Security analysts help keep computing safe and work to protect computer users from loss, harm and other sorts of damage. They are security support experts who continuously examine an organization's systems, applications, networks, infrastructure and digital communications to look for security exposures or vulnerabilities and, where necessary, remediate or mitigate them.
To do this they run all kinds of scans to conduct software and hardware inventories, and then use the results of those scans to seek out and address inherent security vulnerabilities or issues. Because security is so vital to meeting business goals and complying with mandated protections for confidentiality and privacy, security analysts are Involved in all stages of IT deployment and development. They start at the planning and design stage, provide support during implementation and development, and stay on the job at the end of the lifecycle, monitoring and managing security during the maintenance and upkeep phases for systems and software.
Most security analysts work for computing companies, business, and financial companies or consulting firms. Increasingly, small to medium-sized companies are turning to managed security providers (MSPs) to help them build and sustain proper information security. Thus, a great many security analysts work for such firms, which fall somewhere between the preceding computing company and consulting firm designations where such jobs are to be found.
Essential Skills for Security Analysts
Regardless of how you prepare for a career as a security analyst, here are the skills you should have to develop:
Create and document security policies, including acceptable encryption, acceptable use, data breach response, digital signature acceptance, disaster recovery planning, email and ethics, password construction and use, and so forth (for a complete collection see the SANS Information Security Policy Templates)
Perform security audits and reviews, with the thorough knowledge of best auditing procedures and practices, and enact mitigation and remediation
Understand how to establish and design perimeter security protection and controls, including firewalls, content filters, proxies, intrusion detection and prevention, and more
Understand role-based security, access controls (including physical, software and human security processes and procedures), identity management, authentication and authorization, and proper use of rights and privileges
Be a multi-tasker, with excellent time-management and self-motivation skills
Be an excellent communicator (written and verbal)
Some positions need programming skills and knowledge of databases. You do not necessarily need years of programming or scripting experience to be a security analyst, but it will help.
Must-Have Certifications
Security analysts should consider receiving one or more certifications to prove their strength and get the attention of hiring managers. Many information security certifications are vendor-neutral and recognize skills and knowledge applicable across all facets of the information security field. Here are three of the most popular and sought-after information security certifications.
CompTIA Security+ An entry-level certification for IT professionals with 2 or more years of work experience working in the field. While the Security+ is probably not enough by itself to land somebody a job, it is a valuable first credential in information security to get en route to more serious and useful credentials. Check out CompTIA Security+ Syllabus.
EC-Council CEHA mid-level certification that seeks to train security professionals in recognizing, responding to, and dealing with rejected attempts to break into an organization's networks and systems. Qualified candidates understand hacking practices, networking scanning, and enumeration, malware, system hacking, denial of service attacks, social engineering and other techniques hackers use to penetrate and attempt network and system takeovers. The CEH is a well-respected and reasonably valuable information security certification. Check out EC-Council CEH Syllabus.
(ISC)2 CISSPA senior-level certification for IT professionals who seek a full-time career in information security. CISSPs possessed expert knowledge and skills needed to design, develop and maintain security standards, policies, and procedures for their employees or clients. The ISC2 CISSP has regularly appeared in Top 10 certification lists for highest demand, best-paying, and most valuable, IT certifications since the mid-2000s, and remains one of the most sought-after IT certifications today. Check Out CISSP Syllabus
Surveying Information Security Opportunities
The U.S. Bureau of Labor Statistics says the median annual salary for a security analyst is a whopping $92,700. That is not too low, but that number will rise or sink depending on the business and city where you wind up in this field.
Though demand is strong, looking for work as a security analyst will benefit from spending time searching on job boards such as Monster, SimplyHired, Indeed, and LinkedIn Jobs. You might want to post your resume on such sites, and then create alerts so you will get notified as new security analyst job listings appear. Once your resume has been published, you will also start hearing from recruiters who may bring you Best opportunities at organizations that you may not otherwise hear about. One more thing if you want to work at a particular organization, seek out opportunities by all available means. That translates into visiting its online job board regularly, using your LinkedIn and other networks to ask around about security analyst jobs there, and reaching out to the company's HR folks to make contact and express interest in a security analyst position, should one become available.