Information Security Analysts


Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases.

Duties

Information security analysts typically do the following:

  • Monitor their organization’s networks for security breaches and investigate a violation when one occurs
  • Install and use software, such as firewalls and data encryption programs, to protect sensitive information
  • Prepare reports that document security breaches and the extent of the damage caused by the breaches
  • Conduct penetration testing, which is when analysts simulate attacks to look for vulnerabilities in their systems before they can be exploited
  • Research the latest information technology (IT) security trends
  • Develop security standards and best practices for their organization
  • Recommend security enhancements to management or senior IT staff
  • Help computer users when they need to install or learn about new security products and procedures

IT security analysts are heavily involved with creating their organization’s disaster recovery plan, a procedure that IT employees follow in case of emergency. These plans allow for the continued operation of an organization’s IT department. The recovery plan includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.

Information security analysts must stay up to date on IT security and on the latest methods attackers are using to infiltrate computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization.

Information security analysts held about 112,300 jobs in 2018. The largest employers of information security analysts were as follows:

Computer systems design and related services 26%
Finance and insurance 18
Management of companies and enterprises 10
Information 8
Administrative and support services 6

Many information security analysts work with other members of an information technology department, such as network administrators or computer systems analysts.

Work Schedules

Most information security analysts work full time. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency. Some work more than 40 hours per week.

Most information security analyst positions require a bachelor’s degree in a computer-related field. Employers usually prefer analysts to have experience in a related occupation.

Education

Information security analysts usually need at least a bachelor’s degree in computer science, information assurance, programming, or a related field. 

Some employers prefer applicants who have a Master of Business Administration (MBA) in information systems. Programs offering the MBA in information systems generally require 2 years of study beyond the undergraduate level and include both business and computer-related courses.

Work Experience in a Related Occupation

Information security analysts generally need to have previous experience in a related occupation. Many analysts have experience in an information technology department, often as a network or computer systems administrator. Some employers look for people who have already worked in fields related to the one in which they are hiring. For example, if the job opening is in database security, they may look for a database administrator. If they are hiring in systems security, a computer systems analyst may be an ideal candidate.

Licenses, Certifications, and Registrations

There are a number of information security certifications available, and many employers prefer candidates to have certification, which validates the knowledge and best practices required from information security analysts. Some are general information security certificates, such as the Certified Information Systems Security Professional (CISSP), while others have a more narrow focus, such as penetration testing or systems auditing.

Advancement

Information security analysts can advance to become chief security officers or another type of computer and information systems manager.

Important Qualities

Analytical skills. Information security analysts must carefully study computer systems and networks and assess risks to determine how security policies and protocols can be improved.

Detail oriented. Because cyberattacks can be difficult to detect, information security analysts must pay careful attention to computer systems and watch for minor changes in performance.

Ingenuity. Information security analysts must anticipate information security risks and implement new ways to protect their organizations’ computer systems and networks.

Problem-solving skills. Information security analysts must respond to security alerts and uncover and fix flaws in computer systems and networks.

The median annual wage for information security analysts was $98,350 in May 2018.

The median wage is the wage at which half the workers in an occupation earned more than that amount and half earned less. The lowest 10 percent earned less than $56,750, and the highest 10 percent earned more than $156,580.

In May 2018, the median annual wages for information security analysts in the top industries in which they worked were as follows:

Computer systems design and related services $102,620
Finance and insurance 101,130
Information 96,580
Management of companies and enterprises 94,180
Administrative and support services 94,120

Most information security analysts work full time. Information security analysts sometimes have to be on call outside of normal business hours in case of an emergency. Some work more than 40 hours per week.

Information Security Analysts

Median annual wages, May 2018

Information security analysts

$98,350

Computer occupations

$86,320

Total, all occupations

$38,640

 

Employment of information security analysts is projected to grow 32 percent from 2018 to 2028, much faster than the average for all occupations.

Demand for information security analysts is expected to be very high. Cyberattacks have grown in frequency, and analysts will be needed to come up with innovative solutions to prevent hackers from stealing critical information or creating problems for computer networks.

Banks and financial institutions, as well as other types of corporations, will need to increase their information security capabilities in the face of growing cybersecurity threats. In addition, as the healthcare industry expands its use of electronic medical records, ensuring patients’ privacy and protecting personal data are becoming more important. More information security analysts are likely to be needed to create the safeguards that will satisfy patients’ concerns.

Employment of information security analysts is projected to grow 55 percent in computer systems design and related services from 2018 to 2028. The increasing adoption of cloud services by small and medium-sized businesses and a rise in cybersecurity threats will create demand for managed security services providers in this industry.

Job Prospects

Job prospects for information security analysts should be good. Information security analysts with related work experience will have the best prospects. For example, an applicant with experience as a database administrator would have better prospects in database security than someone without that experience.

Employment projections data for information security analysts, 2018-28
Occupational Title SOC Code Employment, 2018 Projected Employment, 2028 Change, 2018-28 Employment by Industry
Percent Numeric

SOURCE: U.S. Bureau of Labor Statistics, Employment Projections program

Information security analysts

15-1122 112,300 147,700 32 35,500 Get data

This table shows a list of occupations with job duties that are similar to those of information security analysts.

Occupation Job Duties Entry-Level Education Median Annual Pay, May 2018

Computer and Information Research Scientists

Computer and information research scientists invent and design new approaches to computing technology and find innovative uses for existing technology.

Master’s degree $118,370

Computer and Information Systems Managers

Computer and information systems managers plan, coordinate, and direct computer-related activities in an organization.

Bachelor’s degree $142,530

Computer Network Architects

Computer network architects design and build data communication networks, including local area networks (LANs), wide area networks (WANs), and Intranets.

Bachelor’s degree $109,020

Computer Programmers

Computer programmers write and test code that allows computer applications and software programs to function properly.

Bachelor’s degree $84,280

Computer Support Specialists

Computer support specialists provide help and advice to computer users and organizations.

See How to Become One $53,470

Computer Systems Analysts

Computer systems analysts study an organization’s current computer systems and find a solution that is more efficient and effective.

Bachelor’s degree $88,740

Database Administrators

Database administrators (DBAs) use specialized software to store and organize data.

Bachelor’s degree $90,070

Network and Computer Systems Administrators

Network and computer systems administrators are responsible for the day-to-day operation of computer networks.

Bachelor’s degree $82,050

Software Developers

Software developers create the applications or systems that run on a computer or another device.

Bachelor’s degree $105,590

Web Developers

Web developers design and create websites.

Associate’s degree $69,430

For more information about computer careers, visit

Association for Computing Machinery

Computing Research Association

IEEE Computer Society

For information about opportunities for women pursuing information technology careers, visit:

National Center for Women & Information Technology

O*NET

Information Security Analysts


Suggested citation:

Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, Information Security Analysts,
on the Internet at https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm (visited ).


 

Tracey Lamphere

Tracey Lamphere, M.S. IMC is the editor of Job Affirmations, a publication that provides information and ideas to use mindfulness, positive affirmations, and visualizations to transform your career.

Recent Posts