Cybersecurity analyst is a common starting position in the cybersecurity field and provides an excellent launchpad for loftier career goals with job titles like cybersecurity architect, solutions implementation engineer, and cybersecurity engineer.
In this post, learn more about what it looks like to spend your day defending computer networks against cyber attacks and how to successfully navigate your cybersecurity career.
Cybersecurity Analysts: The First Line of Defense Against Hackers
Every organization has secrets. Proprietary information makes a business run successfully, while personal data enables a business to provide its goods or services to clients and customers. Cybercriminals can hold this sensitive data ransom for large sums of money. Even if the organization finds a way to avoid paying the ransom, they will pay in terms of reputation when the public learns about the data breach.
A cybersecurity analyst scours a company’s programs, applications, security systems, networks, and more to identify any defects or flaws that could leave this information vulnerable. Then, they communicate with leadership and employees to improve security measures across the business.
Cybersecurity isn’t always about disaster recovery; the field is an apt example of the saying “the best offense is a good defense.” Instead of solely responding to cyber attacks, the daily responsibilities of a cybersecurity analyst will typically be more proactive, engineered to avoid security issues before they even happen. The job description includes:
- Developing policies, procedures, and best practices
- Training employees
- Encrypting data
- Maintaining systems, software, firewalls, and operating systems
- Monitoring networks and network access
- Risk analysis
- Ensuring compliance with regulations
- Developing security plans
- Researching the latest trends in security and IT (which are constantly evolving)
Of course, it’s also part of the job to identify and respond to external threats such as malware, ransomware, hacking, phishing, or social engineering attacks and leaking of sensitive information. There is a lot to learn, so be patient: You will have to cut your teeth before advancing to more hands-on roles like ethical hacking and penetration testing.
"The more time you take to practice and refine your craft, the more successful you're going to be.”
“A common misconception is that it takes a long time to get started in cybersecurity and you’ve got to know a lot about everything,” said Jonathan S. Weissman, senior lecturer in the Computing Security Department at Rochester Institute of Technology (RIT) and instructor for RITx’s MicroMasters® Program in Cybersecurity.
“There is some degree of truth to it, but it's a gradual process. It's not all at once. And if you want to do it right, of course, you've got to do that slowly but steadily. The more time you take to practice and refine your craft, the more successful you're going to be.”
High-Growth Job Outlook, Climbing Salaries
Cybersecurity skills are in high demand. Because digital threats have grown rapidly in recent years, the job outlook is strong, with thousands of opportunities paying an average salary between $70K to $100K per year or even more. Cybersecurity positions are expected to continue on a growth trajectory, expanding by 29% by 2030.
According to the US Bureau of Labor Statistics, the median annual wage for information security analysts was $103,590 in May 2020, while network and computer systems administrators typically earn a bit less ($84,810 annually, on average, in the US).
Cybersecurity Analyst Baseline Skills
As a cybersecurity professional, you have the option to work in a wide variety of fields: Corporate databases, banking and office networks, military intelligence, and more. But for any of these, you will need to learn critical cybersecurity hard and soft skills to succeed.
“A security mindset makes you go through the world a little bit paranoid, which is how we have to be,'' said Aspen Olmsted, adjunct professor at New York University’s Tandon School of Engineering and instructor for the Cybersecurity Fundamentals MicroBachelors® Program from NYUx.
“We say in cybersecurity, ‘trust no one.’ Once you get into that mindset, you start to see vulnerabilities everywhere, and that comes back to the ethical side of it. Once you see these vulnerabilities everywhere, you can't take advantage of them. You have to have the ethical framework that your job is to make the world better, because you've opened up a lot of opportunities to cheat the system.”
5 Steps to Become a Cybersecurity Analyst
Whether or not you have IT experience, there are cybersecurity certifications and skills you can gain to get your foot in the door for a job opportunity like cybersecurity analyst. From there, you can learn and grow into almost any role in the industry.
While it’s a common misconception that you must have extensive technical knowledge to enter the field, soft skills can be equally, if not more, valuable than a technical background. Here are some steps you can take to start moving closer to your career goals.
1. Build Foundational Knowledge
- A traditional four-year bachelor’s degree, while helpful, is not required to get started; most employers value certifications and work experience much more highly. If you have a background in information systems, you’re well positioned to pivot into cybersecurity, where 79% of professionals started out in IT, according to an ESG study, and making that leap could net you a 9% pay increase.
- If you do choose to further your education, aim to get a degree in cybersecurity, information technology, mathematics, computer science, or a related field. Most cybersecurity analysts have one of these degrees, although you can get a job with certifications and training, or if you’re coming from a background such as the military.
2. Get the Proper Certification
- “Certifications are more important than degrees in IT, and that’s even more true in cybersecurity,” said Terrell Seaines-Taylor, an IT systems engineer at edX.
- Every cybersecurity role is unique, and different employers may have different requirements even for the same type of role. The CYSA+ Cyber Security Analyst certificate is one of the most common certs you’re likely to need. Here are a few other starting points. Wherever you choose to begin, recognize that no certification is ever wasted in this field; it certainly never hurts to have them even where they aren’t required!
3. Gain Experience
- You don't need years of experience to get an entry-level cybersecurity position. Having a background in IT or the military counts as experience.
- If you have room in your schedule, it can be wise to find an internship to overlap with your studies. This lets you apply new skills right away in a real-world setting.
- Attending conferences and connecting with fellow professionals isn’t just about making connections, although that’s a big part of it. Another benefit of networking is staying updated on the latest trends and opportunities. In a fast-paced, constantly evolving industry like this, any tool that can help you keep a finger on the pulse is worth your time and energy.
5. Gain or polish relevant skills
- While it benefits you to have a healthy list of certifications on your resume, combining those qualifications with coursework or an internship gives you an opportunity to practice what you’re learning in a team setting with simulations and projects that enable you to put your technical skills to the test and learn from both teachers and peers.
- Cybersecurity requires constant, lifelong learning. Emerging threats will require professionals in this field to learn or develop new tools and strategies.
"Be ready to learn, and learn a lot."
“Be ready to learn, and learn a lot,” advised Seaines-Taylor. Weissman agreed: “Degrees, certifications, and MicroMasters® program certificates are great for getting that interview and getting your foot in the door. But actually maintaining a cybersecurity career requires a lot of blood, sweat, and tears.”
Cybersecurity Analyst: The Start to an Exciting Career Path
A typical cybersecurity career path is not linear, but it does have stepping stones.
“If you have a little bit of experience you can start anywhere,” said Weissman. “You're not going to be given the keys to the castle at the very beginning of your career for obvious reasons. Because you are new and you are still a little untrained, and you are a little rough around the edges.” The ability to learn, grow, and constantly reinvent yourself will be key to staying relevant and advancing in cybersecurity, Weissman said.
"If you have a little bit of experience you can start anywhere."
Your cybersecurity career path will likely begin with a role like cybersecurity associate or analyst, where you’ll spend your days looking at network traffic that’s coming in from outside the organization. Other entry-level positions include cybersecurity specialist/technician, cybercrime analyst/investigator, incident analyst/responder, or even an IT auditor.
Then, you may advance to a role like penetration tester, where you will look for ways to break the systems you previously worked to build and defend. By discovering vulnerabilities, you can help your employer shore up its defenses for when the real attackers come knocking. You can also grow into roles like cybersecurity consultant, manager or administrator, cybersecurity engineer, or cybersecurity architect.
Wherever your career path takes you, learn more about how edX courses and programs can help you get there.