How to become a cybersecurity analyst

Despite recent concerns that hiring in the United States is currently slowing due to inflation and a possible recession, cybersecurity job openings increased by 30% in the third quarter of 2022 compared to the same three-month period in 2021, according to a recent CyberSeek study. This is great news for any cybersecurity analyst (or anyone who wants to know how to become a cybersecurity analyst).

Beyond economic considerations, businesses and government organizations remain eager to hire talented cybersecurity professionals; the same study finds some 770,000 open cyber positions in the United States alone. For tech professionals looking to break into the still hot cyber market or take a career leap, the cybersecurity analyst role offers plenty of opportunities for those with the right skills and the ability to learn.

What do cybersecurity analysts do?

The cybersecurity analyst remains one of the essential positions within a security organization. They have many tasks, including monitoring networks to detect security breaches and investigate when they occur; use and maintain technologies such as firewalls and data encryption programs to protect essential data; and checking for vulnerabilities within the infrastructure, according to the Bureau of Labor Statistics.

“Information security analysts must keep abreast of computer security and the latest methods used by attackers to infiltrate computer systems,” according to the BLS listing, which also refers to the analyst position. information security. “Analysts must research new security technologies to decide what will most effectively protect their organization.”

How much do cybersecurity analysts get paid?

Data from CyberSeek lists cybersecurity analyst as a mid-level cybersecurity position with the possibility of advancement to higher level positions. The same data lists about 33,000 open jobs for cybersecurity analysts, with an average salary of $107,500.

For those looking to break into the cybersecurity field with a few years of relevant technical experience, or for seasoned tech professionals looking for a new career path, industry watchers note that the position of cybersecurity analyst will remain in demand for some time.

“There’s no better time to become a cybersecurity analyst than now. Cybersecurity teams lack talent and require all kinds of skills and experience,” said Claude Mandy, Chief Data Security Evangelist at security firm Symmetry Systems, “These skills shortages are particularly noticeable in new and emerging areas such as cloud security, data security and applications.”

What skills does it take to become a cybersecurity analyst?

To become a cybersecurity analyst, whether you start straight out of school or have some tech experience, you need to master the underlying technology, experts noted.

“Many mid-career cybersecurity professionals have worked as network administrators or system administrators. It gives you an idea of ​​”how” something works so you can harden a system or network or take other steps to ensure it keeps doing what it’s supposed to while being protected from tampering. John Bambenek, principal threat hunter at security firm Netenrich, told Dice.

For those with less experience in technology or security, Bambenek added, those applying for cybersecurity analyst positions must demonstrate problem-solving abilities: “For young professionals, my interviews can often include technical exercises to demonstrate that they can solve problems rather than talk about them, as well as the practical exercises associated with [CompTIA Security+ certification] or the entry-level reviews that are often included in big books can be very helpful.

Do I need certifications to become a cybersecurity analyst?

Certifications that can also bolster a cybersecurity analyst career include (among others):

You don’t necessarily need certifications to land a job as a cybersecurity analyst, although many job postings list the main requirements. Given the demand for cybersecurity analysts, having the right combination of experience and skills is often enough to land a job (provided you can pass the technical questions at the interview). For those who need additional experience, Mandy told Dice that he sees three ways candidates can start down the path to a cybersecurity analyst role:

  • Start educating yourself: Applicants don’t need a college degree…but must show they can learn.
  • Start gaining experience: Candidates do not need to have had a job in security, but they can demonstrate experience in securing software.
  • Start applying for jobs and meeting future employers: Candidates can land a job through a formal application, but more often than not, they can land their next role at a meeting where they’ve expressed interest.

There are other ways to get into cybersecurity, and these opportunities can be used as stepping stones to working towards a cybersecurity analyst position.

“There are many ways to get started in cybersecurity, such as starting as a full-time employee at a company looking to address a specific need for their security team, or even a consulting company where they assess and help d ‘other companies improve their security posture, typically following a more senior consultant who mentors the junior consultant on cybersecurity controls and technical writing of reports,’ John Hellickson, Field CISO at consulting firm Coalfire, told Dice. .

What other skills do cybersecurity analysts need?

For those willing to put in the effort to become a cybersecurity analyst, the interview process is key. It is also an opportunity to demonstrate a soft skill that remains an important component of cybersecurity: the ability to communicate.

“Standing out in an interview can be tricky. Often you have a limited amount of time to demonstrate your skills and experience, and as such your CV should be detailed, clear and provide a list of all the qualifications you possess,” said Chris Mason, VP president of intelligence analysis at Intel 471. . “Industry-recognized qualifications from organizations such as SANS or EC-Council are always a bonus, but your experience in the [cybersecurity analyst] field will hold a lot of weight. The interview is an opportunity for you to demonstrate your communication skills and your ability to articulate a problem and function under pressure. Preparation is key and rehearsal interviews are a great way to reduce nervousness. »

The reason communication remains essential for the job is because cybersecurity analysts write front-line reports that help improve their organization’s overall security posture and/or ensure an attack is stopped. The writing should be clear in a way that helps other stakeholders in the organization understand what’s going on, even if they don’t have cybersecurity experience.

“Having a good eye for detail and being able to easily spot patterns in large pools of data will take you far. Being able to connect the dots between disparate pieces of information and extract second and third order from effect – or the “so what” – is a key skill for any cyber analyst,” Mason added.

Bud Broomhead, CEO of security firm Viakoo, noted that cybersecurity analysts must continue to learn even on the job, especially as threats evolve. “With new attack vectors designed to thwart current security measures being introduced every day, focus on where attackers are headed. That means Internet of Things and operational technology security, open source software vulnerabilities source and multi-factor authentication methods,” Broomhead told Dice.

Cybersecurity analysts should also remember that they were hired to manage risk. “The key element here is having a desire to learn and help the business find ways to achieve positive results while managing risk,” Hellickson said.

Leave a Reply