What to Know About the Cybersecurity Analyst Career Field

Cybersecurity Analyst Career Field

Discover how to embark on an exciting career as a cybersecurity analyst and unlock the secrets to protecting companies of the future.

Reading Time 7 mins

Cybersecurity analysts are responsible for monitoring and analyzing network and system traffic to identify anomalies, like an unknown device on the network or an indication of a ransomware attack. As part of your job, you will leverage security information and event management (SIEM) tools, extended detection and response (XDR), and other security tools to aggregate information and analyze the information for threats. You might also be tasked with writing Python scripts to automate analysis and alerting.  

As an entry-level analyst, you could implement incident response (IR) playbooks. IR playbooks provide a set of steps that an analyst should take if they encounter a specific incident (like a phishing email attack). Microsoft has some example IR playbooks that you can view for free here.

Depending on where you work, you might conduct vulnerability scanning, which is a way to detect vulnerabilities that a threat actor could exploit. An easy way to think about vulnerabilities is to think about your front door. If your front door doesn’t have any locks then this represents a vulnerability that could be exploited by a burglar (i.e., a threat actor) to steal your jewelry. By adding a lock (security control), you help protect your home from the burglar. 

What Other Job Titles Are There in This Career Field?

You might see other job openings in the cybersecurity analyst career field with titles such as:

  • Information Security Analyst
  • Cybersecurity Specialist
  • Network Security Analyst
  • Cyber Threat Analyst
  • Security Operations Center (SOC) Analyst
  • Incident Response Analyst
  • Vulnerability Analyst
  • Identity and Access Management (IAM) Analyst
  • Security Awareness Analyst

How Much Money Can You Make as a Cybersecurity Analyst?

As a cybersecurity analyst in the United States, the median pay is around $112,000 annually.  Holding a government security clearance in the U.S. can also help you get a higher base salary rate.  

This doesn’t include sign-on or annual bonuses, stock options, or other compensation, which means a career as a cybersecurity analyst can be very lucrative for you.

Compensation influencers for this role are based on your company, geographic location, experience level, specialization, and industry.

Do You Need Certifications to be a Cybersecurity Analyst?

No specific cybersecurity certifications are required to get a job as a cybersecurity analyst in the private sector; however, many people choose to get a certification. If you plan to work for a government agency, they often will require a fundamental cybersecurity certification either upon hire or within a period of time after you are hired for the job.

The most common entry-level certifications for a cybersecurity analyst are the CompTIA Security+, the Google Cybersecurity Certificate, and the ISC2 Certified in Cybersecurity.

Of these certifications, Security+ is still the most common one asked for in job descriptions; however, the other certifications from ISC2 and Google are gaining traction with hiring managers.

Do You Need a College Degree to be a Cybersecurity Analyst?

No college degree is required to become a cybersecurity analyst. Hiring managers often look for hands-on skills with SIEM tools (like Splunk or QRadar) and hands-on experience using a vulnerability scanner (i.e., Nessus, Qualys, etc). This hands-on experience can be as simple as running scans on your home network or host system (e.g., your laptop), or can be through a more formal education experience like college or a cybersecurity bootcamp

Do You Need Technical Skills to Get a Job as a Cybersecurity Analyst?

Some individuals are able to get an entry-level cybersecurity analyst job with textbook knowledge alone; however, having some hands-on skills with security tools helps show hiring managers that you can do the job on day one.  

This brings up another question that some people have about how to show “experience” without having actual work experience in cybersecurity on your resume. The key for anything you are learning is to link it back to a real-world example.

For example, if you recently read an in-depth news story about a cyberattack event, talk about security controls that could have been put into place to protect against the attack (or similar attacks in the future). If you are working through labs in college or a cybersecurity bootcamp right now, ask your instructor how that particular lab could apply to a real-world situation. Then, write about this in your cover letter and/or resume, so hiring managers can see that you can connect your learnings with real-world events and situations.

Is Experience Required to Get Your First Job as a Cybersecurity Analyst?

Experience is not required for your first job; however, almost everyone has transferable soft skills from past jobs or school that are in demand at companies.  

It’s important to include some examples on your resume or cover letter that show how you have used soft skills, like effective communication, in a workplace or school situation. Show how you can solve problems and work in a team.

Hiring managers want to hire people who can solve their problems and work well with others.

Are There Opportunities for Cybersecurity Analyst Internships?

There are some internships available for this role depending on the company; however, most people are hired directly into full-time positions as cybersecurity analysts instead of into internships.

If you find a cybersecurity analyst internship opportunity, know that it can be either paid or unpaid and that many college students can earn credits for working internships.

How Do You Find a Job as a Cybersecurity Analyst?

Pin-Point A Target Industry

The first step is to determine the type of industry you would like to work in. Would you like to work in healthcare, retail, the energy industry, or some other industry? 

Next, look at some of the big companies in the industry as well as smaller startups. Because most people are applying at big companies (e.g., Microsoft), you might get an opportunity at a smaller startup, where they will mentor and train you.

You of course need to look for job openings on popular job boards like LinkedIn, Indeed, and CyberSN, but know that one of the best ways to get any cybersecurity job is to network on social media with people working in that job, as well as find people that work at your dream company and connect with them to learn how they landed the job.

Build A Personal Brand

Building your personal brand means as you are learning, post about what you are learning on social media. This helps show recruiters and hiring managers your passion for analyst work.

For example, let’s say you have just learned how to run a vulnerability scan using Qualys.  Record your screen as you walk others through installing, configuring, and running a scan with Qualys.  

You don’t have to be on camera for the recording and the post will show potential hiring managers that you know how to run a scan and that you could possibly be counted on as a trainer for new hires joining the team. This recording will make you more valuable to the hiring managers than someone who delivered a resume with no posted content because they can see you know how to actually do the job.

Attend Conferences

Another not-so-secret way to find a job is through looking at the sponsor list for a large cybersecurity conference.  

For example, the Black Hat USA conference has dozens of sponsor companies each year. Look at the list linked above and at the company websites to see if they have openings.  

As mentioned earlier, smaller companies on this list will often have openings with very few applications because many people might not know the company. That’s good news for you because it means you might face very little competition for a job opening.

In the end, know this: The fastest way to get your first job will likely be through networking and building your personal brand.

Should You Become a Cybersecurity Analyst?

A career as a cybersecurity analyst might be good for you if you like looking at different data sets and solving puzzles. If you enjoy watching crime shows and figuring out who committed the crime, then an analyst job might also be for you. Cybersecurity analysts have come from backgrounds in auto mechanics, teaching, biology, nursing, food services, retail, military, and even disc jockeying. No matter your background, you can build a career as a cybersecurity analyst.

Working as a cybersecurity analyst might also be a good career for you if you have solid skills in clearly communicating information to a variety of individuals because you will be working with multiple teams and stakeholders across a business or organization.

Working as a cybersecurity analyst can be a rewarding career for you both financially and in the sense that you are doing meaningful, impactful work while helping organizations secure their networks and systems.

If you’ve decided a career in cybersecurity is the right path for you, apply today to Flatiron’s Cybersecurity Bootcamp and learn the tools of the trade in as little as 15 weeks. 

Disclaimer: The information in this blog is current as of January 18, 2024. Current policies, offerings, procedures, and programs may differ.

About Ken Underhill

Ken has over 20 years of IT and cybersecurity experience and holds a graduate degree in cybersecurity. He's also the bestselling author of the book Hack the Cybersecurity Interview.

More articles by Ken Underhill