Credit: Laurence Dutton / E+ / Getty Images
Of the 1.65 million cybersecurity jobs in the U.S, nearly 600,000 remain unfilled.
Information security analysts help organizations anticipate, avoid, and recover from cybersecurity attacks. These tech professionals work in a growing and rewarding field.
Of the 1.65 million cybersecurity jobs in the U.S, nearly 600,000 remain unfilled. According to the U.S. Bureau of Labor Statistics (BLS), these professionals earn a median annual salary of $103,590. Information security analysts play a critical role on a cybersecurity team.
Becoming a security analyst typically requires a bachelor's degree in cybersecurity or a related field. Aspiring information security professionals with degrees in other fields may pursue bootcamps or other alternative paths. Most security analysts hold one or more certifications in the industry alongside their degrees.
This page takes an in-depth look at how to become a security analyst.
What Is a Security Analyst?
Information security analysts plan, execute, and manage security solutions. Their mission is to anticipate and avoid cybersecurity attacks.
Security analysts use information from penetration testers to improve company security policies. They also review data from previous breaches to strengthen their organization's security tools and networks. Analysts must research current cybersecurity trends, develop security standards, review current tools and procedures, and recommend security enhancements.
Security analysts work in information technology departments. They may interact with penetration testers, project managers, computer network administrators, and other technology and management specialists.
These professionals can work for companies, banks, hospitals, nonprofit organizations, or government agencies. They often report to information security managers or chief information security officers.
Education Requirements for Security Analysts
Security analysts typically need a bachelor's degree to get started in the field. Some employers also expect these professionals to complete security certifications or a master's degree in cybersecurity.
Prospective information security analysts may already hold a bachelor's degree in another field. These learners might consider a cybersecurity bootcamp to supplement their existing degrees. Shorter programs that provide skills-focused training, bootcamps do not involve the same academic requirements as a college or university.
Whether they choose a bootcamp or a degree, most security professionals need to earn certification. Some degrees include certification as part of their curriculum. Many bootcamps train students to pass certification exams. Industry-related associations also confer certifications, often requiring students to pass rigorous exams.
Earning advanced degrees can help information security analysts become security engineers, networking directors, or chief information security officers. Students who aspire to do research, teach, or influence information security policy need a master's degree or doctorate.
A master's in cybersecurity usually focuses on advanced technology and the larger cybersecurity environment. A doctorate requires original research. This degree trains students to expand the frontiers of knowledge in the discipline.
Cybersecurity professionals with a certificate or associate may want to look into a four-year program or bootcamp if they plan to advance professionally.
Explore Your Degree Options
- Associate in Cybersecurity Programs
- Bachelor’s in Cybersecurity Programs
- Best Online Bachelor’s in Cybersecurity Programs
- Master's in Cybersecurity Programs
- Best Online Master’s in Cybersecurity Programs
- Online Doctorates in Cybersecurity
- Certificate Programs in Cybersecurity
- Cybersecurity Bootcamps
Top Online Programs
Explore programs of your interests with the high-quality standards and flexibility you need to take your career to the next level.
Required Job Experience for Security Analysts
Information security analysts often need experience in a related field. Experience helps determine salary as well. According to Payscale data from February 2022, information security analysts with 20-plus years of experience earn 45% more than the average annual salary for all security analysts.
Industry certifications, often required for security roles, may also call for previous experience. For example, the certified information systems security professional (CISSP) requires a cumulative five years of paid work experience in the field. For this credential, a four-year degree only counts as one year of work experience.
In many cases, education cannot replace job experience. Some academic programs include internships or other real-world opportunities. Though limited, these experiences can offer hands-on learning and new network connections for entry-level workers.
Internship Opportunities
Universities may require cybersecurity students to complete an internship. An internship is a temporary, supervised position that teaches practical skills in a real-world setting. Specifics vary, but a three-credit internship could entail 120 work hours. Students may conclude with a written journal or evaluation of the experience.
Supervisors usually evaluate student interns, which may help determine their grades. Learners often need department approval before starting an internship.
Students can undertake paid or unpaid internships in workplaces such as:
IBM Lockheed Martin Facebook Palo Alto Networks Department of Homeland Security Cybersecurity and Infrastructure Security Agency National Security Agency Central Intelligence Agency Federal Bureau of Investigation
Certification Requirements for Security Analysts
In Fortinet's 2020 survey, 82% of organizations said they preferred cybersecurity job candidates with at least one certification.
At some point in their careers, cybersecurity professionals may need to pursue certification. These credentials can help professionals earn higher salaries or pursue career advancement opportunities.
In Fortinet's 2020 survey, 82% of organizations said they preferred cybersecurity job candidates with at least one certification. Over half of organizations said cybersecurity certifications validate a candidate's awareness and knowledge. Of professionals who held certification, 94% claimed it improved their skills and knowledge.
Unlike cybersecurity certificate programs offered through colleges or universities, certifications come from reputable third-party companies and associations. Certifications usually require an exam and may also call for significant professional experience. Popular industry certifications include:
- Certified information systems security professional (CISSP), a fundamental industry certification
- Certified information systems auditor, which serves assessors in particular
- Security+, which covers core functionalities
- Certified ethical hacker, especially for penetration testers
Bootcamps and degrees may prepare students to earn industry certifications. Some academic programs even incorporate industry certifications into their curricula. Most certification-holders must maintain their credential through continuing education credits and annual fees.
How to Get Started on a Security Analyst Career Path
A security analyst career path usually contains four steps: research, education, experience, and certification. The specific journey differs from person to person, however.
For instance, a high school graduate may complete the education step with a bachelor's degree in cybersecurity or a related field. By contrast, a student who already holds a bachelor's degree may choose a bootcamp instead.
It may take 4-6 years for a security worker to complete their education and certification requirements before entering the field. Job-seekers who already have education and experience might need just a few months of bootcamp.
Certifications may be part of the educational experience, or students may pursue these credentials independently. Consider each step of the security analyst career path in more detail:
Steps to Becoming a Security Analyst
-
1
Research
Prospective cybersecurity professionals should thoroughly research any training program before enrolling. Books, blogs, podcasts, online courses, and community colleges can all help students master the basics.
With this knowledge, students may maximize their educational experience. Research can also assist students who are mapping their certification options.
-
2
Education
Security analyst education requirements typically include a bachelor's degree. Students may major in computer science, cybersecurity, engineering, or math.
Some employers accept a bootcamp experience instead of a four-year degree in cybersecurity. Many bootcamp enrollees already hold a bachelor's degree in another subject.
-
3
Experience
On-the-job experience can help students practice their skills in real-world settings.
Experience may come through an internship, an entry-level job, or freelance work. Jobs in business and technology-related fields may give candidates a leg up in information security.
-
4
Certification
Certification is a typical job requirement for security analysts. Credentials, such as CISSP, help job-seekers apply general knowledge to specific areas of cybersecurity. Employers may rely on certifications to determine an applicant's readiness for cybersecurity work.
-
5
Advanced Education
More education marks the last step on the security analyst career path.
Earning a master of business administration, a master of science in cybersecurity, or another graduate degree can position professionals for leadership roles. These programs often expose students to the wider technological, legal, ethical, and moral landscape of cybersecurity.
Is a Security Analyst Job Right for Me?
Security professionals can expect above-average salaries and faster-than-average job growth rates, according to the BLS. Still, the road to this career is not easy, requiring students to learn relevant computer languages, tools, techniques, policies, and laws.
Problem-solvers and quick learners with analytical minds may develop a passion for information security. Let us take a look at the pros and cons of this career path:
Pros
-
Income
Information security specialists can earn more than $100,000 a year in median annual salary.
-
Job Opportunities
This field is growing much faster than the average career.
-
Self-Employment Options
Security specialists can become independent consultants.
-
Lifelong Learning
Cybersecurity professionals never stop learning.
Cons
-
Demanding Hours
Cybersecurity professionals may have to deal with after-hours emergencies.
-
Repetitive Tasks
Checking files and documentation might become monotonous.
-
High-Pressure Jobs
Corporate reputations and large amounts of money often depend on cybersecurity.
-
Lack of Resources
The field changes rapidly. Companies may not offer everything needed to stay abreast of new threats.
Source: BLS
The Job Hunt
With 600,000 cybersecurity jobs going unfilled, finding the right role can take time and effort.
Aspiring security analysts must know how to craft a resume, identify job leads, and conduct interviews.
Cybersecurity professionals can turn to a variety of resources to prepare for the application process. These resources include job fairs, mentor recommendations, professional organizations, and networking opportunities through annual conferences. The Black Hat and RSA conferences are two of the largest cybersecurity events in the country.
Job boards can also provide information, insight, and opportunities for cybersecurity career candidates. The list below introduces five of the most popular cybersecurity job boards.
Home of 175 million resumes, Indeed is one of the largest job search sites on the web. Job-seekers can run searches, read articles, learn about companies, and discover salary information.
Job-seekers can search for open positions or sign up for job announcement emails. The site also offers information on salaries and careers in the field.
A marketplace for career technologists, Dice offers a job board, career development resources, and resources for job-seekers. Users can search through job ads and post their resumes on the site.
The Center for Internet Security maintains this job board, which allows candidates to search by keyword. The platform also allows job-seekers to apply directly to positions of interest.
Sponsored by the Information Systems Security Association, this board lets job-seekers search by title and location. Users can filter results by industry and job function as well.
Resources for Future Security Analysts
What Is a Security Analyst?
Learn what a security analyst does, how much they earn, and how to become one. This page covers the major employers, industries, and degrees relevant to security analysts.
Salary and Career Outlook for Security Analysts
Discover how much security analysts can earn and how education and experience affect their salary. Also, learn where the best-paying jobs are located.
Certifications for Security Analysts
Learn more about the cybersecurity certifications required for many security analyst positions. This page offers information about which certification to pursue and how to prepare.
Day in the Life of a Security Analyst
Find out what a security analyst does, including their major duties, where they work, and how to get started in the field.
Frequently Asked Questions About Security Analysts
What degree do I need to become a security analyst?
Most jobs require a bachelor's degree and cybersecurity certification. However, security analyst education requirements vary from company to company. Majoring in cybersecurity or computer science can help prepare future security analysts.
Can I learn how to be a security analyst without a degree?
Some employers may accept a bootcamp or certification instead of a college degree. However, the BLS reports 42.8% of information security analysts hold a bachelor's degree and 25.7% hold a graduate degree.
How long does it take to become an information security analyst?
For most information security analysts, the career path takes 4-6 years. These professionals typically complete a four-year degree and build skills in cloud security, threat hunting, and threat intelligence. They may need several certifications, including CompTIA Security+.
Is the field of cybersecurity hard to get into?
Not if you complete the required education and experience. Nearly 600,000 cybersecurity jobs remain unfilled in the United States. A bootcamp or postsecondary degree can help students learn security fundamentals. Senior-level positions may call for additional education and experience.
Recommended Reading
View hand-picked degree programs
Tell us what you’d like to specialize in, and discover which schools offer a degree program that can help you make an impact on the world.