Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems.
What they do
Information security analysts typically do the following:
- Monitor their organization’s networks for security breaches and investigate a violation when one occurs
- Install and use software, such as firewalls and data encryption programs, to protect sensitive information
- Prepare reports that document security breaches and the extent of the damage caused by the breaches
- Conduct penetration testing, which is when analysts simulate attacks to look for vulnerabilities in their systems before they can be exploited
- Research the latest information technology (IT) security trends
- Develop security standards and best practices for their organization
- Recommend security enhancements to management or senior IT staff
- Help computer users when they need to install or learn about new security products and procedures
IT security analysts are heavily involved with creating their organization’s disaster recovery plan, a procedure that IT employees follow in case of emergency. These plans allow for the continued operation of an organization’s IT department. The recovery plan includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.
Information security analysts must stay up to date on IT security and on the latest methods attackers are using to infiltrate computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization.
Many information security analysts work with other members of an information technology department, such as network administrators or computer systems analysts.
Most information security analysts work full time. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency. Some work more than 40 hours per week.
How to become an Information Security Analyst
Most information security analyst positions require a bachelor’s degree in a computer-related field. Employers usually prefer analysts to have experience in a related occupation.
Information security analysts usually need at least a bachelor’s degree in computer science, information assurance, programming, or a related field.
Some employers prefer applicants who have a Master of Business Administration (MBA) in information systems. Programs offering the MBA in information systems generally require 2 years of study beyond the undergraduate level and include both business and computer-related courses.
Information security analysts generally need to have previous experience in a related occupation. Many analysts have experience in an information technology department, often as a network or computer systems administrator. Some employers look for people who have already worked in fields related to the one in which they are hiring. For example, if the job opening is in database security, they may look for a database administrator. If they are hiring in systems security, a computer systems analyst may be an ideal candidate.
There are a number of information security certifications available, and many employers prefer candidates to have certification, which validates the knowledge and best practices required from information security analysts. Some are general information security certificates, such as the Certified Information Systems Security Professional (CISSP), while others have a narrower focus, such as penetration testing or systems auditing.
The median annual wage for information security analysts was $99,730 in May 2019. The median wage is the wage at which half the workers in an occupation earned more than that amount and half earned less. The lowest 10 percent earned less than $57,810, and the highest 10 percent earned more than $158,860.
Employment of information security analysts is projected to grow 31 percent from 2019 to 2029, much faster than the average for all occupations.
Demand for information security analysts is expected to be very high. Cyberattacks have grown in frequency, and analysts will be needed to come up with innovative solutions to prevent hackers from stealing critical information or creating problems for computer networks.
Banks and financial institutions, as well as other types of corporations, will need to increase their information security capabilities in the face of growing cybersecurity threats. In addition, as the healthcare industry expands its use of electronic medical records, ensuring patients’ privacy and protecting personal data are becoming more important. More information security analysts are likely to be needed to create the safeguards that will satisfy patients’ concerns.
Employment of information security analysts is projected to grow 56 percent in computer systems design and related services from 2019 to 2029. The increasing adoption of cloud services by small and medium-sized businesses and a rise in cybersecurity threats will create demand for managed security services providers in this industry.
Similar Job Titles
Data Security Administrator, Information Security Officer, Information Security Specialist, Information Systems Security Analyst, Information Systems Security Officer (ISSO), Information Technology Security Analyst (IT Security Analyst), Information Technology Specialist, Network Security Analyst, Security Analyst, Systems Analyst
Logistics Analyst, Computer Systems Analyst, Software Developer-Systems Software, Computer Network Architect, Computer Systems Engineer/Architect
The trade associations listed below represent organizations made up of people (members) who work and promote advancement in the field. Members are very interested in telling others about their work and about careers in those areas. As well, trade associations provide opportunities for organizational networking and learning more about the field’s trends and directions.
- CompTIA Association of IT Professionals
- Cyber Degrees EDU
- High Technology Crime Investigation Association
- Information Systems Security Association
- National Initiative for Cybersecurity Education
Magazines and Publications
As persistently as computer hackers work to infiltrate secure networks, information security analysts work that much harder to keep prying eyes out. Information security analysts design and implement security measures to protect an organization’s computer networks and systems. Their creativity and innovation continually expand as the number and complexity of cyberattacks increases. In this field, it’s essential to keep up with new technology and preventive methods. Information security analysts install and operate firewalls, data encryption programs, and other software, monitor their organization for security breaches, and even simulate attacks to look for vulnerabilities in their system. Their work is the opposite of hacking— and security analysts need to know how to break a system’s defenses… just as well as they know how to build them. Information security analysts work for computer companies, consulting firms, or business and financial companies. Most work standard full-time hours but may need to be on call in case of an emergency. Information security analysts typically need at least a bachelor’s degree in computer science, programming, or a related field, though some employers prefer applicants with a Master’s of Business Administration in Information Systems. As the field of information security quickly evolves, new specialized education and training programs are emerging, but having an ingenious streak will continue to be a vital quality for these professionals.