In the digital age, many jobs have become less sought after while others have increased in demand. The information security analyst is a role that is growing fast and showing no signs of slowing down. Whereas a cyber security analyst protect purely online data, an information security analyst will deal with physical systems as well. That means data stored in a filing cabinet falls within the remit of the information security analyst.
The terms are often used interchangeably, but many roles straddle the line between the two. Either way, you normally work predominantly with online information: protecting networks, servers, and computer systems. After all, this is where most data are stored now.
This is one of the best skills to add to your repertoire right now for future-proofing your employability, increasing your salary, and remaining a relevant member of the workforce. Here’s what you need to know, and how you can get started from the comfort of your home.
Why an information security analyst is a crucial role
It shouldn’t be surprising that information security analysts are in demand. Nearly every company these days stores huge amounts of varied data. A business might store the contact information of its customers and clients, and perhaps a history of their interactions with the business. It probably also keeps private files pertaining to intellectual property, finances, and future plans. On top of all that, it may have collected reams of market research or big data reflecting the behaviors and patterns of its target audience.
The product or service itself might revolve around data, meaning the company would have nothing to sell should it fall victim to a security breach.
All this information is valuable and can be sold to the right person, so there is motive for malicious activity. We’ve all heard about high profile hacks and data breaches, and we’ve all encountered online services “go down” for one reason or another. Thus, employers are now starting to understand the risks, and to recognize cyber security as an absolutely essential form of protection.
We’ve all heard about high profile hacks and data breaches
Given the demand for this highly skilled work, the U.S. national average salary for an information security analyst is $98,710 per year, with the highest paid workers earning $151,500 (according to ZipRecruiter). Hundreds of thousands of roles go unfilled in the U.S. every year, so there is huge opportunity here for a proactive and systems-minded individual.
What does an information security analyst do?
If you’ve ever played a computer game about hacking, or seen it in a cartoon, you may think it involves controlling an avatar and firing lasers while flying through tunnels.
The reality is a lot less visually exciting, though you have to think creatively and get inside the mind of a hacker. That means understanding potential alternate uses for software and tools that might pose a security risk. Hacking a system means considering all of the inputs and how they can be leveraged to make that system behave in manners it was never designed to.
It can also involve an understanding of psychology, as “social engineering” strategies can manipulate the human “wetware” with access to the systems. Think phishing scams and other methods of gaining access that involve tricking someone.
Day-to-day of security analysis
A security analyst might sometimes need to respond to an active threat or to conduct a post-mortem in the wake of one. This will involve putting together a report describing what happened, as well as the extent of the damage and what steps can be taken to avoid repeated attacks.
Analysts will work in a proactive manner to prevent attacks from occurring
More often, analysts will work in a proactive manner to prevent attacks from occurring in the first place. This means running tests (called penetration tests) to ensure the security currently in place can withstand assaults. It might also mean conducting simulations. In “red team, blue team” simulations, one team attempts to break into the system and another attempts to defend it. This can help to illuminate issues and flaws.
Analysts might also be required to handle basic maintenance tasks (such as ensuring firewalls and anti-malware systems are up to date), and training members of staff. They may also be called upon to install new systems and consult with IT purchasers.
Depending on the nature of the role, you might be called upon to handle all of these roles or just a few. Your role might be defined as “penetration tester” for instance, or it might be “incident responder.”
Getting started – qualifications and more for cyber security analysts
The first question you’ll probably want answered, is which qualifications and certifications you’ll need to find work as an information security analyst. Do you need a degree? Do certifications help? What skills will help you to land jobs?
A college degree will be extremely useful and help you to stand out against the competition. Many employers require a degree before they will even consider interviewing you! It is often recommended that you secure at least a bachelor’s degree in a related subject, and ideally a master’s degree before pursuing this as a career.
That said, this isn’t a requirement every organization has, and many analysts will tell you they were able to secure work without any formal qualifications. In this case, it is certainly worth taking time out to train yourself and gain certifications.
Most useful cyber security certifications and courses
There are a number of industry-recognized certifications you can get in your spare time to bring yourself up to speed.
Here are some examples:
- Pentest+: Comptia Penetration Testing
- CYSA+: Cyber Security Analyst
- Security+: Comptia Security Analyst
- GIAC: Global Information Assurance Certification
- CEH: Certified Ethical Hacker
- CISSP: Certified Information Systems Security Professional
To help learn these topics, you can use sites like Udemy, which provides a huge repertoire of courses pertaining to information security. Information Security Management Fundamentals for Non-Techies is a popular course available for a low fee that can get you started.
Which of these courses you should pursue will depend partly on the type of work you are looking for: the salary you require, the jobs that appeal to you, and the amount of responsibility you wish to take on. If you want to work with penetration testing, then the Pentest+ will be relevant, for example.
Of course, the more you learn, the more qualifications you can tout, and the more employable you will become. If you have a real passion for this topic, there’s nothing to stop you studying in your spare time.
Choosing the type of work you want to do
A good strategy would be to browse through job listings online, read their descriptions, and make a note of the kinds of qualifications and experience the ones you’re interested in require.
Here are some job titles you might come across:
- Information security specialist
- Cybersecurity specialist
- Incident analyst
- IT auditor
- IT specialist information security
- Pen Tester
Should you learn to program?
That said, which languages are important to know is highly job-specific. If a company is putting out an Android app, it might be useful to know Java, and Kotlin, and have familiarity with Android Studio and the Android SDK.
More experience and skills for security analysts
Other useful skills include an understanding of Linux, and familiarity with servers and networks. Gaining expertise in these areas can certainly help therefore. This is a great course to get started.
Experience will often trump actual skills too, so anything you can do to add to your CV will be time well-spent. Look for internships, or ask your current employer if you can spend some time with the IT department.
Even intern positions will pay an average salary of $57,983
In some rare cases, you might be able to start a career as a cyber security analyst without any background or training. This can happen if you find yourself in a general “IT role” for a smaller organization that grows to incorporate more aspects of security. This isn’t a particularly advisable career path for someone looking to start earning money online however. However, according to glassdoor.com, even intern positions will pay an average salary of $57,983.
Finding work in information security
We consider information security analyst to be an example of a future job, seeing as it is a line of work that will grow in demand along with our reliance on information technology. Likewise, this career suits itself well to working online with flexible hours, in a location-independent manner.
However, there are some limitations depending on the kind of work you wish to carry out. Many employers will require you to work 9-5, while you might be expected to work overtime during a cyberattack. You might be able to negotiate better terms for yourself once you’ve found an opportunity that caters to your skillset and that you like the sounds of, too.
You can find full-time job listings for work-from-home cyber security opportunities anywhere that you might normally look for work, whether that means looking at LinkedIn or job listings sites.
When selling any service online though, there is always the option to turn the idea on its head and to design the service or product that you wish to sell. For example, you can advertise your services as a pen tester, as an auditor, or as a consultant and wait for the jobs to come to you. This has the added bonus of meaning you don’t need specific skills and qualifications; you can choose those yourself instead and actually use this as a way to build your portfolio and expertise.
There are countless ways to find work online as an information security analyst or cyber security analyst. If you think in a logical and creative manner, enjoy solving problems, and have an interest in technology, this could be a great choice.
Whatever else happens, learning the basics of information security will make you more valuable to employers and far better prepared for the future of work.