Considering a career in cyber? Apply to our online course and chat with admissions.Learn More
Now more than ever there is an increased demand for information security. If the U.S. government has countless vulnerabilities, it’s safe to say your average private business does, too.
And while sensitive data leaking is almost always a bad thing (Edward Snowden would like a word), it’s also produced lots of lucrative demand for cyber security experts.
Penetration testers, compliance analysts, threat intel analysts, cyber security engineers, and many other cyber job titles see higher demand now than they ever have. And even despite a COVID-19 economic downturn, there's no slowing down in sight.
Many of these jobs fall under what you’d call ‘cyber security analysts,’ the people whose job it is to keep our data safe from intruders.
But what exactly do cyber security analysts do?
What are their responsibilities?
What skills do they need?
How much do make?
What's the future job outlook?
And most importantly: how do you become a cyber security analyst?
What is a cyber security analyst?
Broadly, ‘cyber security analyst’ refers to people responsible for monitoring computer infrastructure, databases, computer networks, and information networks to ensure they’re protected. Sometimes also referred to as information security analysts or threat intel analysts, cyber security analysts are tasked with many things:
Triaging security incidents
Developing policies and best practices
Protecting networks and computer systems from unauthorized access
And developing counters to any breaches that might occur — while securing as much data as possible
They’re also someone with the ability to work across departments, using their expertise to advocate cyber compliance across the business.
People who focus on cyber security analytics are not penetration testers, sometimes called ethical hackers. Penetration testing is when “pen testers” try to break into systems (and not steal anything valuable) to expose safety vulnerabilities. Ethical hacking is highly technical and is considered to be more along the lines of cyber security engineering than analysis.
What do security analysts do?
Security analysts work across a variety of areas to ensure safety for businesses and clients. Cyber security analyst jobs often include:
Keeping tabs on a business or individual's security and monitoring access. Analysts can operate as a systems administrator to evaluate what’s going on throughout a company’s systems.
Preventing breaches. An analyst is an information systems auditor, examining security architecture, security clearances, and more.
Monitoring networks and managing software. This includes monitoring for potential threats as well as auditing flaws in existing systems to prevent a potential security breach.
Running security assessments. Threat intel analysts are often analyzing data vulnerabilities and run a wide variety of risk analysis to keep an eye on impending threats.
Ensuring compliance. There are a lot of regulatory standards that need to be met for the sole purpose of protecting data. Compliance analysts make sure their company — or the company they’re working with — is compliant.
Developing security plans and disseminating them to employees. This involves research and establishing processes. This can be as small as reporting phishing emails or as large as implementing a complete cyber security training program companywide.
Working incident response and disaster recovery. If a data breach does occur, cyber security analysts work with a company’s Security Operations Center (SOC team) to act as fast as possible.
Most of the time, a cyber security analyst is looking for flaws in computer and information networks to protect a company's programs, applications, security systems, personal information, and more. They also do a lot of research and reporting given how often hacking and cyber security changes.
Security analyst job description
Security analysts' job descriptions can vary widely but there are several themes you’ll see when applying for cyber security positions.
Most will list explicitly the items listed above, and mention conducting threat and risk analysis and providing variable solutions to business. Designing and developing security tools and features are often listed, too. Lastly, some specific skills like encryption, firewall, and malware.
How much do cyber security analysts make?
According to ZipRecruiter, the national average salary for security analysts in the USA is $100k. According to the Bureau of Labor Statistics (BLS), the 2019 median pay was also $100k. For entry-level security analysts, that number is around $83k on ZipRecruiter.
On Indeed, the average cyber security analyst salary is $95k
On PayScale, the average is a good bit lower, at $77k, with the median salary also at $77k.
Lastly, on Glassdoor, the average is closer to PayScale’s, at $76k.
As with any job, these numbers can also vary based on location and experience.
In New York City, the average salary is $117k on ZipRecruiter
In San Francisco, the average is $85k
In Washington, D.C., the average is $96k
In Chicago, the average is $100k
In Atlanta, the average is $97k
Like with many information technology fields, cyber security is both future-proof and high-paying. ZipRecruiter offers salaries for almost any location, so we recommend checking out the location that interests you the most.
Career outlook and potential growth
The current outlook for a career as a cyber security analyst is extremely positive. According to the BLS, information security analyst jobs are expected to grow by 31% between 2019 and 2029. Traditionally, cyber security analysts worked in niche industries, but as consumer companies and everyday brands need to protect client data the roles are becoming more mainstream.
What skills do you need to a be a cyber security analyst?
It is key to have a mix of both hard and soft skills for a successful career as a cyber security analyst. Some soft skills to focus on include, customer success, problem-solving, ability to troubleshoot, and public speaking/presenting. On the technical side, analysts usually know Linux, network security, and Python. Additionally, it is also important to learn information assurance, cryptography, and the NIST cybersecurity framework.
How to become a cybersecurity analyst
There are two routes you can take when starting your cybersecurity career path. One of those is to get your computer science degree or other cyber-related four-year bachelor's degree. The other route is to obtain training through boot camps and certifications that do not require a four-year degree. And both work! College is better for some people, and bootcamps are better for others.
Below we outline the steps to starting a career in cybersecurity if of course, it turns out to be the right fit for you.
Step 1: Dabble in cyber to see if it's interesting to you
Before you dive headfirst into trying to obtain certifications and formal training in cyber security it is important to see if it is the right fit for you. There are several introductory courses you can take to gauge your interest level and see if this is a career passion. Some courses to check out include:
The Google IT beginners course, offered through Coursera
Introduction to Cybersecurity Tools & Cyber Attacks, also through Coursera
Flatiron School's Introductory Cybersecurity tutorial
Step 2: Go headfirst and attend a full-time cybersecurity course
Once step one is out of the way it is time to dive headfirst into cybersecurity learning. You can do this by attending a full-time cyber security bootcamp or pursuing a degree in computer science. Both have pros and cons.
College courses will typically provide you with a more philosophical (and longer) education. They’ll usually take you 2–4 years to get the skills you need to break into the cyber industry. College tuitions of course vary greatly.
At bootcamps, your education is more practical and hands-on. They’re also much shorter than the 2-4 years at a college — cyber bootcamps are usually around 12-15. A good cyber bootcamp will usually run you around $15k–$20k.
Not sure where to go for one of these bootcamps? Below we outline some of the best bootcamp options. It is important to fully research which bootcamp you choose. The bootcamp should teach both hard and soft skills as well as offer career coaching to help place you with a job upon graduation from the program.
The best in-person cyber security courses to change your career
With a part-time schedule, this program can be completed in 20 weeks. It’s offered in-person in Chicago or remotely.
The program offers CompTIA Security + Voucher, financing options, job preparation, and an apprenticeship program.
The CORE cyber security bootcamp offered by Secureset is a 20-week program consisting of 400 instruction hours and 400 Lab hours. The program is offered in Colorado Springs and Denver, Colorado.
Some areas of learning during the program: Network Security, Security Culture, System Security, and Threat Intelligence to name a few.
The cyber security engineering program offered by Flatiron School can be completed in as little as 15 weeks. It is designed for students with a technical background to help start a career in cyber security engineering and launch you into the forefront of global tech growth.
This program is offered in NYC and D.C. As mentioned earlier, this program is more technical than the analytics course, and is more in line with pen testers.
The best online cyber security courses to change your career
BrainStation offers a part-time course available completely online. During this course, you will learn cyber security fundamentals, threat landscape, and security strategy, and risk management. The program prides itself on including renowned guest speakers.
Like Brain Station, Level Effect prides itself on speakers and instructors like offensive and defensive cyber operators from U.S. Intelligence, Department of Defense, and private sector.
The course content is focused on the real-world practical application of skill by learning the latest cyber security tactics, techniques and procedures.
Step 3: Get your certifications
Obtaining certifications help you to gain experience in the industry and demonstrates your knowledge. We typically recommend getting the Sec+ certification. From there it’s best to get some perspective by working in the industry before committing to a specialty, which most certifications represent.
Three other popular certifications
Certified Information Systems Security Professional certification, or CISSP, is the most in-demand professional certification
The second most crucial professional certification is the Certified Information Security Manager certification (CISM)
CISA certification is the third most sought-after professional qualification for cyber security positions.
Step 4: Execute an effective job search
There’s one more step after you learn everything you need to know — the job search. One of the perks of attending a bootcamp is the career services they offer. This is one of the most important attributes to look at when deciding which bootcamp program is right for you as some do not offer career services.
Flatiron School offers full comprehensive career services to all graduates to help them find their job and successfully start their new careers. Some tips for nailing your interview include Practicing eye contact along with posture during the interview and after following up with a thank-you note to help stand out. Whatever you do, remember: don’t be scared.
Cyber security is an ever-growing career and is more in demand than ever as retail and in-person businesses shift to completely or mostly online operations.
To get started it’s best to dabble with some introductory and informational courses to see if this is a path for you.
Once you know this is the career path for you, we recommend taking a cyber security course. This will teach you the skills needed to land a job in the industry. There are a variety of avenues to the type of work you may specialize in when becoming a cyber security analyst which leads to certifications.
Certifications can help you bolster your résumé when you are applying to jobs or also give you additional, specific training you may need for what niche you land in.
To secure the job after you’ve completed your training it is helpful to lean on your program’s career services to help find available openings. Being sure to have a diverse mix of soft and hard skills will also help at nailing the interview and being successful in your career.
For more background on cyber basics, watch our Network Securty 101 workshop from our sister school, SecureSet. It discusses the vital role of cyber security and other computer-related IT fields, as well as talks about some of their coursework.
Since we opened our doors in 2012, thousands of students have joined Flatiron School to launch new careers in tech.
Find the perfect course for you across our in-person and online programs designed to power your career change.
Connect with students and staff at meetups, lectures, and demos – on campus and online.
Have a question about our programs? Our admissions team is here to help.