Security Analyst

What Do Information Security Analysts Do?

Information security analysts protect computer networks at companies, nonprofits, and government agencies. They work in computer systems design services, as well as in finance, insurance, and administration support services. To become an information security analyst, individuals typically need a bachelor's degree in information technology or another computer-related major. Employers sometimes prefer candidates who hold a master's degree.

The BLS projects 28% employment growth in the field of information security analysis from 2016 to 2026.

Information security analysts oversee computer network systems to stave off potential security breaches. They maintain systems by updating software and recommending security updates to management. Information security analysts also work one-on-one with employees to help them understand new programs and hardware. With the growing prevalence of hackers, more companies need information security analysts. The Bureau of Labor Statistics (BLS) projects 28% employment growth in the field of information security analysis from 2016 to 2026, much faster than average. This guide covers how to become an information security analyst, what you can potentially earn, and how to advance your career.

Key Skills

Information security analysts must build certain skills and knowledge in order to implement security solutions and protections. They gain these skills from different avenues. College provides them with foundational knowledge. Graduates then apply this knowledge on the job, where they receive further training. Information security analysts can also further their education after graduation through certifications and continuing professional education courses. Below, we detail some of the most commonly needed skills to become an information security analyst, according to

Project Management

Information security analysts need excellent project management skills to help them stay organized. Project management skills include overseeing teams who collect data and monitor systems to look for security threats. A successful information security analyst needs solid communication skills to see projects through from inception to completion.

Security Risk Management

An information security analyst must monitor activity and determine the difference between permissible and impermissible risks. Through security risk management, an these analysts can identify high- and low-level security risks.These professionals then create strategies to effectively address these threats.

Tableau Software

Tableau Software, a business intelligence and analytics software program, helps information security analysts understand their data and allows them to share content. Some information security analyst degrees include courses on this data visualization software, or graduates can take Tableau certification courses.


Cybersecurity is a fundamental skill required of all information security analysts. Every company needs a cybersecurity expert who understands risk management and mitigation. Information security analysts with solid cybersecurity skills often hold certifications, such as CompTIA security+, certified ethical hacker, and certified information systems security professional. They also must have a background in IT fundamentals and coding.

Network Security Management

Network security management involves implementing strategies to improve the security of a company's computer system. Proper management involves consistently testing new security software and responding promptly to potential risks. Network security managers oversee teams of IT specialists and analysts. These professionals must translate computer-related problems to upper management.

Security Testing and Auditing

Information security analysts perform security testing and audits to identify vulnerabilities in the infrastructure of computer networks. These analysts conduct these processes as preventative measures to determine the strength of the IT system's defenses and expose and resolve any weaknesses.

IT Security and Infrastructure

Information security analysts must know how to navigate their company's IT infrastructure, including firewalls and routers. They monitor the computer system's infrastructure and traffic on a continual basis to find security breaches and potential risks. Information security analysts provide solutions, such as configuring security tools, when vulnerabilities threaten IT security and computer infrastructure.


Areas of Security Analysis

Information security analysts are essential employees in any data-driven organization. Some areas of expertise include banking and financial services, government agencies and public and private healthcare companies. According to U.S. News & World Report, “information security analysts that are compensated the best work in the securities and commodity contracts intermediation and brokerage industry.”

How Much Do Information Security Analysts Make?

The salary of an information security analyst varies based on several factors, including a candidate's level of prior work experience. Entry-level information security analysts make a median salary of around $64,600 per year, according to PayScale. Meanwhile, established information security analysts with 20 or more years' experience make a median annual salary of over $94,800. Other variables that influence pay include level of education, location, and industry.

Average Salary of Information Security Analysts by Job Level

Entry-Level (0-5 Years) $64,600
Mid-Career (5-10 Years) $80,200
Experienced (10-20 Years) $91,100
Late-Career (20+ Years) $94,800
Source: PayScale

How Do I Become a Information Security Analyst?

Earn Your Degree

To work in the field, graduates typically need a minimum of a bachelor's degree in computer science or another computer-related field. Graduates do not necessarily need to hold a degree specializing in information security analysis, and for certain entry-level jobs only require an associate degree or certification. While graduates can find work with a bachelor's degree, an advanced information security analyst degree can help graduates land management positions with more responsibility and higher salaries.

Graduates can also take certification courses after college in information security analysis to boost their skills and competitiveness on the job market. To earn a bachelor's degree in computer science, students can take courses the traditional way by attending classes on campus or they can opt for online classes which can allow them to continue working full time.

Gain Experience

Most employers prefer hiring information security analysts who have some relevant IT work experience. For new graduates, this can pose a challenge. Those with less work experience can customize their resumes or CVs to highlight their skills rather than their limited work experience.

Furthermore, many bachelor's programs provide students with internship opportunities where they can gain valuable work experience. Some programs feature internships built into the programs, requiring students to complete field work for class credit. In addition to internships, graduates can obtain certifications and take continuing professional education courses to enhance their resumes.

Earn Credentials

Earning certifications can bolster a graduate's resume. Employers often indicate the specific certifications they prefer an information security analyst candidate to have, but employers do not always require these certifications. Many employers see certifications as a bonus rather than a prerequisite.

Graduates can stand out by earning certifications in specialty areas. Students can find these certifications online through professional organizations. Popular certifications employers look for include the certified information systems security professional, certified ethical hacker, certified information security manager, certified information systems auditor, and GIAC certified intrusion analyst certification.

Certifications boost an information security analyst's salary potential and employment opportunities, since employers value specialized training. To learn about more certifications available to information security analysts, visit the International Information Systems Security Certification Consortium, known as (ISC)².

Types of Careers in Information Security Analysis

Information security analysis professionals can pursue a variety of career options, depending on their education level. To obtain an entry-level position in information security analysis, candidates typically need a bachelor's degree. However, some positions, such as network and computer systems administrator, only require an associate degree or certification. Other jobs may require work experience and a master's degree. The field offers many lucrative positions for candidates of all educational backgrounds.

Information Security Analyst

Information security analysts implement measures to safeguard a company's computer system. They install firewalls and data encryption programs to protect information. They also keep up to date on security trends and provide reports to management on any cyberattacks. On a regular basis, they carry out audits and tests to look for system weaknesses.

Degree Level and Experience Required

Bachelor's degree; less than five years of IT work experience

Median Annual Salary


Computer Systems Analysts

A computer systems analyst serves as a liaison between the IT department and management. They streamline computer system processes and improve functionality. They specialize in specific computer systems, such as financial systems or government systems. They keep abreast of new technologies and determine whether or not a company should update its systems.

Degree Level and Experience Required

Bachelor's degree; some employers consider candidates with business or liberal arts degrees if they have experience in computer programming or IT

Median Annual Salary


Computer Network Architects

With security measures in mind, computer network architects design and build networks which connect two or more offices. They map out personal area networks, campus area networks, local area networks, and wide area networks. They work with organizations to execute their business ideas and they help businesses upgrade their hardware and software.

Degree Level and Experience Required

Bachelor's degree; 5-10 years of IT work experience

Median Annual Salary


Computer and Information Systems Managers

Computer and information systems managers, also called IT managers, manage and maintain computer systems within organizations, government agencies, and companies with a focus on security. They work for computer systems design companies and finance and management companies. They implement software and hardware upgrades and negotiate prices with vendors.

Degree Level and Experience Required

Bachelor's degree or master's, depending on the employer; up to 15 years relevant work experience, depending on the employer.

Median Annual Salary


Network and Computer Systems Administrators

Network and computer systems administrators handle the daily operations of computer systems for computer systems design, education, finance, and management companies. They often specialize in certain fields, such as IT or databases. These professionals maintain overall system security and train employees to use new software.

Degree Level and Experience Required

Bachelor's degree or associate degree, depending on the employer

Median Annual Salary


Where Can I Work as a Information Security Analyst?

Information security analysts work in many different settings and locations. Most work in computer systems designs companies in metropolitan areas. However, information security analysts can find work in any area of the country. Where you live and the sector in which you work impact your salary and career advancement opportunities.


The highest concentration of information security analysts can be found in the Washington, D.C. metropolitan area, according to the BLS. New York has the next largest concentration with 5,320 employees. Where you decide to work ultimately affects your salary, cost of living, and quality of life. While these metropolitan areas pay more, they do also tend to come along with higher costs of living and denser populations.

Metropolitan Areas With the Highest Employment Level of Information Security Analysts

Location Employment Median Salary
Washington-Arlington-Alexandria, DC-VA-MD-WV Metropolitan Division 12,220 $114,340
New York-Jersey City-White Plains, NY-NJ Metropolitan Division 5,320 $130,360
Minneapolis-St. Paul-Bloomington, MN-WI 3,200 $95,650
Chicago-Naperville-Arlington Heights, IL Metropolitan Division 3,030 $99,290
Dallas-Plano-Irving, TX Metropolitan Division 2,990 $91,610
Source: BLS

Top-Paying Metropolitan Areas for Information Security Analysts

Location Employment Median Salary
New York-Jersey City-White Plains, NY-NJ Metropolitan Division 5,320 $130,360
Newark, NJ-PA Metropolitan Division 1,140 $121,690
Oakland-Hayward-Berkeley, CA Metropolitan Division 570 $120,040
San Jose-Sunnyvale-Santa Clara, CA 1,170 $119,790
San Francisco-Redwood City-South San Francisco, CA Metropolitan Division 1,650 $115,240
Source: BLS


Information security analysts work in a variety of settings. The most common setting is in computer systems design companies, where 28% of these professionals find employment. However, other sectors, such as finance and insurance, also need highly skilled information security analysts to secure and maintain their computer networks. Each sector has different employment and qualification requirements which may or may not suit your career goals. While some positions may provide more autonomy, others may require more interaction with management and employees.

The Five Largest Employers of Information Security Analysts

Setting Percent Employed Median Annual Salary
Computer Systems Design and Related Services $98,100
Finance and Insurance $97,680
Management of Companies and Enterprises $90,940
Information $96,250
Administrative and Support Services $91,510
Source: BLS

Continuing Education for Information Security Analysts

In a field that constantly changes, information security analysts need to pursue continuing education courses to keep up with evolving technology. Continuing education comes in many different forms. Information security analysts can make themselves more valuable to companies by pursuing certifications such as the certified ethical hacker, chief information security officer, or certified computer forensics examiner. Many information security analysts join professional organizations, such as the Information Security Association, where they can attend meetings and conferences to earn continuing education credit.

How Do I Find a Job in Information Security Analysis?

New graduates almost always have less work experience than veteran employees. Colleges, however, offer various forms of career support to students, both before and after graduation. Many computer science or related bachelor's degrees include internship opportunities in the junior year of the program. Internships allow students to make industry connections and possibly find work opportunities for after graduation. Campuses also host career fairs, where students can meet recruiters. Alumni associations can also help new graduates network and find employment. Students can also use sites such as LinkedIn to make professional connections and search for jobs.

Professional Resources for Information Security Analysts

Professional Organizations

  • International Information Systems Security Certification Consortium (ISC)2 serves as an international cybersecurity and IT security organization dedicated to helping working professionals continue to learn and grow in their careers. The organization offers several industry certifications.
  • Information Systems Security Association Founded in 1984, ISSA offers a community for cybersecurity professionals “to promote a secure digital world” through international conferences and local chapter meetings. Members can access continuing professional education opportunities and job boards.
  • ISACA Founded in 1969, ISACA now has 140,000 members from 180 countries. The organization provides practical advice and services for working professionals. ISACA offers students and recent graduates the opportunity to connect with industry leaders and obtain certifications.
  • Cloud Security Alliance Founded in 2009, CSA promotes the best ways to secure cloud computing. CSA, which has 90,000 members, provides a consulting program and the CSA security, trust, and assurance registry certification.

Professional Development

  • Federal Information Systems Security Educators' Association Founded in 1987, FISSEA helps improve information security within federal agencies. The association provides educational information about industry hardware and publishes research data to educate information security professionals.
  • International Association for Cryptologic Research A nonprofit designed to promote cryptology research, the IACR offers members access to its publications and opportunities to connect at conferences. The association also provides awards and features job opportunities. The website also hosts a Ph.D. database, where users can access doctoral research.
  • Cyber, Space, & Intelligence Association CSIA began in 2011 to foster communication among information security professionals working in different sectors. CSIA, along with Cyber Threat Alliance, provides recommendations for government agencies on how they can improve computer security.
  • The SANS Institute The SANS Institute offers working professionals in-person and online training opportunities and numerous certifications. The institute's website also features various information security resources, including a reading room and webcasts.

Finding a Job

  • CyberSN Job Board Find cybersecurity jobs across the nation on the CyberSN job board, which operates in partnership with the cybersecurity network. Job seekers may apply for jobs for free through CyberSN, which features jobs in 35 different categories.
  • Job seekers can find open positions around the country by plugging in their skill set, job title, or keywords. The website also features job fairs and career resources, such as news articles and training resources.
  • Cyber Seek The Cyber Seek Cybersecurity Career Pathway offers an opportunity for industry professionals to learn more about pathways within the industry. The program allows users to see the detailed credentials and other skills needed to advance in the information security field.
  • LinkedIn This social network features more than 35,000 jobs in cybersecurity for job seekers at all career levels.

Continuing Education

  • Global Information Assurance Certification Founded by the SANS Institute, GIAC offers practical and technical certifications in everything from cyber defense to industrial control systems. The website also features a search function where users can find certification professionals by name.
  • EC-Council EC-Council offers continuing professional education classes and certifications for working professionals. The website also features an events calendar, blog, webinars, resources, and consulting services for companies seeking information security specialists.
  • CompTIA CompTIA, a global tech association, provides foundational IT, networking, and information security certifications. Individuals at all levels can find continuing education courses that suit their career plans.
  • Center for Internet Security CIS, a nonprofit devoted to improving cybersecurity, has offered training courses for 50 years. CIS offers seminars on topics such as cyber risk insurance, threats, and best practices.