A woman typing on a laptop

An information security analyst could...


Encrypt communications and data so they cannot be accessed by unauthorized users. Screenshot of a system log in prompt Set up a firewall to protect a company's computer systems from malicious intrusion. Digital drawing of a private network and public network separated by a red brick wall
Train other employees on proper computer security procedures. Digital drawing of a person next to a lock Help protect customers' personal information, like email addresses and credit card numbers. Three credit cards from the companies Visa, MasterCard and American Express
Find out more...

Key Facts & Information

Overview Have you ever seen a story on the news about how a company or government agency was "hacked" and people's personal information, like names, addresses, or credit card numbers, was stolen? It is an information security analyst's job to prevent that from happening. Organizations hire information security analysts to analyze possible threats against their computer systems, which can range from malicious hackers trying to steal data to careless employees who accidentally forget to log out of a computer. They then make plans to prevent these threats and to deal with them when they arise. This is an exciting career for those who want to keep up with the constantly changing world of computers and the Internet.
Key Requirements Analytical skills, attention to detail, problem-solving skills
Minimum Degree Bachelor's degree
Subjects to Study in High School Computer science, algebra, algebra II, pre-calculus, calculus, statistics, English
Median Salary
Information Security Analyst
  $92,600
U.S. Mean Annual Wage
  $49,630
Min Wage
  $15,080
Projected Job Growth (2014-2024) Faster than Average (14% to 20%) In Demand!
Interview
  • Watch this video to see multiple short interviews with security professionals at BlackHat and DEFCON, two major security conferences held in Las Vegas. Nevada.
  • Watch this interview with Dr. Douglas Twitchell, a professor in information security at Illinois State University.
Related Occupations

Education and Training

Information security analysts usually have a bachelor's degree in computer science, programming, or a related field, but a master's degree could be beneficial. Some schools now offer degrees in information security as the field continues to grow and as demand for qualified employees increases. A master's of business administration (MBA) in information systems may also be preferred, since the security of a company's data (for example, customer credit card information) can have a huge impact on its finances and business operations if that data is breached. An MBA typically requires two additional years of school beyond the undergraduate level.

Many information security analyst positions are not entry-level. Experience in a related field, like database management or systems administration, may be required. Various professional certifications in information security are also available, and may make a prospective employee more attractive to employers. Since the field of information security changes rapidly as computer technology advances, information security analysts must typically pursue continuing professional education, attend conferences and seminars, and read trade publications in order to stay up to date.

With enough experience, information security analysts can advance to managerial positions, like chief security officer or computer and information systems manager, also called information technology (IT) managers.

Other Qualifications

Information security analysts must have excellent critical thinking and problem-solving skills, and be willing to tackle difficult technical problems. They must also have good communication skills so they can communicate with other employees (who do not have computer science backgrounds) about information security issues. For example, they may have to explain basic computer security policies to a company's employees, or report to the CEO if there is a security compromise.

Nature of the Work

Information security analysts are skilled workers who help protect an organization's data from unauthorized access and outside threats. They can work for a variety of organizations, ranging from government agencies that handle classified data, to healthcare organizations that must store sensitive personal information about patients, to large retailers that handle credit card transactions. In all of those cases, the organizations possess information that could cause embarrassment, financial loss, or even a national security threat if the information is compromised or stolen. The threats they must deal with can range from individuals or small groups of hackers, to organized crime or even foreign governments. They must continually stay up-to-date on the latest trends in the information security industry in order to stay one step ahead of hackers and protect their organization's information. As the scale and frequency of cyberattacks continue to increase, the responsibilities of information security analysts may increase as well.

Watch this video to see interviews with multiple experts in the field of information security.
https://www.youtube.com/watch?v=EhIp3b8iGm4

An information security analyst is responsible for analyzing a company's computer systems, possible threats to the systems that could compromise data, and developing and implementing plans to protect that data. They may be responsible for installing defenses, like firewalls, to prevent unauthorized access to a company's systems. Sometimes analysts might not implement their plans directly, but instead make recommendations to management or systems administrators who will then oversee implementation of those plans. They may also prepare reports for management in the event of a security breach, explaining what happened, its impact on the company, and how similar attacks can be prevented in the future.

Information security analysts might be responsible for training other, non-technical employees on proper computer security procedures. This can include protection against physical, not just electronic, theft of data. For example, an employee traveling to a conference with a company laptop that has sensitive information on the hard drive could risk having that laptop stolen at the airport. Someone could take data home on a USB flash drive to work in the evening, then lose the flash drive.

Work Environment

Information security analysts typically spend the majority of their time working in an office environment, usually in front of a computer. They may have meetings with other people in the office during the day, and occasionally travel for conferences and professional meetings. While most analysts work full time (40 hours per week), some may need to be "on call" outside of normal business hours because companies must react immediately in the event of a data breach or security compromise.

Like other workers who spend long periods typing on a computer, information security analysts are susceptible to eyestrain, back discomfort, and hand and wrist problems such as carpal tunnel syndrome or cumulative trauma disorder, but preventative measures can be taken.

On the Job

  • Analyze a company's computer systems for security vulnerabilities.
  • Develop and implement a plan to address the security vulnerabilities.
  • Formally document a company's security protocols so other employees can follow them.
  • Present recommendations to management for improving a company's security infrastructure.
  • Respond to cyberattacks when they occur and try to minimize damage.
  • Assess the results of an attack and prevent something similar from happening again.
  • Train other, non-technical employees on computer security procedures.

Companies That Hire Information Security Analysts

Explore what you might do on the job with one of these projects...

Password Security: How Easily Can Your Password Be Hacked?
Log in to add favorite
Science Fair Project Idea
We use passwords every day for our email and other computer accounts. How secure is the password that you use? How hard would it be for someone to guess your password? How hard is it to write a computer program to guess a password? You can see for yourself by writing a simple password guesser in the computer language Python. We will get you started with some ideas, a little sample code, and a few passwords for your computer program to try and guess. Read more
Hacking the Air Gap: Stealing Data from a Computer that isn't Connected to the Internet
Log in to add favorite
Science Fair Project Idea
You might think that one sure-fire way to keep your computer safe from hackers is to disconnect it from the internet entirely. But did you know that even without internet, a computer can transmit data using light, sound, vibrations, or even heat? In this project, you will investigate how a spy or hacker can steal data from an "air-gapped" computer that has no internet connection. You can even use Google's Science Journal app to demonstrate how the data can be picked up by a nearby smartphone. Read more
Crack the Code: Breaking a Caesar Cipher
Log in to add favorite
Science Fair Project Idea
When you hear the word "encryption," you might think about modern computers and things like email and online bank accounts. But did you know that encryption has been around for thousands of years? In this project you will learn about the Caesar cipher, a simple type of encryption that replaces each letter of the alphabet with another letter, and demonstrate how a modern computer can crack this ancient code in just a few seconds. Read more
How Secure Are Your Security Questions?
Log in to add favorite
Science Fair Project Idea
Many websites ask you to answer "security questions," like "What is your mother's maiden name?," to recover your account if you ever forget your password or login ID. However, sometimes the answers to those questions are easy to find online. Does this pose a risk to the security of important accounts like email and online banking? Are people even aware that this information about them is available online? In this project, you will investigate how secure people think security questions are, and… Read more
Preventing SQL Injection Attacks
Log in to add favorite
Science Fair Project Idea
How many websites do you have accounts with that store personal information like your name, email, phone number, or mailing address? If the people running these websites are not careful, hackers could gain unauthorized access to, and even change or delete, your information. They can do this using something called SQL injection, which involves entering malicious code into text fields on a website. In this project you will learn how SQL injection works and figure out how to prevent it. Read more
Is a Deleted File Really Gone?
Log in to add favorite
Science Fair Project Idea
When you delete a file, by accident or on purpose, is the information really gone? Can you get it back? If you accidentally deleted your five-page report for school, you are hoping it is not gone. On the other hand, if you do not want someone to get their hands on the goofy and unflattering pictures you and your best friend took while staying up late the other night, you probably hope it is gone for good! It might be nice to know for sure either way. Try this project to find out. Read more
Do People Use Different Passwords for Different Accounts?
Log in to add favorite
Science Fair Project Idea
Do you ever use a password to log in to a computer, email account, or website? Do you use the same password for each one? Even if your password is very long or hard to guess, using the same password for many accounts can still be risky. If someone manages to find out your password (for example, via a phishing attack, or if you write your passwords down and someone finds the piece of paper), they could easily access many of your accounts. However, memorizing lots of different passwords can be… Read more
Computer Sleuth: Identification by Text Analysis
Log in to add favorite
Science Fair Project Idea
Here's a project where you can try your hand at being a detective with your computer. In this project you'll write a program to do some basic analysis of features of written text (for example, counting the length of each word in the text, or the number of words in each sentence). Then you'll see if you can use the information from your text analysis program to find measurements that can distinguish one author from another. After analyzing known samples of several authors' writings, can your… Read more
Encryption
Log in to add favorite
Science Fair Project Idea
Want to send coded messages to your friends? Can you write a simple letter-substitution encryption program in JavaScript? How easy is it to break the simple code? Can you write a second program that "cracks" the letter-substitution code? Investigate other encryption schemes. What types of encryption are least vulnerable to attack? Read more

Ask Questions

Do you have a specific question about a career as an Information Security Analyst that isn't answered on this page? Post your question on the Science Buddies Ask an Expert Forum.

Additional Information

The following organizations provide professional certifications in various areas of cybersecurity:

Sources

Explore Our Science Videos

Build a Gauss Rifle
Make a Homemade Fly Trap
DIY Glitter Surprise Package with a Simple Circuit
Free science fair projects.