northeastern university seal
Information Security Analysts: Who They Are & What They Do

Industry Advice Computing and IT

As our world faces an increasing number of cyberthreats, the need for expert information security analysts continues to rise. Take a look at recent headlines and it is clear just how critical information security analysts are to companies across industries. For example, the latest Yahoo! breach cost the company $117.5 million in a class-action settlement. Furthermore, cybercrime and the associated losses are not going away any time soon. Cybersecurity Ventures predicts that cybercrime will cost the world $6 trillion annually by 2021.

Becoming an information security analyst equips you with job security and many job opportunities, but this career path offers even more. As an expert in the cybersecurity field, you will conduct meaningful work to protect companies and individuals—many of who remain unaware that they are at high risk for data breaches and identity theft. Keep reading to learn more about the role of the information security analyst, including their key responsibilities, career outlook, and the skills and education required to advance in the field.

What Is an Information Security Analyst?

Information security analysts play a crucial role in business because they protect a company’s sensitive and fundamental data. “This is a cyber-defense role,” explains Dr. Jose Sierra, associate director of Northeastern’s cybersecurity graduate program. “I would recommend it for those interested in designing security countermeasures to withstand cyberthreats.”

Download Our Free Guide to Advancing Your Career in Cybersecurity

Learn How to Meet the Growing Demand for Skilled Cybersecurity Professionals.


Key Responsibilities of Information Security Analysts

All information security analysts share the same goal—to protect against and prevent cyberthreats. The exact scope of work varies on the type and size of a company, however. For example, an online company like LinkedIn needs protection against data leaks, whereas working in cybersecurity for the government might mean creating and upholding a secure network that cannot be accessed by outside parties. 

Here are the key responsibilities of an information security analyst.

Monitor Networks for Security Issues

Prevention against cyberthreats constitutes the majority of an information security analyst’s responsibilities. It is easier and less expensive for a company to protect against a threat versus trying to recover from a breach. In order to prevent threats, analysts do the following:

  • Install and use software, such as firewalls and data encryption programs, to protect sensitive information
  • Continually update software and install patches for programs
  • Back up all data 
  • Stay up-to-date on security standards and trends
  • Conduct penetration testing to uncover network weaknesses
  • Fix any detected vulnerabilities 

Recover from Cyberattacks

Ideally, the prevention responsibilities of a security analyst’s job will keep them from having to minimize the damage of a cyberattack. However, in the event there is an issue, the analyst is expected to do the following:

  • Minimize the damage done by an attack
  • Restore data and user functionality
  • Place new security measures to avoid another attack

A cyberattack is bad news for any company. Even if sensitive information is not compromised during a hack, extended system downtime or erratic availability can lose a company a great deal of productivity, money, and future business. 

Train Employees on Security Procedures 

Finally, information security analysts create procedures and rules for a company in order to maintain the level of security designated by leadership. Examples of these rules might include:

  • Requiring complicated passwords
  • Mandating company-wide password updates every few months
  • Forbidding outside programs and/or hardware
  • Authorizing personal laptops and employing two-factor authentication

When all employees are abiding by the same security protocols, it makes it easier for the company to protect themselves from threats. These company-wide rules also help analysts identify where potential threats are coming from inside the workplace.

Career Outlook and Salary

The career outlook for information security analysts is promising. The Bureau of Labor Statistics (BLS) predicts that demand for these roles will increase 32 percent from 2018 to 2028, which is much faster than other careers across industries.

There are also many career opportunities for analysts in almost every field, as most (if not all) organizations need cyber protection in this time of ever-increasing tech and online business.  Here are a few examples of potential employment paths for information security analysts:

  • Industry: Tech giants, including Google, Facebook and LinkedIn depend on information security analysts to protect their sensitive data and prevent hacking. The financial industry is also a large sector that needs information security analysts to protect an individual’s financial data from the dark web. 
  • Government: Cybersecurity analysts are needed at all government levels, from a city to a worldwide scale. Government-controlled companies like NASA, Northrop, and Lockheed employ information security analysts to uphold security protocols and keep sensitive material confidential. 
  • Nonprofit: Even charities and nonprofit companies need expert information security employees to protect them from outside threats. Many nonprofits collect delicate information, and a security breach would leave them liable. 

In addition to enjoying flexibility in where they can work, information security analysts also earn an attractive salary. The average annual wage for information security analysts was $98,350 in May 2018, with the highest 10 percent earning more than $156,580. 

Required Skills and Education

“Due to the great spectrum of security threats, it is very important to have a very solid understanding of the information systems security aspects,” says Dr. Sierra. “There is a huge variety of threats and this is amplified by a highly interconnected system, so these professionals need to understand the whole picture in order to identify the cyber risk that may affect them.” 

Along with having a concrete understanding of information systems, security analysts should also have these top skills:

  • Analytical skills to identify current or potential security problems
  • Communication skills to inform a company of issues and delegate security protocols
  • Cryptography skills to protect the company even with many employees accessing the network
  • Risk management skills to develop and uphold information security policies 
  • Creativity to always be one step ahead of a hacker
  • Detail-oriented in order to track down potential threats
  • Incident response capabilities and the ability to fix reported problems in a timely manner
  • Strong diagnostic skills to identify the source of a problem
  • Ethical hacking skills to discover the company’s network weaknesses before a hacker

Many of these skills, such as being an analytical person or possessing strong communication skills come naturally to some. However, most of the information security skills needed to succeed require advanced learning and practice that can be gained by pursuing an advanced degree. 

Dr. Sierra concludes that, “what makes a very good security analyst is their ability to design effective and efficient protections” in the environment they are placed in, whether that be in a small business or large, government program.

Becoming an Information Security Analyst

You can advance your career by having cybersecurity expertise rather than a broader understanding of information technology. A great way to demonstrate your expertise in the field is with a Master of Science in Cybersecurity. An advanced degree in cybersecurity teaches the core knowledge that information security analysts need to know to protect the company they work for. Students learn the different cyberthreats present in the workplace, as well as how to safeguard against them. Students will also learn about ethical hacking as a way to pinpoint any weaknesses within their company’s network in order to strengthen them against outside attacks.

Some programs offer flexible options, allowing IT professionals to further their experience and knowledge while balancing work and personal commitments. For example, Northeastern’s MS in Cybersecurity program allows students to enroll full-time or part-time and offers the option to study online, on-campus, or in a hybrid format to suit their needs and preferences. 

If the role of an information security analyst sounds like the right path for you, download our free guide to breaking into or advancing your career in cybersecurity. 

Download Our Free Guide to Advancing Your Career in Cybersecurity” width=