The need to protect organizations against cyber-threats is more pressing than ever. According to the ISACA’s annual State of Cybersecurity study, 48 percent of cybersecurity experts believe their organizations are more vulnerable to threats now compared to the previous year. In light of that, it’s a great time to consider becoming a cybersecurity analyst—but what skills do these analysts need to succeed?
We’ll break down the necessary cybersecurity analyst skills to succeed in the industry, along with cybersecurity analyst salaries and much more. Let’s dig in!
What is a cybersecurity analyst?
The day-to-day tasks facing a cybersecurity analyst can vary between organizations. For example, an analyst at a larger organization may specialize in monitoring networks for internal and external security breaches (and investigating any attacks). Meanwhile, an analyst at a smaller organization might be a jack of all trades, handling everything from firewalls to analyzing data to improve the overall digital security infrastructure.
According to the U.S. Bureau of Labor Statistics (BLS), “Information security analysts must stay up to date on IT security and on the latest methods attackers are using to infiltrate computer systems… Analysts need to research new security technology to decide what will most effectively protect their organization.”
In other words, it’s a position that requires a variety of skills; analysts must also constantly evolve to confront an ever-changing threat landscape.
What kinds of skills do cybersecurity analysts need?
Numerous tech skills come into play in a cybersecurity context, including (but definitely not limited to) authentication, software development, cryptography, project management, knowledge of information systems, and much more. If you’re interested in becoming a cybersecurity analyst, you should focus on learning the skills and tools that will allow you to carry out the following:
- Automation of repetitive tasks: Cybersecurity analysts increasingly rely on scripting (with languages such as Python) and even machine learning to automate key aspects of an organization’s cybersecurity strategy.
- Knowledge of cybersecurity frameworks: Every organization interested in cybersecurity adopts a framework of tools and security policies that allows it to meet potential threats. Cybersecurity analysts must know how to build out and iterate such a framework. (Knowledge of cybersecurity controls is likewise critical.)
- Attack detection: Analysts must know how to use tools to detect an internal or external attack against their network.
- Incident response plan: As part of a cybersecurity framework, every organization should have a solid incident response plan. It’s the job of an analyst to ensure that such a plan is capable of handling a broad range of scenarios, and that it’s also kept up-to-date given the new threats constantly emerging.
- Local and cloud platforms: From localized operating systems such as Windows, Linux and macOS to cloud-based platforms such as Microsoft Azure and Amazon Web Services that power many organizations’ processes, cybersecurity analysts must be familiar with their employer’s core software (and its potential vulnerabilities).
- DevOps and DevSecOps: DevOps is a mix of cultural practices and tools designed to help companies successfully build and launch new software; DevSecOps is the art of integrating cybersecurity into that development process. Those who’ve mastered DevSecOps know how to test software at all points of development for potential vulnerabilities, which can help head off problems before they start.
All of the skills within these categories are constantly evolving, so anyone who wants to become a cybersecurity analyst will need to constantly keep learning in order to stay at the cutting edge of their profession.
Do I need certifications to become a cybersecurity analyst?
That’s a great question. Given the incredible demand for skilled cybersecurity analysts, and the historically low rates of unemployment within tech, it’s very possible that hiring managers and recruiters will overlook a lack of certifications if you can prove you have the skills for the position.
With that in mind, possessing popular certifications can help you stand out in a crowded field of applicants. Some certifications that come in useful for proving cybersecurity analysts’ skills include:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Privacy Professional (CIPP)
- SANS/GIAC Certification
- CompTIA Security+
- Certified Information Security Manager (CISM)
- GIAC Certified Incident Handler (GCIH)
- GIAC Security Essentials Certification
“Working towards and obtaining an entry-level cybersecurity certification will show employers you're serious about this career path,” Joe Stallings III, director of strategy, privacy and risk at Coalfire, told Dice earlier this year.
How do I break into a cybersecurity analyst career?
When they’ve completed their training, many cybersecurity analysts start their career as a junior cybersecurity analyst, an entry-level position that often doesn’t call for much (if any) experience. Junior cybersecurity analysts are often tasked with conducting vulnerability assessments and helping senior cybersecurity experts monitor networks for intrusions.
Once you’re in a more junior role, pay close attention to the aspects of cybersecurity work that appeal to you. Do you like doing malware analysis, for instance? Or does working with a ‘red team’ appeal to your inner hacker? Consider focusing your learning time on your interests; those with specialized skills can find lots of high-paying opportunities.
In general, laddering up your cybersecurity career depends on three things:
- Educating yourself: Whether or not you have a degree, you should demonstrate to prospective employers that you’re continuously learning new skills and you’re curious about the cybersecurity industry as a whole.
- Getting experience: Even if you lack a lot of experience as a cybersecurity analyst, participating in bug hunts and other “personal” projects can show you have the foundation necessary for the analyst job.
- Applying for roles and meeting future employers: Networking is an essential element of the job hunt; in addition to applying for jobs, it also pays to reach out to senior analysts and other cybersecurity professionals for informational interviews (and potential mentorships, even).
If you can master those elements, you can build out a sustainable career as a cybersecurity analyst.
How much do cybersecurity analysts earn?
Recent CyberSeek data suggests that cybersecurity analyst is a mid-level cybersecurity position with room for advancement into more senior-level positions; the same data lists the average salary at $107,500. The Wall Street Journal recently suggested that the average cybersecurity budget will increase by about 6 percent this year, which means organizations will find the cash to pay analysts a solid salary—provided those analysts fit an employer’s needs.
Meanwhile, the Dice Tech Salary Report lists the average cybersecurity analyst salary at $96,379 per year, down year-over-year by 5.7 percent. While that’s a bit below the average technology professional salary of $111,348, an analyst’s salary can increase significantly with added skills and experience. (Don’t worry too much about that year-over-year decline; cybersecurity positions are in demand, and many professions’ salaries naturally fluctuate over the years.)