to-2 years in an internship or other experience. You may be able to substitute bootcamps or industry certifications for a bachelor's when you first enter the field. Your part-time IT job in college might provide the sort of experience you need.

You will work with the senior cyber analysts to brainstorm solutions to security problems and work to synthesize the various business systems. Since your primary place of employment will most likely be a business, you'll want to look at financial, e-commerce and business institutions in your area, as they are likely candidates to utilize a cyber security analyst's unique talents and skills.


Though cyber security analysts are technically a smaller subset of information security, they should anticipate a similar growing demand as cyber crime grows globally. The U.S. Bureau of Labor Statistics predicts a through 2032. Take a look at the median annual salaries for Information Security Analysts as documented by the BLS.

Information Security Analysts

National data

Median Salary: $112,000

Projected job growth: 31.5%

10th Percentile: $66,010

25th Percentile: $85,270

75th Percentile: $141,130

90th Percentile: $174,540

Projected job growth: 31.5%

State data

State Median Salary Bottom 10% Top 10%
Alabama $105,180 $53,680 $165,980
Alaska $93,960 $68,220 $141,470
Arizona $106,360 $60,110 $158,300
Arkansas $83,370 $47,300 $135,280
California $134,830 $72,590 $203,110
Colorado $109,610 $64,240 $172,420
Connecticut $119,270 $84,190 $162,960
Delaware $127,670 $85,910 $174,690
District of Columbia $123,140 $84,300 $177,240
Florida $106,440 $63,710 $164,920
Georgia $117,020 $70,730 $168,580
Hawaii $107,060 $64,810 $174,350
Idaho $103,450 $54,840 $148,460
Illinois $108,510 $64,180 $161,250
Indiana $85,190 $49,740 $132,210
Iowa $104,750 $52,930 N/A
Kansas $96,960 $60,320 $128,850
Kentucky $88,820 $43,800 $156,000
Louisiana $85,580 $56,380 $129,640
Maine $85,300 $60,310 $124,650
Maryland $131,260 $74,930 $203,470
Massachusetts $113,610 $64,610 $173,290
Michigan $98,620 $55,030 $155,930
Minnesota $109,760 $71,920 $158,940
Mississippi $81,140 $50,110 $131,990
Missouri $84,140 $40,100 $133,330
Montana $81,080 $51,990 $159,630
Nebraska $96,050 $61,670 $133,050
Nevada $95,710 $64,250 $161,590
New Hampshire $133,680 $82,220 $189,750
New Jersey $130,210 $82,900 $173,310
New Mexico $123,240 $70,220 $165,170
New York $133,100 $76,450 $215,550
North Carolina $117,860 $76,100 $175,320
North Dakota $84,900 $50,220 $130,850
Ohio $103,470 $60,060 $155,900
Oklahoma $95,360 $54,020 $139,680
Oregon $119,990 $66,590 $172,380
Pennsylvania $99,200 $49,220 $148,170
Rhode Island $104,200 $71,840 $164,470
South Carolina $105,000 $56,620 $139,750
South Dakota $101,130 $70,400 $129,790
Tennessee $95,740 $62,240 $164,810
Texas $110,270 $69,040 $162,800
Utah $103,570 $60,110 $174,920
Vermont $79,780 $51,330 $132,050
Virginia $130,130 $80,170 $181,280
Washington $133,120 $82,420 $181,550
West Virginia $86,340 $37,370 $141,760
Wisconsin $104,520 $61,450 $138,620
Wyoming $92,890 $51,280 $123,880

Source: U.S. Bureau of Labor Statistics (BLS) 2022 median salary; projected job growth through 2032. Actual salaries vary depending on location, level of education, years of experience, work environment, and other factors. Salaries may differ even more for those who are self-employed or work part time.

States with THE highest median security analyst salary

In terms of where you'll find the highest employment level of cyber analysts, Virginia, Texas, Florida, New York and Maryland are where you'd look. In terms of which states have the highest concentration of information security analyst jobs per capita, those would be Virginia, DC, Maryland, Delaware, and Colorado. This makes sense as they are all in close proximity to the most guarded data near the United States Federal Government.

Here are the top five states for cyber security analysts and the median salary they earn:

StateAverage annual salary
New York$138,730
New Hampshire$135,320


And here are the top 10 highest-paying metro areas for information security analysts according to the BLS:

Metro Area Median Annual Salary
San Jose-Sunnyvale-Santa Clara, CA $158,650
Midland, MI $141,400
Idaho Falls, ID $136,620
Charlotte-Concord-Gastonia, NC-SC $136,460
New York-Newark-Jersey City, NY-NJ-PA $136,010
Trenton, NJ $135,590
Seattle-Tacoma-Bellevue, WA $134,700
Portsmouth, NH-ME $133,680
Bridgeport-Stamford-Norwalk, CT $133,030
Washington-Arlington-Alexandria, DC-VA-MD-WV $132,640


If you're interested in what other information security careers that are similar to cyber analysts earn, take a look at the median pay for related careers:

Career Median Annual Salary
Information Security Analysts $112,000
Computer Systems Analysts $102,240
Computer and Information Systems Managers $164,070
Network and Computer Systems Administrators $90,520
Software Quality Assurance Analysts and Testers $99,620

Cyber Security career paths and Job levels

When you begin the path toward a cyber security analyst career, you will likely start in an entry-level job as an applications system analyst, progress into a senior cyber analyst position and then advance to a systems analyst specialist role.



Your entry-level job will probably require a bachelor's degree and possibly 1-to-2 years in an internship or other experience. Your part-time IT job in college might provide the sort of experience you need. You will work as a junior with the supervision of senior cyber analysts to brainstorm solutions to security problems and work to synthesize the various business systems.


When you move into the senior analyst position, you might consider a graduate-level certificate or a graduate degree in cyber security. Your duties will expand from your previous position to include coordinating the efforts of the business executives and the technical team to come up with synergistic tech strategies. When you are coordinating between non-technical people and programmers, your writing skills will be tested in that you will need to convey highly technical information to those who may not be as familiar with technical jargon.



For a systems analyst specialist job, an IT MBA that focuses on cyber security may be required. You will need to have an experienced track record that shows your excellence in the field. Your duties may include steering the IT department toward its security and systems goals and you may also be called upon to brainstorm new programming practices that will frame the culture of the work for everyone from junior cyber security analysts on up. You could choose to work as part of the Security Operations Center (SOC) team as an analyst.

Alternatively, you might gain experience in the security field and devote your time to working as a security consultant. In this role, you could work for a large consultancy firm and take on projects as they become available. You might also choose to go solo and work with small IT departments to help them maintain and secure their databases and networks. If you choose to work as a private analyst and find your workload expanding, you may need to subcontract work to other independents or small IT firms.


Cyber security analysts have several professional certifications to consider that may help them advance and excel in their roles. Certifications typically consist of a course of study and then an intensive exam that you must pass in order to be awarded the credential. While there are other certifications that are targeted at IT professionals, here are just some of the cyber security-based certifications, what they encompass and who they're for.

CompTIA Security+

What it is: CompTIA Security+ is considered the basic but essential industry credential that validates core skills for cyber security professionals. It's a stepping-stone to next-level roles and meets Department of Defense initiatives and compliance.

Who it's for: Network and Cloud engineers, IT project managers, security administrators, auditors, security engineers and analysts

Certified Information Systems Security Professional (CISSP)

What it is: The CISSP is a mid-level certification offered by (ISC)2 and is highly ranked in the cyber security field. The credential teaches security design, implementation and management. You should have at least five years of experience to qualify for the exam. Individuals with less experience may pursue the Associate of (ISC)2 certification.

Who it's for: Mid-level directors of information security, security systems engineers and analysts, security managers, architects, auditors and consultants

GIAC Security Essentials Certification (GSEC)

What it is: This GIAC (previously Global Information Assurance Certification) entry-level credential is for cyber security beginners. It provides basic knowledge and beyond and equips you with the tactical skills to fill IT systems roles that navigate active defense, cryptography, defensible network architecture, security policy and web security.

Who it's for: Primarily new (but established is okay) information security professionals in operations, engineering, supervisory, administrative and analytical roles

Certified Ethical Hacker (CEH)® Certification

What it is: A CEH® certification allows you to think like a cyber criminal by providing cutting-edge training on the most current trends in hacking for security professionals. Presented in a gamified format, the CEH® course includes everything from the basics of ethical hacking to solving real-world hacking challenges across platforms, systems and networks.

Who it's for: Information and cyber security analysts, managers, engineers and administrators


You now know that a cyber security degree is essential if you want to move into management or mid-level roles in cyber security. But you've probably heard a lot about bootcamps and wondered if they're worth the investment.

Short answer: Yes. Cyber security bootcamps are a smart option for most people wanting to enter the field.

Cyber security bootcamps are intensive and focused, and pack a wealth of information and curriculum into condensed classes that cover a wide range of information security topics and tactics. Courses usually take anywhere from 12 to 25 weeks and are designed to help you learn in a hands-on, immersive learning environment. Bootcamps are, just as they sound, rigorous and intense and not for everyone, but if you're able to learn quickly and focus, they could be a good option for you.


Can cyber security analysts work from home?

Depending upon your employment, you may be able to work from home, but since the crux of your job is security you will need to have safety and security protocols in place to access your company's network and systems.

This means a VPN, remote and secure logins and firewalls, and the highest levels of virus protection. If you work for a large corporation with financial and consumer data on the line, you may be required to be in-house for at least some of your workweek when you perform the most sensitive tasks. In the event of a breach, you will likely be required to be onsite and often for more than the typical eight-hour day.

Can I get into cyber security without a degree?

Yes. If you want to get into cyber security but don't want to earn a degree, you can enroll in bootcamps and industry certification programs. This track can prepare you for entry- and mid-level roles but if you have your eye on management, you'll likely need at least a bachelor's and more often, a master's in IT or information security, to be considered. If you have a bachelor's in another area or a related area, professional certifications online could help you get into the field.

Can cyber security analysts hack?

While there's nothing to say they can't, a cyber security analyst's job is to act defensively and protect the system and network by taking all possible protective measures. If you want to hack, an ethical hacker or penetration tester role might be a better choice as a career as they act offensively to test and purposefully find flaws and weaknesses in systems so they can be patched and fixed prior to release.

Does being a cyber security analyst require coding?

Cyber security analyst roles are not usually required to code, however knowing how to code is extremely helpful as you progress in your career. Common cyber security languages include Java, JavaScript, Python, SQL and PHP among others, so if you're designing protocols to secure your company's network you should have at least a working knowledge of code and languages even if you aren't a practicing coder.

What's the difference between a cyber security analyst and cyber security engineer?

While cyber security analysts and cyber security engineers both offer solutions to security issues posed by cyber criminals, cyber security engineers are responsible for implementing the changes that a cyber security analyst recommends to protect a network. Engineers are the hands-on professionals responsible for creating the system an organization uses to protect its sensitive data.

And what about cyber security analysts vs. cyber crime investigators?

A cyber security analyst protects his agency or company from cyber criminals, while a cyber crime investigator is called in after a cyber crime is committed.

The investigator's job is to scrutinize logs and other data to determine where databases have been compromised. They may be specifically trained to recognize the means and methods of criminals. When not investigating a case, they might spend time researching new trends in cyber criminal behavior or they may attempt to hack into crime rings to gather intelligence on their activities.

An investigator will likely be called to create detailed reports and then be required to testify in court. A cyber crime investigator will need to be knowledgeable of the laws and protocols pertaining to evidence gathering, handling and assessment. They may also be called to train and consult with police or federal agencies to get them up to speed on trends in cyber crime.

Getting started

If you're committed to fighting cyber crime and to earning the education needed to enter a field that offers promising job growth as well as the opportunity to grow and advance into managerial roles, why not start taking the first steps now? Just as cyber crime is becoming more sophisticated, so are the challenges you'll face as a cyber security analyst in keeping a step ahead and outsmarting cyber criminals.

The good news? You can start learning in a bootcamp or other non-degree program and get a feel for what cyber security analysts do. All you have to do to begin is click the Find Schools button.

Updated: March 21, 2023

Explore Cyber Security Careers