How to Become a Cybersecurity Analyst

We examine all you need to know about cybersecurity analyst skills, jobs, education, training, and potential salary.

Reading Time 10 mins

Now more than ever there is an increased demand for information security. If the U.S. government has countless vulnerabilities, it’s safe to say your average private business does, too.

And while sensitive data leaking is almost always a bad thing (Edward Snowden would like a word), it’s also produced lots of lucrative demand for cybersecurity experts.

Penetration testers, compliance analysts, threat intel analysts, cybersecurity engineers, and many other cyber job titles see higher demand now than they ever have. And even despite a COVID-19 economic downturn, there’s no slowing down in sight.

Many of these jobs fall under what you’d call ‘cybersecurity analysts,’ the people whose job it is to keep our data safe from intruders.

  • But what exactly do cybersecurity analysts do?
  • What are their responsibilities?
  • What skills do they need?
  • How much do make?
  • What’s the future job outlook?

And most importantly: how do you become a cybersecurity analyst?

Header: ladybugs

What is a cybersecurity analyst?

Broadly, ‘cybersecurity analyst’ refers to people responsible for monitoring computer infrastructure, databases, computer networks, and information networks to ensure they’re protected. Sometimes also referred to as information security analysts or threat intel analysts,  cybersecurity analysts are tasked with many things:

  • Triaging security incidents
  • Developing policies and best practices
  • Protecting networks and computer systems from unauthorized access
  • And developing counters to any breaches that might occur — while securing as much data as possible

They’re also someone with the ability to work across departments, using their expertise to advocate cyber compliance across the business.

People who focus on cybersecurity analytics are not penetration testers, sometimes called ethical hackers. Penetration testing is when “pen testers” try to break into systems (and not steal anything valuable) to expose safety vulnerabilities. Ethical hacking is highly technical and is considered to be more along the lines of cybersecurity engineering than analysis.

Graphic: Cyber analyst

What do security analysts do?

Security analysts work across a variety of areas to ensure safety for businesses and clients. Cybersecurity analyst jobs often include:

  • Keeping tabs on a business or individual’s security and monitoring access. Analysts can operate as systems administrators to evaluate what’s going on throughout a company’s systems.
  • Preventing breaches. An analyst is an information systems auditor, examines security architecture, security clearances, and more.
  • Monitoring networks and managing software. This includes monitoring for potential threats as well as auditing flaws in existing systems to prevent a potential security breach.
  • Running security assessments. Threat intel analysts are often analyzing data vulnerabilities and run a wide variety of risk analyses to keep an eye on impending threats.
  • Ensuring compliance. There are a lot of regulatory standards that need to be met for the sole purpose of protecting data. Compliance analysts make sure their company — or the company they’re working with — is compliant.
  • Developing security plans and disseminating them to employees. This involves research and establishing processes. This can be as small as reporting phishing emails or as large as implementing a complete cybersecurity training program companywide.
  • Working incident response and disaster recovery. If a data breach does occur, cybersecurity analysts work with a company’s Security Operations Center (SOC team) to act as fast as possible.

Most of the time, a cybersecurity analyst is looking for flaws in computer and information networks to protect a company’s programs, applications, security systems, personal information, and more. They also do a lot of research and reporting given how often hacking and cybersecurity change.

Security analyst job description

Security analysts’ job descriptions can vary widely but there are several themes you’ll see when applying for cybersecurity positions.

Most will list explicitly the items listed above, and mention conducting threat and risk analysis and providing variable solutions to business. Designing and developing security tools and features are often listed, too. Lastly, some specific skills like encryption, firewall, and malware.

How much do cybersecurity analysts make?

According to ZipRecruiter, the national average salary for security analysts in the USA is $100k. According to the Bureau of Labor Statistics (BLS), the 2019 median pay was also $100k. For entry-level security analysts, that number is around $83k on ZipRecruiter.

As with any job, these numbers can also vary based on location and experience.

  • In Chicago, the average is $100k 
    • On Indeed, it’s $90k for an Information Security Analyst
    • On PayScale, it’s $79k
    • On Glassdoor, it’s $73k for a Security Analyst
  • In Atlanta, the average is $97k
    • On Indeed, it’s $89k for a Security Analyst
    • On PayScale, it’s $71k
    • On Glassdoor, it’s $73k

Like many information technology fields, cybersecurity is both future-proof and high-paying. ZipRecruiter offers salaries for almost any location, so we recommend checking out the location that interests you the most.

Career outlook and potential growth

The current outlook for a career as a cybersecurity analyst is extremely positive. According to the BLS, information security analyst jobs are expected to grow by 31% between 2019 and 2029. Traditionally, cybersecurity analysts worked in niche industries, but as consumer companies and everyday brands need to protect client data the roles are becoming more mainstream.

What skills do you need to be a cybersecurity analyst?

It is key to have a mix of both hard and soft skills for a successful career as a cybersecurity analyst. Some soft skills to focus on include, customer success, problem-solving, ability to troubleshoot, and public speaking/presenting. On the technical side, analysts usually know Linux, network security, and Python. Additionally, it is also important to learn information assurance, cryptography, and the NIST cybersecurity framework.

Some analysts — though it’s certainly not a requirement — know cybersecurity programming languages like Python, JavaScript, Go, or C.

Graphic: Cyber languages combined

How to become a cybersecurity analyst

There are two routes you can take when starting your cybersecurity career path. One of those is to get your computer science degree or other cyber-related four-year bachelor’s degree. The other route is to obtain training through boot camps and certifications that do not require a four-year degree. And both work! College is better for some people, and bootcamps are better for others.

Below we outline the steps to starting a career in cybersecurity if, of course, it turns out to be the right fit for you.

Step 1: Dabble in cyber to see if it’s interesting to you

Before you dive headfirst into trying to obtain certifications and formal training in cybersecurity it is important to see if it is the right fit for you. There are several introductory courses you can take to gauge your interest level and see if this is a career passion. Some courses to check out include:

Step 2: Go headfirst and attend a full-time cybersecurity course

Once step one is out of the way it is time to dive headfirst into cybersecurity learning. You can do this by attending a full-time cybersecurity bootcamp or pursuing a degree in computer science. Both have pros and cons.

College courses will typically provide you with a more philosophical (and longer) education. They’ll usually take you 2–4 years to get the skills you need to break into the cyber industry. College tuitions of course vary greatly.

At bootcamps, your education is more practical and hands-on. They’re also much shorter than the 2-4 years at a college — cyber bootcamps are usually around 12-15. A good cyber bootcamp will usually run you around $15k–$20k.

Not sure where to go for one of these bootcamps? Below we outline some of the best bootcamp options. It is important to fully research which bootcamp you choose. The bootcamp should teach both hard and soft skills as well as offer career coaching to help place you with a job upon graduation from the program.

Header: Girl on green couch 1000x

The best in-person cybersecurity courses to change your career

Evolve Cybersecurity Academy

  • With a part-time schedule, this program can be completed in 20 weeks. It’s offered in-person in Chicago or remotely.
  • The program offers CompTIA Security + Voucher, financing options, job preparation, and an apprenticeship program.


  • The CORE cybersecurity bootcamp offered by Secureset is a 20-week program consisting of 400 instruction hours and 400 Lab hours. The program is offered in Colorado Springs and Denver, Colorado.
  • Some areas of learning during the program: Network Security, Security Culture, System Security, and Threat Intelligence to name a few.

Flatiron School’s Cybersecurity Engineering 

  • The cybersecurity engineering program offered by Flatiron School can be completed in as little as 15 weeks. It is designed for students with a technical background to help start a career in cybersecurity engineering and launch you into the forefront of global tech growth.
  • This program is offered in NYC and D.C. As mentioned earlier, this program is more technical than the analytics course, and is more in line with pen testers.
The best online cybersecurity courses to change your career


  • BrainStation offers a part-time course available completely online. During this course, you will learn cybersecurity fundamentals, threat landscape, and security strategy, and risk management. The program prides itself on including renowned guest speakers.

Level Effect

  • Like Brain Station, Level Effect prides itself on speakers and instructors like offensive and defensive cyber operators from U.S. Intelligence, Department of Defense, and private sector.
  • The course content is focused on the real-world practical application of skill by learning the latest cybersecurity tactics, techniques and procedures.

Step 3: Get your certifications

Obtaining certifications help you to gain experience in the industry and demonstrates your knowledge. We typically recommend getting the Sec+ certification. From there it’s best to get some perspective by working in the industry before committing to a specialty, which most certifications represent.

Three other popular certifications
  1. Certified Information Systems Security Professional certification, or CISSP, is the most in-demand professional certification
  2. The second most crucial professional certification is the Certified Information Security Manager certification (CISM)
  3. CISA certification is the third most sought-after professional qualification for cybersecurity positions.

Step 4: Execute an effective job search

There’s one more step after you learn everything you need to know — the job search. One of the perks of attending a bootcamp is the career services they offer. This is one of the most important attributes to look at when deciding which bootcamp program is right for you as some do not offer career services.

Flatiron School offers full comprehensive career services to all graduates to help them find their job and successfully start their new careers. Some tips for nailing your interview include Practicing eye contact along with posture during the interview and after following up with a thank-you note to help stand out. Whatever you do, remember: don’t be scared.


  1. Cybersecurity is an ever-growing career and is more in demand than ever as retail and in-person businesses shift to completely or mostly online operations.
  2. To get started, dabble with some introductory and informational courses to see if this is a path for you.
  3. Once you know this is the career path for you, we recommend taking a cybersecurity course. This will teach you the skills needed to land a job in the industry. There are a variety of avenues to the type of work you may specialize in when becoming a cybersecurity analyst which leads to certifications.
  4. Certifications can help you bolster your résumé when you are applying to jobs or also give you additional, specific training you may need for what niche you land in.
  5. To secure the job after you’ve completed your training it is helpful to lean on your program’s career services to help find available openings. Being sure to have a diverse mix of soft and hard skills will also help at nailing the interview and being successful in your career.

For more background on cyber basics, watch our Network Security 101 workshop from our sister school, SecureSet. It discusses the vital role of cybersecurity and other computer-related IT fields, as well as talks about some of their coursework.

Disclaimer: The information in this blog is current as of 5 February 2021. For updated information visit

Disclaimer: The information in this blog is current as of February 5, 2021. Current policies, offerings, procedures, and programs may differ.

About Katie Gillen

More articles by Katie Gillen