As organizations continue to increase the amount of data that they store on the web, the risks increase for similar cyber-attacks trying to compromise sensitive information. To combat this, organizations have specific roles for information security analysts.
Information security analysts are responsible for overseeing security measures to protect the computer systems and networks of an organization. They are also typically tasked with creating a disaster recovery plan for their organization, in case of emergencies. As the number and complexity of cyberattacks increases, the scope of an information security analyst will expand as well.
Information security analysts typically need to have a bachelor’s degree in a related science field like,
- Computer science,
- Information assurance,
- Programming, or
Some employers prefer applicants with a graduate degree, so a master’s in cybersecurity, computer science, or even an MBA can make a candidate more attractive and command a higher salary.
There are also several professional certifications available to information security analysts. Most professionals in information security attain the Certified Information Systems Security Professional (CISSP) certification.
In 2016, information security analysts held 100,000 jobs. According to the Bureau of Labor Statistics (BLS), industries that employ the largest percentage of information security analysts:
- Computer Systems Design – 28%
- Finance and Insurance – 19%
- Management of Companies and Enterprises – 9%
- Information – 8%
- Administrative and Support Services – 6%
Information security analysts need to be proficient in a high number of highly technical skillsets. Technical skills required to be a successful information security analyst include:
- IDS/IPS, penetration and vulnerability testing
- DLP, anti-virus and anti-malware
- TCP/IP, computer networking, routing, and switching
- Firewall and intrusion detection/prevention
- Network protocols and packet analysis tools
- C, C++, C#, Java, or PHP programming languages
- Cloud computing
- SaaS models
- Security Information and Event Management (SIEM)
The responsibilities of an information security analyst can vary across different organizations and industries. Generally, accepted duties and responsibilities for an information security analyst involve:
- Monitoring the organization’s networks for security breaches and investigate violations when they occur
- Installing and updating software to protect sensitive information such as firewalls and encryption programs
- Preparing reports documenting breaches and the extent of the damage caused by the breaches
- Conducting tests that simulate an attack to look for any vulnerabilities in their systems
- Staying up to date with the latest news and developments in information security
- Creating security standards and best practices to keep the organization safe
- Consulting with management or senior IT staff to recommend security enhancements
- Providing technical support to users of your product or service
Career Outlook & Job Demand
The median annual wage for an information security analyst is $92,600. The BLS has further broken down the median annual wages for information security analysts by the top industries:
- Finance and Insurance – $94,050
- Computer Systems Design – $93,490
- Information – $92,940
- Administrative and Support Services – $92,890
- Management of Companies and Enterprises – $87,510
The demand for information security analysts is projected to experience an extremely high growth rate. Employment is projected to grow 28 percent from 2016 to 2026 for information security analysts. The industry that is projected to experience the highest growth of information security analyst employment is computer systems design. The number of information security analysts in that industry is projected to grow by 56 percent.
This high rate of growth can be attributed to the increased frequency of cyber-attacks. Most industries are increasing their online presence and need to keep pace with the increase in cyber-attacks. For example, the healthcare industry is rapidly expanding the use of electronic medical records. As more medical records are stored online, there will be more cyber criminals attempting to compromise that information.
- Jason Andress
- Richard E. Smith
- Jones & Bartlett Learning
- Edition no. 2 (03/08/2015)
- Information Security Principles and Practice
- Mark Stamp
Last update on 2018-07-22 / Affiliate links / Images from Amazon Product Advertising API