How do I become an Information Security Analyst?

How do I Become an Information Security Analyst?

More than ever, information is valuable. With everyone’s digital footprint growing daily, that’s more and more of a liability for any organization that holds personal information for their stakeholders. Cue the burgeoning industry of cybersecurity, and more specifically, information security analysts. Information security analysts are responsible for keeping up to date with the latest tactics of hackers, planning and implementing security measures, and creating and instituting proper cybersecurity policies in their workplace. Information Security Analysts may end up specializing in one particular part of digital infrastructure, or work in a more generalist setting where they are responsible for protecting computer systems, networks, and data. Demand in information security roles is only on the rise, and with a shortage of highly trained cybersecurity professionals, students looking to move into this sector of the economy can command admirable salaries.

Salary of Information Security Analysts:

Depending on location, skillset, and experience, salaries for Information Security Analysts can vary quite a bit. According to, the lowest salary for a current job listing in the field is $49,478, while the highest is $102,185, making the mean salary for current information security analyst openings $70,400. Of Information Security Analyst positions, those with manager, officer, or architect in their title tend to have salaries on the higher end or above this range. Those listing the skills of project management and security risk management, salaries averaged 10% higher than other openings. Salaries were highest for these positions in Seattle and New York.

Common skillsets necessary for Information Security Analyst Positions:

  • Penetration and vulnarability testing knowledge
  • Anti-virus and anti-malware knowledge
  • Computer networking, routing and switching security knowledge
  • Knowledge of establishing and maintaining firewalls and detection protocols
  • OS and terminal knowledge of Windows, Linux, and Unix
  • At least one scripting language such as C, C++, C#, Java, PHP, or Python
  • Knowledge of best practices and implementation for cloud computing
  • Security information and event management

Information Security Analyst Job Description:
Information security analysts often work in research roles, compiling information and implementing changes to meet best practices for security depending on the technologies of their employer. At other times, information security analysts may try to infiltrate their own technologies to expose risks, and will frequently monitor usage metrics as well as risk factors for cyber attacks. Top-level goals of information security analyst positions are to minimize downtime of digital services and to protect digital assets. Information Security Analysts are tasked with staying up-to-date on their hard skills in many subdisciplines of information technology, as well as effectively interacting with and informing broader organizations through proper judgement and communication.

What education and experience does an Information Security Analyst postition require?
Academic requirements for information security analyst positions vary widely from organization to organization. That said, applicants are commonly required to posses a technical bachelors degree such as a bachelors in computer science, information technology, or information systems. There are also some specialized bachelors-level degrees in cyber security. A wider range of information assurance and security degrees are available at a masters level. A wide range of certification are also available for those looking to switch from another technical discipline to cybersecurity, or to advance up the career latter.

Common Information Security Analyst Certifications:

  • CEH: Certified Ethical Hacker
  • ECSA: EC-Council Certified Security Analyst
  • GSEC / GCIH / GCIA: GIAC Security Certifications
  • CISSP: Certified Information Systems Security Professional

Resources for becoming an Information Security Analyst:

Check out our ranking of the best online information technology bachelors degree programs.

Check out our ranking of the best online information systems bachelors degree programs.

Check out our ranking of the best online Information Assurance and Srcurity masters degree programs.

The InfoSec Institute has a wide variety of resources for aspiring or current information security analysts.

What is ethical hacking?

When most people hear the words “ethical” and “hacking” together, their first thought is often a question: “Isn’t that a contradiction in terms? How can someone who breaks into other people’s computer systems be ‘ethical’?” Those more familiar with what “ethical” and “hacking” mean on their own, as well as some awareness of current events, might think about groups like WikiLeaks or Anonymous: hacktivist collectives whose aim to infiltrate computer systems with the utilitarian goal of exposing “the bad guys” for a greater good is known across the globe. Still others might think that ethical hacking is as simple as when you open up a friend’s laptop to a logged-in Facebook account, post a joke or funny picture, and leave their page a little better off than how you found it.

None of these people is far from the truth. Even ethical hackers and computer scientists sometimes think of the words “ethical hacking” as an oxymoron; hackers associated with WikiLeaks and Anonymous have participated in (or taught) the kinds of security-testing hacks that are deemed ethical with the permission of the “hacked” organization; and hacking someone else’s Facebook, if it was done with the user’s permission and for the purpose of security testing, can actually fall under the category of “white hat” (as opposed to “black hat“) hacking.

So what is ethical hacking and who can be said to do it properly? The long complicated answer is “Cybersecurity professionals who are paid penetration testers.” The short simple answer is Certified Ethical Hackers (CEH). Using PayScale, we found the three top job titles that CEH’s commonly assume in the workplace, as well as a few resources for where to go to become a Certified Ethical Hacker if you’re interested in a career in white hat hacking. Contact us if you have questions about this blog post or any others on

Information Security Analyst

Information Security Analysts are often responsible for solving security problems at companies and organizations with substantial technological and informational infrastructure. Duties usually include conducting research on a company’s or organization’s computing systems, a task that requires the ability to collect data, develop large-scale, logistical, and problem-solving strategies for potential security breaches, as well maximize computational productivity. Most Information Security Analysts are highly equipped multi-taskers and superb critical thinkers. They often monitor and document security breaches of company rules that govern computer usage. They sometimes draft these rules altogether. And of course, they must know how to operate every central component of a company’s technological infrastructure, from routers, to firewalls, to memory storage hardware, as well as how to lead IT professionals as a team in their effort to ward off cyberattacks.

  • Common places of work: Medium-to-large corporations, Governmental organizations, and Universities.
  • Salary: $50,000-$105,00 per year, depending on location

Check out our ranking of the best online masters in information assurance and security degree programs

Security Engineer

Security Engineers are often responsible for creating new and effective ways of ramping up security at their employing institution. They are on the front lines of solving problems that lead to better detection of unwanted intruders, as they are usually the first responders to technical problems that deal with software and hardware malfunction. In order to perform this job, Security Engineers require exceptional skills, not only in their ability to respond to emergent security situations, but to track down infringements against security policy using in-depth knowledge of computer forensics. They also need to know when and how to take direction, when and how to work independently, and most of all how to maximize utility within a team of IT professionals whose end-goal is always more secure computation and connectability. In-depth knowledge of the principles and practices of computer engineering is a must.

  • Common places of work: Small, medium, and large corporations, Cybersecurity firms, Home
  • Salary: $57,000-$125,000, depending on location

Check out our ranking of the best online masters in information assurance and security degree programs

Penetration Tester

Penetration Testers are often responsible for maintaining secure connectability between internal and external communications. This means they’re often the stewards of the computational border between email servers, accounting and communications software, and the Internet. Penetration Testers work tirelessly to ferret out weaknesses in company firewalls that may otherwise allow hackers the inadvertent access they crave for sensitive personal, professional, and otherwise private data. They might even build their own tools for security testing, tools that are designed to compromise their own systems, as they’re always striving to think like a hacker in order to remain one step ahead of the threat they protect against. Communication and teambuilding skills are a must for penetration testers, who often rely on coordination and collaboration with multiple other penetration tester to address every angle of the collective threat that hackers pose today. Expertise and experience in cybersecurity are also a must, while expertise in black hat hacking might be a plus.

  • Common places of work: Small, medium, and large corporations, Cybersecurity firms, Governmental organizations
  • Salary: $43,000-$130,000, depending on location

Check out our ranking of the best online masters in information assurance and security degree programs

Resources for Becoming a Certified Ethical Hacker: