Information Security Analysts: Who They Are & What They Do

As our world faces an increasing number of cyberthreats, the need for expert information security analysts continues to rise. Take a look at recent headlines and it is clear just how critical information security analysts are to companies across industries. For example, the latest Yahoo! breach cost the company $117.5 million in a class-action settlement. Furthermore, cybercrime and the associated losses are not going away any time soon. Cybersecurity Ventures predicts that cybercrime will cost the world $6 trillion annually by 2021.

Becoming an information security analyst equips you with job security and many job opportunities, but this career path offers even more. As an expert in the cybersecurity field, you will conduct meaningful work to protect companies and individuals—many of whom remain unaware that they are at high risk for data breaches and identity theft. Keep reading to learn more about the role of the information security analyst, including their key responsibilities, career outlook, and the skills and education required to advance in the field.

What is an information security analyst?

Information security analysts defend their organizations’ data by planning and implementing measures to prevent and mitigate cyberattacks. Due to the nature of their work, these professionals play a crucial role in the public, private, and non-profit sectors because they protect a company’s sensitive and fundamental information. 

According to Cisco, a cyberattack is any malicious or deliberate attempt to breach the information system of an organization or individual. These attacks can take place in many different forms including malware, phishing scams, and more—and the effects can be catastrophic. It is the job of information security analysts to prevent such attacks from occurring and to minimize the damage if an attack takes place.

“This is a cyber-defense role,” explains Jose Sierra, associate director of Northeastern’s cybersecurity graduate program. “I would recommend it for those interested in designing security countermeasures to withstand cyberthreats.”

Download Our Free Guide to Advancing Your Cybersecurity Career

Learn how to meet the growing demand for skilled cybersecurity professionals.

DOWNLOAD NOW

What does an information security analyst do?

All information security analysts share the same goal—to protect against and prevent cyberthreats. The exact scope of work varies on the type and size of a company, however. For example, an online company like LinkedIn needs protection against data leaks, whereas working in cybersecurity for the government might mean creating and upholding a secure network that cannot be accessed by outside parties. 

Some of the key responsibilities of an information security analyst include monitoring networks for security issues, mitigating the damage caused by cyberattacks, and creating and training employees on security procedures.

Monitor Networks for Security Issues

Prevention against cyberthreats constitutes the majority of an information security analyst’s responsibilities. It is easier and less expensive for a company to protect against a threat versus trying to recover from a breach. In order to prevent threats, analysts do the following:

• Install and use software, such as firewalls and data encryption programs, to protect sensitive information
• Continually update software and install patches for programs
• Back up all data 
• Stay up-to-date on security standards and trends
• Conduct penetration testing to uncover network weaknesses
• Fix any detected vulnerabilities 

Recover from Cyberattacks

Ideally, the prevention responsibilities of a security analyst’s job will keep them from having to minimize the damage of a cyberattack. However, in the event there is an issue, the analyst is expected to do the following:

• Minimize the damage done by an attack
• Restore data and user functionality
• Place new security measures to avoid another attack

A cyberattack can be detrimental to the health of a company. Even if sensitive information is not compromised during a hack, extended system downtime or erratic availability can lose a company a great deal of productivity, money, and future business. In fact, data breaches cost a staggering $3.92 million on average.

Train Employees on Security Procedures 

Finally, information security analysts create procedures and rules for a company in order to maintain the level of security designated by leadership. Examples of these rules might include:

• Requiring complicated passwords
• Mandating company-wide password updates every few months
• Forbidding outside programs and/or hardware
• Authorizing personal laptops and employing two-factor authentication

When all employees are abiding by the same security protocols, it makes it easier for the company to protect themselves from threats. These company-wide rules also help analysts identify where potential threats are coming from inside the workplace.

Information Security Analyst Career Outlook and Salary

The ever-increasing threat of cybercrime has had a direct impact on the demand for skilled cybersecurity professionals, and the career outlook for information security analysts is promising. The Bureau of Labor Statistics (BLS) predicts that demand for these roles will increase 31 percent from 2019 to 2029, which is much faster than other careers across industries.

There are also many career opportunities for analysts in almost every field, as most (if not all) organizations need cyber protection in this time of ever-increasing tech and online business. Here are a few examples of potential employment paths for information security analysts:

• Industry: Tech giants, including Google, Facebook, and LinkedIn depend on information security analysts to protect their sensitive data and prevent hacking. The financial industry is also a large sector that needs information security analysts to protect an individual’s financial data from the dark web. 
• Government: Cybersecurity analysts are needed at all government levels, from a city to a worldwide scale. Government-controlled companies like NASA, Northrop, and Lockheed employ information security analysts to uphold security protocols and keep sensitive material confidential. 
• Nonprofit: Even charities and nonprofit companies need expert information security employees to protect them from outside threats. Many nonprofits collect delicate information, and a security breach would leave them liable. 

In addition to enjoying flexibility in where they can work, information security analysts also earn an attractive salary. The average annual wage for information security analysts was $103,590 as of this blog’s last update, with the highest 10 percent earning more than $158,860. 

Information Security Analyst Skills and Education

“Due to the great spectrum of security threats, it is very important to have a very solid understanding of the information systems security aspects,” says Sierra. “There is a huge variety of threats and this is amplified by a highly interconnected system, so these professionals need to understand the whole picture in order to identify the cyber risk that may affect them.” 

Along with having a concrete understanding of information systems, security analysts should also have these top skills:

• Analytical skills to identify current or potential security problems
• Communication skills to inform a company of issues and delegate security protocols
• Cryptography skills to protect the company even with many employees accessing the network
• Risk management skills to develop and uphold information security policies 
• Creativity to always be one step ahead of a hacker
• Detail-oriented in order to track down potential threats
• Incident response capabilities and the ability to fix reported problems in a timely manner
• Strong diagnostic skills to identify the source of a problem
• Ethical hacking skills to discover the company’s network weaknesses before a hacker

Many of these skills, such as being an analytical person or possessing strong communication skills come naturally to some. However, many of the skills needed for a successful career in cybersecurity require advanced learning and practice that can be gained by pursuing an advanced degree. In fact, most employers require candidates to hold a bachelor’s degree in a computer-related field, such as cybersecurity, according to the BLS.

Sierra concludes that “what makes a very good security analyst is their ability to design effective and efficient protections” in the environment they are placed in, whether that be in a small business or large, government program.

Becoming an Information Security Analyst

You can advance your career by having cybersecurity expertise rather than a broader understanding of information technology. A great way to demonstrate your expertise in the field is with a Master of Science in Cybersecurity. An advanced degree in cybersecurity teaches the core knowledge that information security analysts need to know to protect the company they work for. Students learn the different cyberthreats present in the workplace, as well as how to safeguard against them. Students will also learn about ethical hacking as a way to pinpoint any weaknesses within their company’s network in order to strengthen them against outside attacks.

Some programs offer flexible options, allowing IT professionals to further their experience and knowledge while balancing work and personal commitments. For example, Northeastern’s MS in Cybersecurity program allows students to enroll full-time or part-time and offers the option to study online, on-campus, or in a hybrid format to suit their needs and preferences. 

If the role of an information security analyst sounds like the right path for you, download our free guide to breaking into or advancing your career in cybersecurity.