How you can become an information security analyst

InfoSec Reporter

9 min readJul 5, 2020

What does an information security analyst do? What is required to be an information security analyst?

What is an analyst job description? What types of infosec jobs are out there?

How much does an information security analyst make and how do I become an information security analyst?

We will answer all these questions in the post.

Keep Reading!

The services of an Information Security Analyst are in demand.

Many companies and organizations look for ways to protect their organizations’ data and devices.

These companies rely on professionals to understand what practices are the best, and how to secure their digital assets.

Who is a cybersecurity Analyst?

A Cybersecurity analyst is someone who helps in protecting and securing an organization’s data, computers, networks, and programs.

The cybersecurity analyst uses a range of technologies and processes to prevent, detect, and manage cyber threats.

They have access to all the other departments in a company and are able to identify and correct flaws in the company’s security systems.

They propose solutions, programs, and specific measures that can improve the company’s security.

They also generate reports for IT administrators and business managers to evaluate the efficacy of the security policies in place.

Information Security Analysts play an important role in preserving the security and integrity of an organization’s data.

There are different types of cybersecurity analysts, and they all have a similar goal, that of securing the company’s data, but with different functions.

These different Cyber Security roles include;

Note: Information Security jobs are well-paying jobs, with analysts earning between $53,000 to $113,000 per annum in the USA.

These are well-paying jobs because the Information Security Analyst performs one of the most important roles in a company.

Now you must be excited and wondering, or asking yourself “but how can I become a Cyber Security Analyst?”

Hang in there

We will explain to you in detail what it takes to become a Cyber Security Analyst.

How To Become An Information Security Analyst.

Jonathan Butler, became a security analyst in May 2016, his career started as an information security analyst for Distilled Network.

He grew up in a rural area and didn’t have the best internet service.

He was not raised to seeing it producing any income; his childhood wasn’t dependent on computers.

He only took an interest in computers as he went up the academic ladder, with a computer science course being a requirement in his university major.

The concept of computer networking later captured his interest so much that he had to take another course.

This course exposed him to programming, where he learned how to use tools and a couple of other languages to build applications.

Another thing that captured his interest was a project that was given them to recreate Angry Birds.

The angry birds project got him so excited to actually see the translation of physics into the language of recreating reality.

It opened his eyes to the real world; the potential of it, although he studied maths with a specialization in finance.

When he left college, his new career path earned him a job at a software development firm, where it all started.

He then went from a software development firm to Urban Science; a data consulting firm,

…where he gained exposure working with enterprise companies like Audi and Volkswagen as his two major clients.

This exposure gave him an understanding of how the big companies operate, which has kept him circulating around the network of cybersecurity.

At some point, he felt like he was lacking behind and needed to catch up with his mates, who seemed to breathe of the computers they had available to them while growing up.

To him, it was a little intimidating, especially as he was not lucky to enjoy the same privileges as his friends.

Flip phones like blackberry had been in use around that time, which had made technology interesting to the extent that it was gradually becoming a part of everyday life.

But he stepped into the private sector and moved to Urban Science, where there were a lot of opportunities to explore and do analytics.

He still had technology as the major component of his career, and it was at this point that he came about the idea of consulting by helping businesses make intelligent and data-driven decisions.

All the knowledge he acquired from his findings, and his previous role at the consultant position made him mature in the tech world, with a more defined purpose.

He explained to us that the experience of learning databases, web application, businesses, languages, and every other external thing that required one’s creativity to provide solutions for problems, all came together just in time to boost his professionalism and better his function as the security analyst at the company.

He gave us a quick summary of his daily activities.

His position as manager is an interesting one 24/7.

He has to always stay connected with his phone after work, to keep work alive; randomly responding to whatever is pending, and sometimes as late as 2:00 am.

But this, he said, is only a personal decision.

‘’Unless it’s not a big project, one would have to WORK more often and push hard to keep a balance with work-life if they want to move their career faster.

To become a Cybersecurity Analyst, you need to have a passion for the job, and you must have some basic certifications in at least one of the cybersecurity domains.

To become an efficient Cybersecurity Analyst, you need to specialize in one of the various fields of cybersecurity below.

But before you jump to that section, mind you, your path is not going to be a smooth one but no matter what happens, don’t give up.

Application Security Analyst

An Application Security Analyst role helps a company minimize attacks to its software, systems, and web applications by making it immune to cyber threats.

Application security analysts' role involves vulnerability scanning and penetration testing when it comes to the applications that an organization is either using or developing.

Application Security is important because almost every gadget uses some sort of application, especially with the growth of the Internet of things, and the growth of cybercriminals

To become an Application Security Analyst, you need at least a Bachelor’s degree in computer science, software engineering, information assurance, some mathematics, or any other computer security related field.

Some of the relevant Certificates to become an Application Security Analyst include;

A SANS certification or ISC2 program.

A GIAC(Global Information Assurance Certification) Web Application Defender (GWEB) certification,

The GIAC Secure Software Programmers certification (GSSP),

The Certified Secure Software Lifecycle Professional (CSSLP), and the Secure Software Practitioner (SSP) suites.

With these certificates, you can get an Application Security Analyst in the Entry and mid-levels.

…But you will need an MBA or a Masters’s Degree in Cybersecurity to be employed at the top level.

You also need to be familiar with threat detection, threat analytics, and protection.

In the present job market, employers do not only consider certificates as the sole prerequisite for employment, but the fact that you have real-world experience and the certification to back it up.

You need to show proof that you are up to the task, a previous project, or projects you worked on successfully will help in boosting your chances.

Data Security Analyst

The Role of a Data security analyst is to protect a company’s or organization’s data and information stored on its information systems, like computers and servers from external attack.

The tasks performed by a Data Security Analyst may vary from one industry to another, and depend on a variety of factors that are unique to the industry.

…But as a data Security Analyst, you are supposed to do a constant assessment and report on any intrusion attempts and false alarms,

…identify loopholes that can be exploited by hackers, and give timely reports to help develop a stronger security mechanism by implementing internal procedures.

It is for this reason that they are in high demand in all types of data-driven industries such as consulting, computer systems design, and financial services, etc.

Some of the relevant Certificates needed to become a Data Security Analyst include;

The EC-Council Certified Ethical Hacker(S.A.T),

The CISO, the Certified Information Security Manager,

A GIAC(Global Information Assurance Certification) Secure Software Programmers certification (GSSP),

The Certified Secure Software Lifecycle Professional (CSSLP) Certificate, the CySA+ (Computing Technology Industry Association (CompTIA)) Certificate,

…And the Secure Software Practitioner (SSP) suites certificate.

Having a Masters Degree in business administration is also an added advantage, because some of the interfaces that you’ll have to work with, and the people you will meet, you need to be able to communicate with them in a professional way.

Just as mentioned above, any of these certificates are very important to land you a job as a Data Security Analyst, coupled with your practical know-how.

A Security Compliance Analyst

A Security Compliance Analyst makes sure that an organization uniformly conforms to all required legal regulations, things like HEPA and Fizbo and GDP.

They are also responsible for monitoring, managing, and closing existing compliance issues while ensuring that internal systems are compliant with security standards.

You will be part of a creative team that designs, builds, and deploys secure, safe, and trusted solutions that protect an organization and its customers as a security compliance analyst.

You should also be able to work across several departments including Sales, Privacy, Infrastructure, Legal, Engineering, and Operations.

You will also support security initiatives by engaging various process owners in the design, documentation, implementation, and monitoring of IT controls in an organization’s environment and you will help demonstrate adherence to these controls with external auditors.

This is a very important position because after all, as a cybersecurity analyst and cybersecurity professional, your primary job is simply to keep the company away from lawsuits, and possibly jail.

…And all that starts with maintaining the overall compliance of the organization, as well as ensuring that studies are being done and a robust response plan is developed to ensure timely resumption after a serious disruption, and maintaining the overall risk analysis or risk profile for the organization.

Cyber Security Architects

Security architects, or cybersecurity architects, are responsible for creating a safe and secure environment for the data or information stored in devices, applications, and also those that are moving in a network during any transaction.

They are responsible for reviewing an enterprise architecture from an I.T perspective to determine where and what type of security components need to be put in what location based on the organization’s discipline.

They control the flow of data, like the point from where a piece of information is coming in, to that which is going out.

The architect looks at where best to put the authentication mechanisms for the identities of the people coming onto a network.

Another task performed by a security architect is to look at the organization’s risks and determine the best ways to handle them, the best types of technologies, policies, procedures, operational activities, and even managerial policies, and potential changes that are necessary for the risks to be correctly handled.

To become a security architect, first off, you have to become a cybersecurity practitioner.

You’ll need to have an introduction to the security world itself, either in information security or its subset generally called cybersecurity.

Either way, you need to start with that type of background as a beginner in the security field, with just your certificate in Cybersecurity.

You will also need to spend a couple of years doing that type of activity, getting used to the different types of security roles, like logs, log reviews, checking your management systems, looking at what’s going on in the I.T devices of an organization.

You also need to be able to manipulate alarm systems, possibly work on firewalls, all the basics of cybersecurity, and then gradually work your way into understanding the actual technologies behind them.

You will need to understand the functionality of firewalls, servers, networks, and routines.

To become a cybersecurity architect, you need at least a bachelor’s degree in computer science, cybersecurity, or a related field.

If you’re pursuing a management position, you will need a master’s degree in IT security.

Some of the certificates that employers consider include:

CISSP (Certified Information Systems Security Professional),

CISSP-ISSAP (Information Systems Security Architecture Professional),

CISM(Certified Information Security Manager from ISACA), CEH(Certified Ethical Hacker),

CSSA (Certified SCADA Security Architect),

GSEC (GIAC Security Essentials) GCIH (GIAC Certified Incident Handler) GCIA (GIAC Certified Intrusion Analyst), and the CompTIA PenTest+.

Final thoughts

To conclude, If you have the right mindset and mentorship, you can become a Cyber Security Analyst.

However, you’d need to have basic certification in computer science, software engineering, information assurance, some mathematics, database programming, and everything related to computer security, and above all, you must be proactive.

We hope this article has helped you on your journey to becoming a cybersecurity analyst. If it helped you, please leave a comment below and tell us how it helped you or share it with your family members who are also interested in the subject.

Originally published at https://infosecreporter.com on August 5, 2020.