How To Become An Information Security Analyst

What is an Information Security Analyst?

Information Security Analysts are tasked with protecting computer systems and networks for companies. If you think about it, you can expect to find an armed security guard at your local bank protecting the large quantity of money stored in the building. But what about the multitude of information and enormous monetary exposure that exists for businesses on-line day in and day out?

Making sure computer systems are protected and functioning properly is a necessary measure that many businesses must take. That is where Information Security Analysts come in. Some duties may include creating firewalls, maintaining software updates, and/or testing a company’s security system by attempting to hack into it themselves.

The Importance of Information Security Analysts

Batman had The Joker. Superman had Lex Luthor. Every hero in history had a villain that was motivated by the forces of evil to bring harm upon society. For the Information Security Analyst, that villain is the Computer Hacker in many instances. From creating malware that can infiltrate computer systems and disrupt business to stealing customer information and funds, hackers can wreak havoc on day to day operations and client trust. Good must prevail!

Industry Outlook

According to the Bureau of Labor Statistics (BLS), Information Security Analyst is a well-compensated growing profession. The median pay in the year 2020 for an information security analyst was $103,590/year ($49.80 per hour). And the BLS suggests that 40,000+ new positions will be added to the market from 2019-2029, an increase of 31% (faster than average).

How to Become an Information Security Analyst?

According to the Bureau of Labor Statistics (BLS), the majority of Information Security Analysts have a bachelor’s degree in information technology, computer science, programming or a related field. Other bachelor’s degree avenues could potentially be mathematics or engineering. The typical timeframe for earning a bachelor’s degree is 4 years.

Additionally, there is the opportunity to further develop your education through a 2-year master’s in business administration program (MBA) with a focus on computer-related courses or a master’s degree program specifically dedicated to information security or cybersecurity. For instance, Boston College offers a flexible master’s in cybersecurity program consisting of ten courses that can be completed on a part-time or full-time basis as well as online or on campus.

It is also advisable to expedite your career advancement and enhance your analyst skills through one of the many professional information and cyber security analyst certifications that are available. Certifications serve many purposes, some of which could be to educate new professionals on current tools being utilized in the field or to enable established professionals to master a specific skill. Some companies will require certain certifications for hire.

Some certification available in the field are as follows:

• Certified Ethical Hacker (CEH)*

• GIAC Security Essentials*

• Certified Information Security Manager (CISM)

• Comp TIA Security+

• Certified Information Systems Security Professional (CISSP)

Experience is also valuable, and many companies look for individuals that have previously worked in an information technology department, perhaps as a computer systems administrator. A role like this could serve as a logical initial step to becoming a security analyst.

What do you like about being
an Information Security Analyst?

We have had the privilege of interviewing a number of professionals in this field. Here are some of the things they said about the job:

“It’s extremely challenging and rewarding. Being able to see your work have real-life impact and see businesses respond in a way where the work that you’ve done has really resonated with them and helped them transform their business or mature from a security perspective. And in many cases help them help their customers.”

- Corey, Identity & Security Consultant, Microsoft
Major: Security & Risk Analysis (Bachelor)
College: Penn State University

“It’s not mundane. There is always a new attack vector. There is always some new technology that we learn about. Mainly it’s about keeping the nation safe. And the nuances of the attack vectors that adversaries use, it gets more and more creative. So, it causes you to try and think ahead of them. Because they only have to be right once. We have to be right 100% of the time. So, it keeps it fun.”

- Curtis, Project Manager, CACI International
Major: Cybersecurity (Bachelor)
College: University of Maryland Global Campus (UMGC)

What advice do you have for an aspiring
Information Security Analyst?

Candid Career Insights:

“We recruit a lot of STEM engineers. So, we are looking for young people that come out of college that have the basic understanding of Science, Technology, Engineering and Math. Those are the basic skills. We are going to be looking to give you the experiences that build you up along the way.”

- Rusty, Director of Engineering, Northrop Grumman Corporation,
Major: Computer Science (BS), Political Science (BS), Computer Science (Masters)
College: Millersville University, Johns Hopkins University (Masters)

“A lot of organizations will require you to have some kind of certification as well. So, one of the things that I did while I was in school (for my master’s degree) was I went ahead also and looked at what some of those certifications were, and alongside with studying for my coursework I studied for certifications as well.”

- Angel, Senior Computer Information Security Analyst,
Software Engineering Institute at Carnegie Mellon University
Major: Cybersecurity Technology (Masters), MBA (Masters)
College: University of Maryland Global Campus (UMGC)

“As far as the type of degree that you should get, you definitely want to look into a bachelor’s degree in information systems, network security, something along those lines. And you want to make sure that your curriculum is going to be focused on learning computers, learning different aspects of technology.”

- Brian, Junior Network Engineer, World Wildlife Fund
Major: Information Science & Systems (Bachelor)
College: University of Maryland Global Campus (UMGC)

“I would argue that a potential candidate would want to get as much practice as they can writing. A lot of times you might write a piece that you think is great, but there could be a bunch of irrelevant details in there that should be cut. Writing is huge. Writing will get you very far.”

- Mokhtar, Cyber Threat Intelligence Operations Chief, Booz Allen Hamilton
Major: Computer Science (Bachelor)
College: Penn State University