Security business analysts have a range of career options that require varying levels of responsibility, technical knowledge, and leadership skills. The chart below compiles some of the most common information security positions along with a brief description of job responsibilities and a summary of average pay rates.
|Job Title||Description||Average Salary|
|Information Security Analyst||Security business analysts focus on security strategies, rather than hardware. They develop security practices and policies for organizations, ensuring that company operations are conducted in the most secure manner possible. Analysts also coordinate security tools and identify network vulnerabilities, ensuring that security threats are adequately prioritized and remedied.||$70,126|
|Information Security Engineer||Security engineers function similarly to analysts, but they take a more active role in building network security systems. Engineers are responsible for developing and evaluating security protocols, configuring network security measures, upgrading network hardware, and responding to active security threats.||$91,524|
|Security Architect, IT||Security architects typically assume a managerial role in the development of network security systems, and they may serve as project leaders in the creation of an organization’s overall security platform. They frequently delegate tasks to other security team members and integrate different pieces of security architecture into a comprehensive security structure.||$119,941|
|Director of IT Security||Often serving as upper level managers or department heads, IT security directors are typically responsible for coordinating and directing security procedures. They oversee the development of security systems rather than design them. These managers may also be responsible for hiring employees and dictating general IT security practices for the company.||$129,269|
Potential Industries for Information Security Analysts
Information security is important to any business or organization that keeps digital records or operates online, and security analysts can find employment in a variety of industries. This table compiles some of the most common fields in which security professionals find work.
Employed at hospitals, insurance companies, and other healthcare organizations, these security professionals typically focus on securing patient data. In addition to IT practices, they may also need to be familiar with standards of patient confidentiality and health regulations.
Security analysts may find work with any number of government organizations, safeguarding agency and employee data. Others may be employed with the Department of Homeland Security, securing the national computer infrastructure against cyberattacks.
E-commerce security analysts provide protection for online retailers and other virtual businesses. Since these companies often store customer credit card information, they may be targeted by cyberattacks frequently.
IT security professionals employed in the finance industry work to safeguard company and client financial data. Given the nature of the information handled in this industry, these duties are particularly important and may be higher paying.
Chris Jordan CEO at Fluency
What advice would you give to someone looking to begin their career in information security analytics?
Next, find what you want to do in cybersecurity. Though you might want to take the first job that comes your way, you need to figure out what part of security you want as your career. Saying you want to do security, is like saying you want to work in computers. Figure out if you want to be an analyst, ethical hacker, certifier or network security engineer.
Once you know what you want to do, start lining up formal classes, certificate sessions and informal training. Though CISSP is a common requirement for most jobs, it will not separate you from other candidates. You need to show additional focus, such as ethical hacker and capture-the-flag experience, to make you stand out.
It’s also important to remove what you do not want to do. When I graduated, I put my English minor on resumes. With a computer science degree, every employer wanted me to write documentation. When I started looking for my second job, I removed my English minor and removed all the documentation work I did, focusing on the software testing and coding. That was the last documentation job I had. When you first start working we look for things to add to your resume, but as one matures we make our resumes focused on what we want to do and what showcases who we are.
What inspired you to get your master’s in computer science?
I was not fortunate enough to go straight to graduate school after finishing my undergraduate. I worked full time and started taking night classes. When I first started in computer security, there were no degrees in security. A master’s degree was actually required by some organizations in order to do what is called penetration testing today.
To me, a computer science master was the key to get a job that was more creative and interesting. While most of the coders I knew had jobs coding database interfaces, I was able to get jobs that involved network design and red teaming. A master’s degree kept me in more cutting-edge jobs.
Why is information security such an important topic in our modern society?
As an information society, being able to control information is a foundational need. In the industrial day, the control of actions was performed by people using machines. Securing industry was about physical security and trusting people. But in the autonomous age, the internet-of-things, people manage decisions. Systems implement action without people. This is how companies and governments can scale.
Information security is about how to control these scaled devices. While we use to worry about controlling secrets, we now must maintain a greater control on who controls devices.
Why is information security an exciting and/or lucrative industry to join right now?
I think there is more to security than just a good job. Security is a rare job based on competition. One side is trying to enforce security, while another is actively trying to defeat it. Both sides are extremely well funded, and this makes for incredible jumps in technology.
However, security is not just about security. Every new technology feature changes how security works. While iPhones are now implementing augmented reality, there is going to be a need on how to secure it. Security is always being dragged into every technological advancement.
In your opinion, will this industry grow as time goes on? Will there be a higher demand for security analysts?
But security is like math. Each succeeding generation of technology is better understood by knowing the previous technology. The fundamentals of security have not changed. Knowing the fundamentals and learning how to apply them to a problem is timeless. This is why higher education is desired by employers. We know that the technology changes, but the processes to understand and resolve problems is the true skill that advanced education provides.
While there are many paths to enter the information security field, almost all of them include a degree from an accredited college. Most security jobs require the combination of education and hands-on experience that only comes from a comprehensive information security program, and this is typically the only way to advance in the industry.
What Degree is Needed to Become an Information Security Analyst?
The typical education requirement for an information security position is a bachelor’s degree in computer science, programming, or another relevant IT field. While an associate degree may lead to some career opportunities, a bachelor’s is typically the minimum requirement for most IT careers. A bachelor’s degree also prepares students for career advancement. A computer science degree is appropriate for the field, particularly if it includes coursework in information security. Some colleges also offer dedicated degrees in information security, which can lead to greater opportunities in the field.
Upper-level positions may require you to hold a master’s degree in computer science or a related field, such as an MBA in information systems. These two-year degrees offer a deeper understanding of the field and more specialized knowledge. Graduates are prepared for leadership positions in cyber security. Most master’s degrees also include a significant internship or practicum component, which builds professional experience and makes you more desirable to employers.
Internships for Information Security Analysts
A professional internship is often part of the curriculum for an information security degree, at the undergraduate and graduate level. Internships typically take place in a professional environment, such as a business or government agency. They provide students the opportunity to gain hands-on experience and apply knowledge outside of the classroom. Internships typically occupy a set number of hours per week and fit your class schedule.
Many schools include optional or mandatory internships within their information security curriculum, though you can also pursue internship opportunities independently. These opportunities are typically more about building professional experience than bringing home a paycheck, but some of the more prestigious internships are paid. In many cases, internships translate into college credit, but even when they don’t, these experiences offer opportunities to network and make professional connections.