Security Analyst

What do information security analysts do?

Information security analysts protect an organization’s computer network from cyber threats and security breaches through defense planning and incident response. Stepping in after security architects and engineers design and implement a network, analysts assess and test the system for risks. As cybersecurity threats evolve, analysts must remain aware of potential security breaches and prepare to respond at any time.

Depending on experience and skill level, an analyst’s responsibilities range from overseeing and monitoring private information to investigating compromised data and evaluating security threats.

Analysts are the eyes and ears of the security operations team. When a breach or cyber threat infiltrates the network system, analysts will signify exact risk and work closely with the incident response team to resolve the problem and prevent future attacks.

Key Skills

  • Ability to troubleshoot complex issues in network architecture
  • Experience in directing incident response team
  • Perform risk and vulnerability assessments
  • Ability to write custom scripts that provide a plethora of security alerts
  • Familiarity with intrusion detection and prevention systems

Analysts who protect an organization’s’ privacy both in-house and remotely are able to do their job off-site at anytime if necessary. The more practice an analyst has in incident response, the faster they will react to threats and breaches.


Areas of Security Analysis

Information security analysts are essential employees in any data-driven organization. Some areas of expertise include banking and financial services, government agencies and public and private healthcare companies. According to U.S. News & World Report, “information security analysts that are compensated the best work in the securities and commodity contracts intermediation and brokerage industry.” Two important areas of expertise are:

Vulnerability assessment

Security analysts research organizational data and security measures to determine weak points in company code and identify possible strategies for enhancing firewalls and other defensive measures. Vulnerability assessment is important in a number of industries, including:

  • Government: Security analysts play a valuable role in protecting government data and state secrets. Working with information scientists, they can help debug potential weak points and enhance code to defend against outside infiltration. Analysts also investigate possible breaches while implementing new defensive tactics.
  • Banking and finance: From money to personal information, banks and financial institutions hold a bastion of valuable secrets. These organizations must stay two steps ahead of pirates and hackers and employ security analysts to ensure that all security measures remain robust and that their websites are impenetrable.

Defense planning

Information security analysts can also establish defensive practices to effectively guard information. From establishing firewalls to closing loopholes, security analysts work to keep proprietary secrets safe in a number of fields, including:

  • E-commerce: With tons of product pages and a potentially vulnerable internal mechanism tracking purchases and inventory, e-commerce vendors rely on information analysts to protect their products. Analysts also must prevent hackers from infiltrating into private networks and stealing customer information.
  • Rising startups: new and successful companies will have to ward off infiltration from outside parties looking to profit from in-house ideas. Security analysts in a startup environment will have to construct defensive measures from the ground up.

How much do information security analysts make?

According to the Bureau of Labor and Statistics, the median annual salary for security analysts was $86,170 in May 2012. The bureau projects a 37% increase in jobs by 2022, making this the fastest growing and most financially lucrative position in computer science.

In general, the more experience you have, the higher your salary. Starting analysts should expect to make around $70,000, but this depends on the size and location of a company, as well as the type of information being protected.

Average Salaries, 2012-2014

  • $91,600 2014
  • $91,210 2013
  • $89,290 2012

Source: Bureau of Labor Statistics - OES Archives

States with the Highest Concentrations of ISAs

State Employment per 1,000 people Employment Avg. Annual Salary
Virginia 2.82 10,270 $104,700
Arkansas 1.24 1,440 $59,680
Maryland 1.18 3,020 $101,010
District of Columbia 1.02 690 $105,440
Arizona 0.85 2,160 $83,120

Source: Bureau of Labor Statistics - OES

Pay by Experience

Median Salary

Entry-Level 0-5 yrs $63,000
Mid-Career 5-10 yrs $80,000
Experienced 10-20 yrs $91,000
Late Career 20+ yrs $91,000

Source: PayScale

Top Paying Cities

Avg. Annual Wage

New York, NY $118,830
San Jose, CA $113,510
San Francisco, CA $110,680
Washington, VA $107,980
Edison, NJ $107,080

Source: Bureau of Labor Statistics - OES

How do I become an information security analyst?

A bachelor’s degree in computer science is essentially a prerequisite for a career as an information security analyst, though practical experience and certification from a similar field may suffice. It is never too early to begin education and certification if you’re serious about beginning a career as an analyst.

Below, we’ve made a roadmap that both current students and college graduates can follow as they pursue a position in the field:

I Have Completed my Undergraduate Degree

Decide if you want to earn a second degree

  • Consider your strengths as an analyst and determine if you need further certification to reach your professional goals.
  • Seek out certifications that are equivalent to formal education and can be considered as extra experience.

Talk to people in the field

  • Interview analysts to find out how they fell into their position—was it through formal education, certification, in-field experience or all of the above?
  • Find out why they remain interested in information security and what they believe the future holds for the industry.
  • Discuss whether your past experience and future aspirations are in line with that of an analyst.

Research jobs and set up informational interviews with prospective employers

  • Research Monster, Indeed, Career Builder and other job boards to find opportunities and informational interviews.
  • Specifically research each company’s site to find the history, mission and future direction of the organization.

I’m Currently an Undergraduate

Register for introductory computer science courses and determine your interest in the subject

  • Sign up for introductory classes and evaluate whether you could see yourself working in this field for years.
  • Get to know your classmates and build relationships with your professors.
  • Initiate study groups and start a club for information security analysts on campus.

Research all non-formal education certifications

  • See what certifications can be attained without having formal education and complete them for additional qualifications.

Get field experience early

  • Speak to your academic advisor to explore local job and internship opportunities in the field.
  • Post your information security analyst qualifications on campus and in local stores, offering your services to gain experience and enhance your resume.
  • Keep an eye out for local job fairs. Many college campuses have at least one fair per year and IT companies are always well represented.

Test yourself on possible security breaches and threats to become familiar with network defense planning

  • Find quizzes and tests on the internet that push the boundaries of your knowledge, while also giving you experience in incident response.

Career Advancement

Whether you’re looking to earn another degree or become certified in a specialty of information analysis, there are several ways professionals can expand their knowledge. Certificates help you develop the specialized knowledge that some positions require, and at the very least, offer prospective employers proof of your technical skills.


If you want more information about information security, browse the resources below. Here you’ll find community forums and sources of information interesting and relevant to professionals in the field.