/
Information Security Analyst

Information Security Analyst

Builder Icon
The Builder
Clipboard Icon
The Organizer
Puzzle Icon
The Problem Solver

Spotlights

Similar Titles

Information Security Officer, Computer Security Specialist, Data Security Administrator

Job Description

Information security analysts protect an organization’s computer systems and digital files by planning and enforcing security measures. This involves regular monitoring of networks and investigating a breach of security, should one occur.

Rewarding Aspects of Career
  • Being able to help people with complex problems they may not understand, but at the end of the day makes them more secure
  • Intellectually challenging tasks and different challenges everyday create an interesting work environment
  • Get to be on the front lines of new exploits/security problems, and developing solutions to fix them
The Inside Scoop
Job Description

Communication: checking email to review issues people have reported and determine if a client needs help, if there is a host compromised or if there is a security emergency which needs to be addressed

  • Examples of reported issues are if a system was compromised with regular malware, or a researcher left information on a laptop which is lost/stolen.
  • Information security analysts must also document detected breaches of security in reports submitted to management

Consulting: information security analysts also serve subject matter experts.

  • For example, if a computer user wants to start a service online but wants to be secure about it, or if they want to install and use an online security product, an information security analyst can guide them
  • Information security analysts also recommend security measures or software to management

Addressing technical challenges: performing system administration work

  • Setting up firewalls and data encryption programs to protect data and information
  • Detect security breaches and determine their root cause
  • Testing the current system for vulnerabilities by simulating attacks
  • Building new security tools for the information security office
  • Enhancing existing tools through configuration changes

Researching: staying up to date on new security tools and/or products  

  • Although information security analysts address these tasks throughout the day, they face different people and challenges on a day-to-day basis

Skills Needed

Soft Skills

  • Critical thinking and problem-solving
  • Analytical and detail-oriented
  • Speaking and active listening

Technical Skills

  • Security penetration and vulnerability testing
  • Knowledge of anti-virus and anti-malware programs
  • Computer electronics: networking, routing and switching, knowledge of circuit boards, processors
  • Firewall and intrusion detection/prevention protocols
  • Programming languages: C, C++, C#, Java or PHP
  • Cloud computing
  • Security Information and Event Management (SIEM)

Software Skills

  • Operating systems: e.g. Microsoft Windows, Bash, UNIX, and Linux
  • Web development: e.g. JavaScript, AJAX, Microsoft ASP.NET
  • Network monitoring and security: e.g. Nagios, Wireshark, Intrusion Prevention System, Websense Data Loss Prevention
Different Types of Organizations
  • Virtually any organization that uses computers will at some point need an Information Security Analyst to make sure their systems run securely
  • Information security is especially critical to hospitals and government offices
Expectations/Sacrifices Necessary
  • At the entry-level, information security analysts can expect to work long hours
  • Information security analysts may also be put on call, when they will be required to have their phone on them 24/7 so they can be first-responders in the event of a security breach (which may occur at odd hours)
Current Industry Trends
  • A variety of information security certificates make you a stronger candidate for a position as an information security analyst
  • Students are now starting to learn programming languages as early as possible, to give them an edge of the competition and also because there is just so much to lear
What kind of things did people in this career enjoy doing when they were younger…
  • Puzzles
  • Reading
  • Any activity which requires curiosity and a passion for tinkering!
2016 Employment
100,000
2026 Projected Employment
110,400
Education and Training Needed

Basic Requirements:

  • Bachelor’s degree in a field related to computers/information technology (e.g. programming, computer science, computer engineering, information technology, information assurance, etc.)
  • Many employers require 1-5 years of experience working in an information technology related field (e.g. as a network or computer systems administrator, a database administrator, a computer systems analyst, etc.)

Career Advancement:

  • Certifications: While not strictly required, information security certifications increase a candidates likelihood of employment and career advancement

→ Some recommended certifications:

Things to look for in an university
  • Some universities offer a specialized bachelor’s degree in Information Security or Cyber Security. This is a useful option if you are sure about going into the information security field.
  • Some universities’ information security degree syllabi only feature theoretical teachings. Programs which offer hands-on training in information security (such as penetration tasks,  learning security tools or learning attack techniques) prepare students to be stronger candidates in the job market.

Universities with acclaimed information technology programs (for further research):

  • Utica College
  • University of California- Berkeley
  • Syracuse University
  • Champlain College
  • Arizona State University
  • Harvard VPAL/Harvard X
Things to do during high school/college
  • Start reading about computers, information technology, programming concepts as early as possible
  • Watch YouTube videos and tutorials about Information Security concepts and skills
  • Participate in relevant internships if they are available, or co-ops as they become available (it is important to get as much hands-on/on the job experience as you can)
  • Take a college course early (while in high schools), or get a certification to show academic interest in a formal education in Information Security
  • If you get into programming or coding, build a portfolio demonstrating tools you can use
  • Create blog about Information Security news or tools (you may feature your portfolio on this blog)
  • At an advanced level, you may be able to start writing information security tools yourself. This should be posted on your blog to increase your marketability
Typical Roadmap
Information Security analyst roadmap
How to land your 1st job
  • Network through internships, or your college/university (e.g. Professors or the Career Center)
  • LinkedIn: Prospective employers view your profile, so make sure it is updated and effectively reflects your skills and accomplishments. Make sure you check your messages regularly too.
  • Online applications (type up your info, attach a PDF of your resumé, and send it off)
  • Old-school method: get in your car, drive up to the office with a copy of your resumé. Keep appearing at the office if that is what it takes. This is also the best way to see the work environment and what you’ll be doing, to determine if you really want to work at that location
What it really takes to make it and succeed
  • Having a passion and curiosity for continual learning
  • An affinity for solving puzzles and breaking down complex problems
  • Ability to work efficiently in a high-pressure environment and under tight deadlines
Recommended Resources
  • Hacking Exposed books (provide a broad understanding of concepts and skills hackers/Information Security experts can use)

Websites:

  • KrebsonSecurity.com
  • PacketStormSecurity.com
  • SecruityTube.net (videos) → good alternative to reading a thick book

Free mentorship program (resume support, career strategies, etc.):

  • https://www.aitp.org/programs/comptia-aitp-student-programs/

Plan B
  • An information security analyst will possess the experience and skills to transition into almost any Computer Science related field (e.g. computer networking, systems administration, information management)
  • Information security analysts may also transition into the privacy field, which is distinct from information security, but goes hand-in-hand with it (e.g. sometimes larger organizations employ a privacy officer)

Newsfeed

Jobs by
Source: Interviews, Bureau of Labor Statistics, Payscale

Online Courses and Tools