How to Become a Cyber Security Analyst: An Overview of Career Paths
In our modern world, a data breach is a real-world nightmare. Countless industries — from healthcare to finance and government — run on sensitive customer data. The prospect of losing that data, or worse, leaving consumers vulnerable to a cyberattack or identity fraud, is enough to keep a business leader up at night.
If businesses want to protect their information and systems from digital criminals, they need a robust team of savvy information security specialists. Their need is your gain; there has never been a better time to figure out how to become a cyber security analyst and start building your career in the field.
Sounds easier said than done, right? Well, not to worry — in this article, we’ll cover the steps necessary to become a cyber security analyst (CSA) as well as potential career paths, additional certifications, and job outlooks. If you’re a motivated and independent problem solver with a passion for technology, read on! This could be the career for you.
1. Get Educated
Generally speaking, those wondering how to become a cyber security analyst will need to have an undergraduate degree or an equivalent education via a cyber security bootcamp.
According to CareerOneStop, well over half (67 percent) of information security analysts have a bachelor’s degree or higher. Those who prepare for their cyber career through college often study information technology, computer science, or a similar field. Some colleges and universities may also offer specialized cyber security degrees for students who already know they want to pursue a cyber career path. For more senior professionals who already have their undergraduate degrees, enrolling in a specialized Master’s program is also a viable option.
That being said, a formal degree in a technical field is not necessary for all aspiring cyber security professionals. With hard work, anyone can educate themselves on industry-specific skills and pivot into security. Doing so isn’t uncommon in cyber; according to the Enterprise Strategy Group’s Report on The Life and Times of Cybersecurity Professionals (PDF, 1.2 MB), 23 percent of surveyed cyber security professionals started their careers in a non-IT field.
“Sometimes it’s perceived that the only way of entering cyber security is through the technical door, but that’s not the case,” said Deborah Hurley, who started her career as a lawyer before entering into cyber security. “Whatever a person’s talent, with people, administration, management, education, or technology, there is almost certainly an aspect of cyber security for which their skills and experience are needed.”
Of course, even these cross-industry pros will need some grounding in cyber security basics. Rather than upskilling via a four-year college program, such professionals might be better served by opting for alternative learning options such as cyber security bootcamps or self-directed learning.
Alternative Paths: Upskilling Via a Bootcamp
A bootcamp is a short, intensive program that focuses on providing aspiring cyber security professionals with the skills and knowledge they need to enter a new industry within months. For those in cyber security, a bootcamp presents an opportunity to learn how to thwart common types of cyberattacks, gain experience in industry tools, and learn methods of communicating with a business or organization about cyber security.
Most bootcamp programs are flexible, held in virtual environments, and run part-time to accommodate students’ existing jobs or schedules. During these programs, you’ll learn how to protect data, administer and harden systems, get a grounding in programming, and explore potential career opportunities. For the most part, a cyber security bootcamp does not require any prior knowledge, though some may include mandatory pre-course tutorials to get new students up to speed.
Get Program Info
Alternative Paths: Upskilling Via Self-Directed Learning
Strictly speaking, those figuring out how to become cyber security analysts don’t need formal training to enter the field. Motivated individuals who want to learn cyber security according to their own schedule and pace can do so through self-directed learning.
This approach is flexible and can theoretically be done for free, though it does require a high level of accountability. Self-directed learning can also supplement existing studies and allows students to tackle areas that interest them. This approach is also ideal for professionals looking to earn one or more certifications.
Because this route requires learners to cobble together a workable curriculum from online courses, books, and other resources, self-directed learning is usually only feasible for those who already have some knowledge about cyber security topics. Those who require more structured learning environments or external motivation may be better off enrolling in a coding bootcamp or college program.
2. Build Your Soft Skills
While cyber security is a very technical field, many of the skills required to succeed are not.
The best cyber security analysts are well-versed in soft communication skills. All of the technical knowledge in the world isn’t useful if an analyst cannot articulate to an executive how or why changes need to be made. Cyber security analysts might also be expected to give presentations to staff members on cyber security best practices or run company-wide education programs.
There is no one correct way to build better soft skills; however, any attempt to do so should involve self-reflection and the willingness to accept feedback from others. Some programs, online and otherwise, offer professional development training to build soft skills. However, it ultimately comes down to your ability to listen to others and adapt accordingly.
5 Soft Skills That Could Land You a Cybersecurity Career — Nextgov
The Must-Have Skills for Cybersecurity Aren’t What You Think — TechTarget
How to Improve Your Soft Skills in the Workplace — Indeed
3. Get On-the-Job IT Training
While aspiring cyber security pros may not need formal college degrees to make their industry debut, they will need some practical experience working in IT.
A workforce study conducted by (ISC)2 (PDF, 1 MB) found that the average cyber security professionals have served in an IT role for 13 years, with seven of those years spent on cyber security initiatives. In addition, having a solid understanding of IT systems can help aspiring professionals make the transition into a more dedicated cyber security role.
If you’re in a role unrelated to IT but are interested in becoming a cyber analyst, consider gaining the IT experience necessary through an internship, or a part- or full-time job. Working in IT gives you an excellent starting point to pivot careers. Not only that, but 49 percent of employers surveyed in the (ISC)2 study indicated that relevant work experience was one of the most essential qualifications for employment.
4. Invest in Certifications
Whether you’re advancing your career or hoping to land your first job in cyber security, earning certifications can help you look better to potential employers. In fact, cyber security certifications were listed as one of the most important workplace qualifications in the aforementioned (ISC)2 study, at 43 percent. (For contrast, an undergraduate degree was only prioritized by 20 percent of respondents.)
For the most part, bootcamps and college programs do not offer certifications as part of their curriculum. However, the skills they teach can provide the basis for a cyber security professional looking to invest in future certifications. Due to the constant development of the industry, many also require regular renewal.
Some of the most marketable certifications are as follows:
CEH: Certified Ethical Hacker
Constant adaptation by cybercriminals forces cyber security professionals to adjust even further. Some businesses ask cyber professionals known as “white hat” hackers to survey their systems for vulnerabilities by hacking them. Ethical hackers put their knowledge of common cybercrime techniques to use; a CEH certificate is a shorthand for these specialized skills.
CISM: Certified Information Security Manager
This is a certificate aimed at IT professionals who oversee information system security. A CISM is well-versed in the best practices of auditing, controlling, and securing these systems. This certification is designed for established security professionals. Generally, those who apply for CISM certification require at least five years of experience and a written application.
Security+ is a vendor-neutral security certification renowned for its coverage of a variety of topics, including threat management, cryptography, security infrastructure, and identity management. CompTIA requires that those attempting to earn this certification first earn their Network+ certification and accrue two or more years of experience in security-relevant IT.
5. Apply for Entry-Level Cyber Security Analyst Jobs
After finding an educational path that fits your lifestyle and background, you’ll be ready to pursue an entry-level job as a cyber security analyst. To do so, you’ll want to update your resume and portfolio to reflect your current experience, skills, and interests.
Finding a job as a cyber security analyst will likely look different across industries. You can put your best foot forward by researching requirements in various fields and tailoring your application materials to match the job posting at hand. If you’re coming from another sector, you may also want to trim down your resume to focus on your experience in cyber security. Collect work samples from past courses, internships, and/or independent study to build your professional portfolio.
When conducting a job search, keep your goals in mind. These can include requirements for salary as well as location, hours, and benefits. With a large number of cyber security jobs on the market, you can take your time and find a role that fits your needs and intended career path.
Cyber Security Resume—Examples and 25+ Writing Tips — Resume Lab
How to Build a Professional Portfolio — The Balance Careers.
How to Write a Cover Letter: The All-Time Best Tips — The Muse
What Does a Cyber Security Analyst Do? Common Roles and Responsibilities
The answer to “What does a cyber security analyst do?” is a little complicated.
While most cyber security jobs require a similar suite of skills, you may find that the exact roles and responsibilities for a cyber security analyst vary across organizations. In general, a cyber security analyst’s primary directive is to keep proprietary, sensitive, and personal information safe, be it for a government agency, nonprofit, or corporation.
A cyber security analyst spends their time examining data and reports to identify potential risks to a company’s infrastructure and eliminate vulnerabilities. Analysts work closely with other IT staff to monitor networks and systems for attacks, update software and security measures, and test systems for weak points. Cyber security professionals also serve as advisors to a company, even running training programs to educate staff on how to conform to company security standards.
Common Job Descriptions for Entry-Level Positions
Entry-level cyber security jobs come with a variety of titles and specializations. The below cyber security job descriptions might give you a sense of what to expect when you start your job hunt.
Analysts handle the preparation for and response to cyberattacks. They also survey for security system flaws and coordinate with other departments to develop new policies. An experienced security analyst might step into a security manager role and direct subordinate analysts on how to carry out new initiatives and respond to breaches.
Incident responders specialize in investigating security breaches and other threats. Responders also use digital forensics to figure out what happened and develop a plan for mitigating similar attacks in the future.
Cryptographers are specialists who use algorithms and ciphers to develop security solutions. These fixes typically involve the encryption of sensitive data to hedge against intrusion or theft. A thorough knowledge of statistics is essential for such a role, as cryptographers must create mathematical models during their analysis of cyber security threats.
Career Paths in Cyber Security (and Required Skills)
As you gain experience and develop a more thorough understanding of cyber security principles and skills, you may find yourself in a position to pursue more advanced roles in the industry. We’ve listed a few potential cyber security career paths below. Keep in mind that the following pathways each come with their own challenges, requirements, and opportunities.
Cyber Security Manager/Administrator
If you like the idea of overseeing a staff of cyber security experts, you may want to pursue an eventual career as a cyber security manager or administrator. Most individuals in this role have prior experience serving as an analyst or consultant and know how to manage information systems. Administrators should be expert communicators and leaders who can manage their teams while spearheading new company initiatives.
Cyber Security Engineer
If you’re interested in building new cyber security solutions, becoming an engineer could be the best path for you. “Engineer” is a broad term, though expertise in information security, network security, and technical knowledge of Linux and Python are all necessary. Depending on the job, you might be required to both build and operate your own systems.
Cyber Security Architect
Similar to the engineer role listed above, cyber security architects are responsible for planning out an organization’s information infrastructure. This is a role for seasoned security professionals; architects may build systems from scratch or rework existing ones to conform to ever-evolving security best practices.
Salary & Job Outlook for Cyber Security Analysts
If you’re wondering how to become a cyber security analyst, there’s a chance you know about the current shortage of cyber security professionals in a variety of industries. According to a workforce study conducted by (ISC)2 (PDF, 1 MB), many organizations are currently relying on their existing IT staff to secure critical information without hiring dedicated cyber security teams. In fact, 59 percent of surveyed respondents stated that their organization is at “extreme or moderate risk” due to a lack of cyber professionals.
These circumstances might be dire for organizations — but they are excellent for aspiring cyber security pros.
According to the U.S. Bureau of Labor Statistics, job opportunities for information security analysts — a job title heavily related to or even synonymous with that of cyber security analysts — are on track to grow by a whopping 31 percent by 2029. To put this number in perspective: the average growth for all other professions is just four percent. Information security analysts also earned a median salary of $99,730 in 2019. However, it is important to remember that a number of factors can influence a person’s salary, including years of experience, knowledge of in-demand skills, and the size and type of the company.
New cyber professionals certainly won’t be without well-paying options as they begin to seek out employment; in fact, one 2017 report (PDF, 1.2 MB) found that almost half (49 percent) of surveyed cyber professionals are asked to consider other security jobs from outside employers at least once per week.
Across the country, tech hubs are drawing in an increasing number of cyber security professionals. Colorado in particular has experienced a boom in cyber-relevant jobs. It is currently listed as the state with the fifth-highest concentration of information security analyst jobs, specifically in the area in and around Colorado Springs.
Why Become a Cyber Security Analyst?
With a need for new security talent becoming ubiquitous across many industries, it’s a great time to get into cyber security. Even for those in an unrelated career, numerous avenues for becoming a cyber security analyst are available.
If you’re wondering how to become a cyber security analyst, you can make your dream a reality. Consider the case of Soheil Mirzaei, who moved from Tehran to Denver, Colorado, where he pursued his passion for cyber security in a bootcamp and ultimately managed to leverage his skills into a successful career.
You can make the same switch — all it takes is passion and the willingness to commit to your education. Don’t wait; start today! University of Denver Cybersecurity Boot Camp offers learners a means of building the foundational skills they need to get started in the field. All you need to do is enroll.