Information Security Analyst

Cyber security breaches are an increasing threat, as demonstrated by successful attacks against major companies like Target, Sony, Equifax, and JPMorgan Chase. As an information security analyst, you serve on the line of defense against these attacks, devising the security systems that keep sensitive data safe and preventing potential intrusions. Cyber security professionals are needed in any industry that uses computers. The Bureau of Labor Statistics projects an 18% increase in security analysis jobs between 2014-2024, which is above average.

What Does an Information Security Analyst do?

Security business analysts are virtual gatekeepers who are responsible for nearly all dimensions of a company’s digital security systems, such as designing computer networks and security procedures and testing cyber defenses for weaknesses. To be a good security specialist, you must understand the techniques that cybercriminals use and devise effective, creative solutions to combat them. You also need to stay current on advances in hacking and digital security. In the worst-case scenario, you must be prepared to control the results of security breaches and exercise effective damage control and containment practices. An effective security analyst must be technically skilled, quick thinking, able to multitask, and capable of functioning under high-stress circumstances.

Common Responsibilities

  • Install and maintain security software A major part of cyber security involves designing, developing, and maintaining an organization’s security systems. This includes installing firewalls and fine tuning data encryption protocols. You must keep an organization’s information systems secure and constantly update them to maintain their stability.
  • Conduct security testing To ensure that an organization’s security measures are adequate, you’re responsible for conducting tests of network security and attempting to penetrate cyber defenses just as hackers would. This type of risk assessment allows you to determine potential weaknesses and update security systems accordingly.
  • Develop security standards and protocols Cyber security professionals must determine appropriate responses to security threats. That means creating security practices, information safety procedures, and organization-wide strategies for security breaches. You may also need to share these strategies with other employees.
  • Research security trends The methods for cyberattacks and defensive strategies are constantly changing, and it’s up to you to stay current on the latest developments. This includes reading industry publications, attending professional conferences, and communicating with other security specialists.
  • Communicate with other employees As a security analyst, you must communicate effectively with other company employees, many of whom lack your technical knowledge and vocabulary. This may include informing company leaders of security concerns and training other employees in basic security procedures.

Security business analysts have a range of career options that require varying levels of responsibility, technical knowledge, and leadership skills. The chart below compiles some of the most common information security positions along with a brief description of job responsibilities and a summary of average pay rates.

Average Salary by Job Title
Job Title Description Average Salary
Information Security Analyst Security business analysts focus on security strategies, rather than hardware. They develop security practices and policies for organizations, ensuring that company operations are conducted in the most secure manner possible. Analysts also coordinate security tools and identify network vulnerabilities, ensuring that security threats are adequately prioritized and remedied. $70,126
Information Security Engineer Security engineers function similarly to analysts, but they take a more active role in building network security systems. Engineers are responsible for developing and evaluating security protocols, configuring network security measures, upgrading network hardware, and responding to active security threats. $91,524
Security Architect, IT Security architects typically assume a managerial role in the development of network security systems, and they may serve as project leaders in the creation of an organization’s overall security platform. They frequently delegate tasks to other security team members and integrate different pieces of security architecture into a comprehensive security structure. $119,941
Director of IT Security Often serving as upper level managers or department heads, IT security directors are typically responsible for coordinating and directing security procedures. They oversee the development of security systems rather than design them. These managers may also be responsible for hiring employees and dictating general IT security practices for the company. $129,269

Potential Industries for Information Security Analysts

Information security is important to any business or organization that keeps digital records or operates online, and security analysts can find employment in a variety of industries. This table compiles some of the most common fields in which security professionals find work.


Employed at hospitals, insurance companies, and other healthcare organizations, these security professionals typically focus on securing patient data. In addition to IT practices, they may also need to be familiar with standards of patient confidentiality and health regulations.

Government Agencies

Security analysts may find work with any number of government organizations, safeguarding agency and employee data. Others may be employed with the Department of Homeland Security, securing the national computer infrastructure against cyberattacks.


E-commerce security analysts provide protection for online retailers and other virtual businesses. Since these companies often store customer credit card information, they may be targeted by cyberattacks frequently.

Financial Markets

IT security professionals employed in the finance industry work to safeguard company and client financial data. Given the nature of the information handled in this industry, these duties are particularly important and may be higher paying.

Becoming an information security analyst makes you a vital part of any organization’s IT department, and you can expect competitive wages and the potential for increased earnings across the course of your career. The following chart lists data on average salary by experience level, showing the opportunity for growth in the field.

Average Salary for Information Security Analysts by Experience Level
Experience Salary
Entry Level (0-5 Years) $63,000
Mid-Career (5-10 Years) $82,000
Experienced (10-20 Years) $89,000
Late Career (20+ Years) $91,000

Pay Difference by City for Information Security Analysts

Geographic location has a significant effect on the average earnings for information security analysts. As with many jobs, you can expect to earn more in major urban centers than in rural areas, but a city’s proximity to prominent companies also affects median earnings. Seattle tops the list, in part due to the presence of tech companies like Microsoft, Amazon, and Nintendo.

Median Salary for BI Analysts by Location
Location Median Salary
Seattle $83,225
New York $80,170
Phoenix $79,803
Chicago $77,482
Austin $76,807

Chris Jordan CEO at Fluency

Chris Jordan founded Endeavor Security, a threat detection and analysis company focused on helping enterprises and governments protect sensitive networks. He also co-founded Fluency®, which is a pioneer in security automation and orchestration and security analytics.

While there are many paths to enter the information security field, almost all of them include a degree from an accredited college. Most security jobs require the combination of education and hands-on experience that only comes from a comprehensive information security program, and this is typically the only way to advance in the industry.

What Degree is Needed to Become an Information Security Analyst?

The typical education requirement for an information security position is a bachelor’s degree in computer science, programming, or another relevant IT field. While an associate degree may lead to some career opportunities, a bachelor’s is typically the minimum requirement for most IT careers. A bachelor's degree also prepares students for career advancement. A computer science degree is appropriate for the field, particularly if it includes coursework in information security. Some colleges also offer dedicated degrees in information security, which can lead to greater opportunities in the field.

Upper-level positions may require you to hold a master’s degree in computer science or a related field, such as an MBA in information systems. These two-year degrees offer a deeper understanding of the field and more specialized knowledge. Graduates are prepared for leadership positions in cyber security. Most master’s degrees also include a significant internship or practicum component, which builds professional experience and makes you more desirable to employers.

Internships for Information Security Analysts

A professional internship is often part of the curriculum for an information security degree, at the undergraduate and graduate level. Internships typically take place in a professional environment, such as a business or government agency. They provide students the opportunity to gain hands-on experience and apply knowledge outside of the classroom. Internships typically occupy a set number of hours per week and fit your class schedule.

Many schools include optional or mandatory internships within their information security curriculum, though you can also pursue internship opportunities independently. These opportunities are typically more about building professional experience than bringing home a paycheck, but some of the more prestigious internships are paid. In many cases, internships translate into college credit, but even when they don’t, these experiences offer opportunities to network and make professional connections.

Information Security Certifications

CompTIA Security+

Recognized worldwide, the CompTIA Security+ certification covers topics such as compliance and operation security, identity management, and host security. The 90-minute, multiple-choice certification exam is recommended for IT professionals with at least two years of security experience.

Certified Ethical Hacker

The CEH certification teaches you to recognize weaknesses and vulnerabilities in network systems the same way that a hacker would, but from a professional security perspective. This four-hour exam requires at least two years of security experience, but you can bypass this requirement by attending an official training session.

Certified Information Systems Security Professional

One of the most recognized professional standards in the IT industry, the CISSP certification focuses on eight domains, including security and risk management, security operations, and identity and access management. To sit for the exam, you need at least five years of professional security experience in at least two of the eight domain areas.

Professional Organizations

  • Association for Computing Machinery With more than 100,000 members around the globe, ACM is the largest computing society in the world, bringing together IT professionals, researchers, and educators. The organization boasts nearly 900 local chapters worldwide and is responsible for organizing special interest groups, conferences, and educational activities. The group also informs the public about the benefits of technology and advocates for public policy that is favorable to the field.
  • National Center for Women and Information Technology With the goal of increasing women’s participation in technology fields, NCWIT encompasses more than 900 colleges, nonprofits, companies, and government organizations. The center uses a three-pronged approach that brings women in technology together through conferences and other networking opportunities, provides learning resources to support individuals and groups, and unites members in the service of policy reform and outreach. NCWIT supports women of all backgrounds and experience levels, from K-12 students to industry leaders.
  • Institute of Electrical and Electronics Engineers Computer Society The IT division of the IEEE serves more than 60,000 members and is dedicated to advancing the interests of computer and technology professionals. The organization sponsors over 200 conferences annually, publishes 17 academic journals and 13 magazines, and offers a comprehensive digital library with more than 550,000 articles focusing on aspects of information technology. Members take advantage of networking opportunities, career development, professional training, and exhaustive informational resources.