Information Security Analyst

Key Facts & Information

Overview	Have you ever seen a story on the news about how a company or government agency was "hacked" and people's personal information, like names, addresses, or credit card numbers, was stolen? It is an information security analyst's job to prevent that from happening. Organizations hire information security analysts to analyze possible threats against their computer systems, which can range from malicious hackers trying to steal data to careless employees who accidentally forget to log out of a computer. They then make plans to prevent these threats and to deal with them when they arise. This is an exciting career for those who want to keep up with the constantly changing world of computers and the Internet.
Key Requirements	Analytical skills, attention to detail, problem-solving skills
Minimum Degree	Bachelor's degree
Subjects to Study in High School	Computer science, algebra, algebra II, pre-calculus, calculus, statistics, English
Median Salary	Information Security Analyst   $92,600 U.S. Mean Annual Wage   $49,630 Min Wage   $15,080 $0 $10,000 $20,000 $30,000 $40,000 $50,000 $60,000 $70,000 $80,000 $90,000 $100,000 $110,000
Projected Job Growth (2014-2024)	Faster than Average (14% to 20%) In Demand!
Interview	Watch this video to see multiple short interviews with security professionals at BlackHat and DEFCON, two major security conferences held in Las Vegas. Nevada. Watch this interview with Dr. Douglas Twitchell, a professor in information security at Illinois State University.
Related Occupations	Computer Network Architect Computer Systems Analyst Penetration Tester Database Administrator

Education and Training

Information security analysts usually have a bachelor's degree in computer science, programming, or a related field, but a master's degree could be beneficial. Some schools now offer degrees in information security as the field continues to grow and as demand for qualified employees increases. A master's of business administration (MBA) in information systems may also be preferred, since the security of a company's data (for example, customer credit card information) can have a huge impact on its finances and business operations if that data is breached. An MBA typically requires two additional years of school beyond the undergraduate level.

Many information security analyst positions are not entry-level. Experience in a related field, like database management or systems administration, may be required. Various professional certifications in information security are also available, and may make a prospective employee more attractive to employers. Since the field of information security changes rapidly as computer technology advances, information security analysts must typically pursue continuing professional education, attend conferences and seminars, and read trade publications in order to stay up to date.

With enough experience, information security analysts can advance to managerial positions, like chief security officer or computer and information systems manager, also called information technology (IT) managers.

Other Qualifications

Information security analysts must have excellent critical thinking and problem-solving skills, and be willing to tackle difficult technical problems. They must also have good communication skills so they can communicate with other employees (who do not have computer science backgrounds) about information security issues. For example, they may have to explain basic computer security policies to a company's employees, or report to the CEO if there is a security compromise.

Nature of the Work

Information security analysts are skilled workers who help protect an organization's data from unauthorized access and outside threats. They can work for a variety of organizations, ranging from government agencies that handle classified data, to healthcare organizations that must store sensitive personal information about patients, to large retailers that handle credit card transactions. In all of those cases, the organizations possess information that could cause embarrassment, financial loss, or even a national security threat if the information is compromised or stolen. The threats they must deal with can range from individuals or small groups of hackers, to organized crime or even foreign governments. They must continually stay up-to-date on the latest trends in the information security industry in order to stay one step ahead of hackers and protect their organization's information. As the scale and frequency of cyberattacks continue to increase, the responsibilities of information security analysts may increase as well.

An information security analyst is responsible for analyzing a company's computer systems, possible threats to the systems that could compromise data, and developing and implementing plans to protect that data. They may be responsible for installing defenses, like firewalls, to prevent unauthorized access to a company's systems. Sometimes analysts might not implement their plans directly, but instead make recommendations to management or systems administrators who will then oversee implementation of those plans. They may also prepare reports for management in the event of a security breach, explaining what happened, its impact on the company, and how similar attacks can be prevented in the future.

Information security analysts might be responsible for training other, non-technical employees on proper computer security procedures. This can include protection against physical, not just electronic, theft of data. For example, an employee traveling to a conference with a company laptop that has sensitive information on the hard drive could risk having that laptop stolen at the airport. Someone could take data home on a USB flash drive to work in the evening, then lose the flash drive.

Work Environment

Information security analysts typically spend the majority of their time working in an office environment, usually in front of a computer. They may have meetings with other people in the office during the day, and occasionally travel for conferences and professional meetings. While most analysts work full time (40 hours per week), some may need to be "on call" outside of normal business hours because companies must react immediately in the event of a data breach or security compromise.

Like other workers who spend long periods typing on a computer, information security analysts are susceptible to eyestrain, back discomfort, and hand and wrist problems such as carpal tunnel syndrome or cumulative trauma disorder, but preventative measures can be taken.

On the Job

• Analyze a company's computer systems for security vulnerabilities.
• Develop and implement a plan to address the security vulnerabilities.
• Formally document a company's security protocols so other employees can follow them.
• Present recommendations to management for improving a company's security infrastructure.
• Respond to cyberattacks when they occur and try to minimize damage.
• Assess the results of an attack and prevent something similar from happening again.
• Train other, non-technical employees on computer security procedures.

Companies That Hire Information Security Analysts

• EMC
• Google
• Symantec

Explore what you might do on the job with one of these projects...

• Crack the Code: Breaking a Caesar Cipher
• Hacking the Air Gap: Stealing Data from a Computer that isn't Connected to the Internet
• How Secure Are Your Security Questions?
• Is a Deleted File Really Gone?
• Preventing SQL Injection Attacks

Ask Questions

Do you have a specific question about a career as an Information Security Analyst that isn't answered on this page? Post your question on the Science Buddies Ask an Expert Forum.

Additional Information

The following organizations provide professional certifications in various areas of cybersecurity:

• InfoSec Institute
• EC-Council

Sources

• O*Net Online. (2009). National Center for O*Net Development. Retrieved May 1, 2009, from http://www.onetonline.org/
• Bureau of Labor Statistics, U.S. Department of Labor (2015, December 17). Occupational Outlook Handbook, 2016-17 Edition, Information Security Analysts. Retrieved Jan. 19, 2016 from http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
• Steinberg, S. (n.d.). Information Security Analyst. U.S. News & World Report. Retrieved Jan. 19, 2016 from http://money.usnews.com/careers/best-jobs/information-security-analyst
• Cyber Degrees (n.d.). Become a Security Analyst. Retrieved Jan. 19, 2016 from http://www.cyberdegrees.org/jobs/security-analyst/
• SecureNinjaTV. (2014, October 17). Careers in Cybersecurity - Expert Advice from BlackHat & DEFCON. Retrieved May 4, 2016, from https://youtu.be/EhIp3b8iGm4
• Cardenas, K. (2013, January 30). Information Security, Interview with Dr. Twitchell. Retrieved May 4, 2016, from https://youtu.be/fWCOndpmDf4