Do you know how to make a network as airtight as possible? Can you anticipate and prevent threats that would normally cripple a computer system? If you’ve got the tech-savvy skills and teamwork needed, you might just find that being a cyber security analyst is a perfect fit.
Cyber security analysts use both their hard and soft skills to secure computer networks, anticipate external and internal threats, and teach others how to stay safe in the cyber workplace.
Cyber security analysts’ work may seem innocuous at first glance, and during most day-to-day activities, it’s mostly unnoticeable. But everyone can recall the news articles of massive, global companies being compromised. Personal data, critical medical systems, and potential government secrets are accessed and tampered with.
Cyber security analysts use software tools and vigilance to stay up-to-date and ahead of would-be criminals to make sure their networks remain safe and functional.
Sample job description
We believe in keeping the world safe from threats. In order to do so, we use cutting-edge technology and protocols combined with experts to maintain our position as global leaders in cybersecurity. We believe that every company should be free to safely and securely operate without fear of security breaches or compromises, and we strive to give the world peace of mind when working with us. As a candidate, if you believe this too, and possess the skills and know-how to keep threats at bay in the digital age, you’ll be an invaluable part of our team.
Typical duties and responsibilities
- Stay up to date on security and technology advancements
- Research emerging threats and mitigation protocols
- Prepare and implement disaster recovery and contingency plans in the event of security breaches
- Monitor and investigate attacks, intrusions, and unusual activity
- Prod and evaluate current security protocols
- Create and maintain the company’s IRP
- Operate analytic tools to detect vulnerabilities and threat patterns
- Participate in white hat simulations
- Maintain firewalls and encryption
- Maintain access management of users
- Generate reports and liaise with management/stakeholders to present issues and provide resolution
Education and experience
- Degree in cybersecurity, network security, or relevant information technology
- Minimum of 3 years experience in a related field
Required skills and qualifications
- Excellent verbal and written communication
- Unrivaled attention to detail
- Proficiency in using intrusion detection/prevention systems
- Working knowledge of common programming languages, like Python, Java, or PHP
- Excellent multitasking and organization skills
- Experience configuring and administering Linux and Windows systems
- Incident response and forensic tool experience
Preferred qualifications
- Experience working in a Security Operations Center
- Experience working with Splunk
- Experience working with Enterprise Prevention Systems
- Experience working with Endpoint detection tools and forensic investigation tools
- Experience delivering a presentation to a wide variety of audiences
- Experience creating infographics such as diagrams, screenshots, workflows, graphs, etc.
Average salary and compensation
The average salary for a cyber security analyst is $113,250 per year in the United States, with a potential for cash bonuses every year. Salary may depend on the level of experience, education, and geographical location.
| Location | Salary Low | Salary High |
|---|---|---|
| Phoenix, Arizona | $119,250 | $145,750 |
| Los Angeles, California | $134,500 | $156,900 |
| Denver, Colorado | $118,300 | $130,800 |
| Washington, DC | $136,500 | $159,300 |
| Miami, Florida | $111,600 | $130,200 |
| Orlando, Florida | $102,900 | $120,100 |
| Tampa, Florida | $103,900 | $121,250 |
| Atlanta, Georgia | $109,050 | $127,200 |
| Chicago, Illinois | $125,350 | $146,250 |
| Boston, Massachusetts | $135,550 | $158,150 |
| Minneapolis-St. Paul, Minnesota | $108,000 | $126,000 |
| New York City, New York | $142,650 | $166,450 |
| Philadelphia, Pennsylvania | $116,150 | $135,550 |
| Dallas, Texas | $113,150 | $131,950 |
| Houston, Texas | $112,600 | $131,350 |
| Seattle, Washington | $130,450 | $152,200 |
| National Average | $101,900 | $124,500 |
Typical work environment
Cyber security analysts work in the office as part of a team. Generally speaking, this job can be done at the desk or from a remote location. In some instances, travel to office locations for meetings and server rooms for physical maintenance may be required.
Typical hours
While cyber security analysts generally keep standard working hours from nine to five, cybercriminals don’t exactly keep the same hours. This may mean shift work, and will almost certainly mean being on-call in case of late-night or weekend security issues.
Available certifications
There are a wide variety of certifications to obtain in order to further your career as a cyber security analyst:
- Security+. CompTIA Security+ is the entry-level certification that validates the foundational skills needed in any cybersecurity role. By obtaining this certification, you will demonstrate your ability to monitor and secure all typical environments used by an organization. Further, you’ll understand the laws and regulations related to risk and compliance, and be able to readily identify security incidents. There are no strict requirements for taking the exam, and this is largely considered to be the first step in moving further into the cybersecurity field.
- CISSP. The Certified Information Systems Security Professional is among the most sought-after credentials in the industry. This certification demonstrates you are more than capable of planning, implementing, and monitoring a network’s security. To qualify, you’ll need five or more years of cumulative work experience in at least two of eight cybersecurity domains: Software Development Security, Security Operations, Security Assessment and Testing, Identity and Access Management, Communication and Network Security, Security Architecture and Engineering, and Asset Security.
- CISA. The Certified Information Systems Auditor demonstrates your abilities in assessing and preventing security vulnerabilities, designing and implementing controls, and reporting on compliance. It stands as one of the most recognized certifications.
- CISM: The Certified Information Security Manager shows that you’re capable of handling the management side of information security. From program development and implementation to risk management and governance, if you’re looking to move into a senior position, look no further than CISM.
Career path
The journey to becoming a cyber security analyst begins with a degree in one of many relevant fields. Computer science, software engineering, information technology, cybersecurity, and many others qualify to get your foot in the door.
After or during your path to obtaining this educational benchmark, grabbing certifications like the above-mentioned, or a host of others, will help solidify your standing in the cyber security field.
Aside from education, certification, and experience, being able to wield soft skills are invaluable. You’ll need to communicate and cooperate with your team, along with conveying information to others in an easy-to-understand way.
US, Bureau of Labor Statistics’ job outlook
SOC Code: 15-1212
| 2020 Employment | 141,200 |
| Projected Employment in 2030 | 188,300 |
| Projected 2020-2030 Percentage Shift | 33% increase |
| Projected 2020-2030 Numeric Shift | 47,100 increase |
Position trends
There’s no doubt the world is becoming more interconnected every day. Companies that start or transition into the digital age must face digital threats. They need professionals that can win the arms race against these threats to avoid crippled infrastructure, or losing valuable data or trust from their clients. There is a huge incentive to the preventative measures that cyber security experts put in place, and the recovery plans they create in case the worst comes to pass. For these reasons, this position is seeing a massive explosion in demand across the globe, and likely won’t see a slow down for some time.
Sample interview questions
- What’s the difference between IDS and IPS?
- Can you explain the CIA triad?
- What’s the difference between encryption and hashing?
- What’s the purpose of a firewall?
- What do you consider the main advantages of cybersecurity?
- Would you consider yourself an excellent communicator?
- How would you identify and prevent a brute force attack?
- What is port scanning?
- Can you name the seven layers of the OSI model?
- Can you describe an MITM attack?
- What’s the difference between SSL and TLS?
- What does XSS stand for, and what does it mean?
- What does WAF stand for, and what does it mean?
- What programming languages do you know?
- What are the most common vulnerabilities you see in network security?
- What is the importance of DNS monitoring?
