Home > Careers > What Is a Cybersecurity Analyst?

What Is a Cybersecurity Analyst?

What is a cybersecurity analyst?

With remote work continuing to increase, cybersecurity analysts have become more critical than ever for their vital role in protecting an organization’s network and data from security threats. 

Cybersecurity analysts are responsible for analyzing the security environment of a company’s computer network and identifying potential vulnerabilities. They also develop and implement security measures to protect networks from cybercriminals. 

If you’re wondering how to become a cybersecurity analyst, learn more about job responsibilities, average salaries, required skills, and more.

Find your career fit

Discover if this is the right career path for you with a free virtual work experience.

What Does a Cybersecurity Analyst Do?

Cybersecurity analysts specialize in the security of computer networks, hardware devices, and IT infrastructure. A wide range of industries relies on cybersecurity professionals, with an increasing number of businesses finding themselves vulnerable to cybersecurity threats. Some industries that employ cybersecurity analysts include the government, financial services, health care, and IT sectors — although any business with an online presence needs cybersecurity professionals.

“Cybersecurity analysts can work in a variety of roles, such as security engineers, security analysts, security architects, and security consultants,” says Nate Morris, who has been a cybersecurity analyst for the past five years and currently works for a large financial services firm. 

As a mid-level position on the cybersecurity career path, analysts are responsible for monitoring and responding to security incidents and conducting regular security assessments and audits. These are some of the most common job titles for this role:

  • Compliance analyst
  • Information security analyst
  • Information technology security analyst
  • Security analyst
  • Security operations analyst

Cybersecurity Job Description

So, what does an analyst do on a daily basis? A cybersecurity analyst’s job description includes protecting companies from cyberthreats like malware, trying to prevent cyberattacks, and responding to successful attacks from hackers and other cybercriminals. Without cybersecurity analysts, cybercriminals would have an easier time stealing or damaging an organization’s sensitive data. 

>>MORE: Explore a day in the life of a cybersecurity analyst with the JPMorgan Chase & Co. Cybersecurity Virtual Experience Program.

“The profession of a cybersecurity analyst includes a number of possible areas of responsibility and combines a whole class of professions,” explains Maxim Beloenko, vice president of global sales at the network security services company Qrator Labs. “Respectively, such employees can be engaged, for example, in the formation of a company’s information protection policy in accordance with current external threats and with the state of affairs within the company.” 

“The specific tasks of a cybersecurity analyst vary depending on the organization they work for,” Morris says. “Generally, their duties include monitoring networks for threats, deploying and configuring security solutions, and conducting risk assessments.”  

Typical tasks include:

  • Analyzing an organization’s current level of threats
  • Investigating phishing methods and malware delivery
  • Adapting the company’s protection mechanisms to evolving threats

Cybersecurity consultant Alessandro Mirani points out that since the root of a cybersecurity analyst’s job consists of securing an operational IT environment, this includes everything from physical perimeters to applications running on servers. “A cybersecurity analyst will deal more often with regulatory compliance, audit readiness, risk/vulnerability assessment, and penetration testing,” Mirani says.

>>MORE: Learn common cybersecurity tasks with the SAP Cybersecurity Virtual Internship Program.

Cybersecurity Analyst Salary

Payscale data indicates that cybersecurity analysts in the U.S. make average base salaries of around $79,000 per year, with experienced analysts earning over $105,000. The U.S. Bureau of Labor Statistics (BLS) lists the average annual salary for information security analysts at $113,270, with the top 10% earning more than $165,920.

According to Mirani, higher salary grades require additional experience in coding or regulatory compliance, or relevant professional certifications in cybersecurity or cloud security. 

A cybersecurity analyst’s salary also depends on the size and type of organization they work for. Certain large tech companies often pay cybersecurity analysts higher total pay than the average, according to Glassdoor. The highest-paying companies for this position are Google, with a total average pay of over $160,000 per year; Oracle, at over $140,000 per year; and Microsoft, at around $139,000 per year. 

Average advertised salaries in cybersecurity analyst job descriptions for the 12 months ending September 2022 were $107,500, as reported by CyberSeek, a project of the National Initiative for Cybersecurity Education (NICE).

Cybersecurity Analyst Skills

Both technical and general workplace skills are essential for cybersecurity analysts. “Skills can, and should, vary from technical ability, such as implementing secure IT infrastructures, to business ability, such as interacting with stakeholders and understanding business strategy,” Mirani says. “Ability to learn and adapt to emerging technologies is also a must.” 

Technical Skills

Cybersecurity analysts must have specific technical skills to perform well in this role. This means being familiar with the latest technologies and security solutions and thoroughly understanding networking, encryption, firewalls, and other security solutions. 

Knowledge of the current cyberthreat landscape and security vulnerabilities is another critical skill. “Cybersecurity analysts should have a deep knowledge of the latest threats, vulnerabilities, and trends in the industry,” Morris says. “They should be able to identify potential security weaknesses and be able to recommend solutions to mitigate them.” 

Other technical skills and areas of expertise include:

  • Controls and frameworks 
  • Scripting (a form of coding)
  • Intrusion detection software
  • Cloud and network security 
  • Software development and operations
  • Operating systems

“This is certainly an advanced level in technical terms — that is, a deep knowledge of the fundamentals of programming, including secure programming; a detailed understanding of the basics and latest trends in the cybersecurity industry; and the ability to analyze, interpret, and collect information and work with it,” Beloenko explains. “Additional knowledge and skills may be required depending on the industry in which the specialist works.”

Soft Skills

In addition to hard skills, cybersecurity analysts also should have several soft skills common to many industries and workplaces, such as:

  • Problem-solving and analytical skills: Cybersecurity analysts should be able to identify and analyze potential threats and risks and develop and implement solutions to mitigate those risks. 
  • Communication skills: They must be able to communicate technical information to non-technical stakeholders and explain complex security concepts in a way that’s easy to understand. 
  • Attention to detail: Cybersecurity analysts should be detail-oriented and able to notice security vulnerabilities. “They should be able to quickly identify potential security breaches and take the necessary steps to mitigate them,” Morris says. 

This role also often requires collaborating with a larger team, conducting risk management, and using critical thinking skills.

>>MORE: Learn the skills you need to become a cybersecurity analyst with AIG’s Shields Up Cybersecurity Virtual Experience Program.

How to Become a Cybersecurity Analyst

Fortunately, the job market for cybersecurity analysts is extremely promising. CyberSeek reports that there have been nearly 32,000 job openings in this field over the last 12 months, and the five-year projected growth rate for skills like threat hunting is 105%. In addition, the BLS projects a 35% employment growth rate for information security analysts through 2031.

You can become a cybersecurity analyst through a number of potential entry points. While you can enter the cybersecurity field without a degree or certification, some positions may require specific additional training. 

Cybersecurity Education

In particular, a bachelor’s degree in information technology can provide you with fundamentals that can open doors to this field — particularly if you choose a program specializing in cybersecurity and information assurance. CyberSeek research shows that 71% of online job listings for this title require a bachelor’s degree, and 17% require a graduate degree.

“Becoming a cybersecurity analyst requires a combination of education, experience, and certifications,” Morris says. “Those interested in the field should start by pursuing a degree in computer science, information technology, or a related field.” 

Cybersecurity Certification

Another more formalized route is to gain certification in cybersecurity by taking online classes or cybersecurity bootcamps through a university, community college, or online course provider. Some in-demand cybersecurity certifications include: 

  • Certified Information Systems Security Professional (CISSP) 
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • CompTIA Security+
  • Certified Ethical Hacker (CEH)
  • GIAC Security Essentials Certification (GSEC)

Mirani notes that cloud security certifications such as Azure, GCP, and AWS can also help you gain relevant work experience. 

Cybersecurity Work Experience

Many people become cybersecurity analysts by learning the basics and developing the right skill set through their own study and on-the-job experiences. 

“There is no easy way here due to the requirement of the necessary skills,” Beloenko says. “The easiest way is to get a job in a company where there are relevant vacancies for an internship, and first of all the ability to master or practice on real scenarios.” He adds that cybersecurity analysts are often engineers and experienced managers. An ordinary programmer can develop a path in this direction, even without having any previous connections to the cyber industry, based on a desire to develop in this area.

>>MORE: Learn what it’s like to work in cybersecurity with Mastercard’s Cybersecurity Virtual Experience Program

Start Your Cybersecurity Career

Mirani advises to “go for it” if you have the option to take on a bachelor’s degree, or even a Master’s of Science degree, en route to a cybersecurity analyst career. But, he recognizes other paths as equally viable. 

“If you are starting from scratch but you already possess IT experience or education, study for the certifications and try to gain relevant work experience,” Mirani says. “If you want to switch from a totally different industry, define a particular set of skills and find a mentor to understand where you fit as a cybersecurity expert — then invest as much as you can on your education and training.” 

Regardless of education and training, Morris emphasizes that having experience in the field is essential. “Those who don’t have professional experience can gain hands-on experience through internships or volunteer work,” Morris says. “This can help them to gain the necessary skills and knowledge to become a successful cybersecurity analyst.”

Master the foundational skills you’ll need for a career in cybersecurity with Forage’s tech virtual experience programs.

Image credit: videoflow / Depositphotos.com