How to Become an Information Security Analyst

An information security analyst working on a desktop computer in an office.

The news cycle regularly contains stories about hacks or breaches of organizations’ data systems. From proprietary emails in the archives of Hollywood’s biggest film studios to sensitive material found in the databases of our country’s national security system, information is constantly being targeted and harvested by malicious actors and used for nefarious purposes.

Cybercrime cost the world approximately $6 trillion in 2021 and is projected to cause more than $10 trillion worth of damages annually by 2025, according to Cybersecurity Ventures.

The professionals who respond to these threats and work to prevent future ones operate in the space of information security. As threats increase around the globe, the job of information security analysts will only become more vital in keeping information systems safe. Consequently, job opportunities for these professionals are expected to grow significantly over the next decade, leading many to explore how to become an information security analyst.

Information Security Analyst Job Description

An information security analyst oversees an organization’s data systems, with an eye toward maintaining the security of proprietary or sensitive information. Analysts can operate in both the public and private sectors, offering their expertise to governments and private companies alike. According to Digital Guardian, their job can be categorized into three parts:

  1. Analyzing data systems and reporting on how they can be improved
  2. “Boots-on-the-ground” response in the event of a breach or attack
  3. Working to improve information security by staying up to date on current trends and implementing new systems for breach prevention

Information security analysts may have additional responsibilities, such as preparing reports about general metrics and security risks and developing disaster recovery plans. These plans allow organizations to maintain IT operations in the event of an emergency.

The job description of an information security analyst may vary depending on the specific setting in which they work. Analysts working for a government agency, for example, may have slightly different day-to-day responsibilities than those who work for a corporation.

Who Hires Information Security Analysts?

Today’s world relies on data systems to provide essential services, keep assets safe and fully navigate an ever more connected world. In this landscape, the work of information security analysis is crucial and can be found in nearly every industry and government agency.

In the U.S. government, information security analysts play a key role. At the Department of Homeland Security in particular, analysts work to keep elections secure, protect the country from terrorist attacks, manage and prevent cyberattacks, and assist in disaster management.

In the private sector, analysts navigate the many facets of cybercrime perpetrated against businesses and individuals. Information security analysts protect consumers and corporations alike from hacks and breaches of an assortment of sensitive data, including medical records, financial transactions and proprietary information found in emails and storage systems.

As virtually all businesses and government agencies have an increasing need for some type of information security, there are currently more positions open than there are qualified individuals to fill them. A recent joint study by the Information Systems Security Association (ISSA) and the independent industry analyst Enterprise Strategy Group (ESG) determined that a shortage of qualified cybersecurity workers is negatively impacting 70 percent of organizations.

How Do I Qualify to Become an Information Security Analyst?

Most employers will require candidates to have an undergraduate degree in computer and information technology or a related field. Areas of specialization include network management, information security and data science, to name a few. These degrees can give candidates the technical foundation necessary to be successful in a constantly shifting field.

In addition to an undergraduate degree, pursuing an advanced education offers many benefits. The additional experience and knowledge earned by completing a master’s degree in a related field can open the door to different career options. It also allows candidates to complete highly specialized training in a particular area of interest, such as disaster relief, homeland security or international relations.

A solid educational foundation can help individuals develop a diverse skill set that is often necessary to become an information security analyst. These skills include:

  • Analytical skills: Analyzing computer systems and networks to identify risks and determine improvements is an inherent part of an information security analyst’s job.
  • Communication skills: It’s crucial for analysts to share information about potential security risks with technical and nontechnical audiences.
  • Eye for detail: Cybersecurity threats can be difficult to detect, so a detail-oriented mindset can help analysts pick up on changes in performance that may signal an attack.

Because the landscape changes so rapidly, ISSA classifies information security as a “cumulative knowledge” field — one in which an individual will need to continuously build on their technical skills to adjust for advancements in technology and hacking methods.

To remain competitive, an analyst or potential analyst may benefit from pursuing additional training and certifications, such as:

  • GIAC, or Global Information Assurance Certification, which includes certifications in management and leadership, reverse engineering, penetration testing, and more
  • CISA, or Certified Information Systems Auditor, which is an industry-recognized certification that assesses an individual’s ability to find vulnerabilities and institute IT controls in a business environment
  • CISSP, or Certified Information Systems Security Professional, which is the most advanced certification in the field, as it requires at least five years of previous experience in information security

Information Security Analyst Salary

The median annual salary for information security analysts was $102,600 in 2021, according to the U.S. Bureau of Labor Statistics (BLS). Among the highest-paying industries for analysts were finance and insurance ($104,790) and computer systems design and related services ($101,170).

Their high salary reflects the growing demand for these professionals. The BLS projects that hiring for information security analysts will grow 33 percent between 2020 and 2030 — much faster than the average rate of growth for all occupations. The increasing frequency of cyberattacks is the primary factor driving this growth, according to the BLS, along with the adoption of new technologies, like cloud services.

Acquire the Skills to Become an Information Security Analyst

Protecting data and helping bring malicious hackers to justice can be a rewarding and multifaceted career. With an ever-broadening need for qualified candidates with a background in computer science and good communication skills, this field offers tremendous opportunities for growth.

Virginia Commonwealth University’s online Master of Arts program in Homeland Security and Emergency Preparedness can prepare you for a dynamic career in cybersecurity, allowing you to focus on different aspects of information security, including terrorism, public health, risk assessment and disaster response, among others.

Find out how VCU can help you embark on a bright future in information security.