As the frequency and sophistication of cybersecurity threats mounts, demand is also rising for skilled experts to protect sensitive data and systems. Unlike many other roles in cybersecurity, the cybersecurity analyst role is one that not only takes technical knowledge, but also requires you to coherently tell a story of the full attack chain.
Let’s break down what it takes to become a cybersecurity analyst, as well as the different career paths you can take!
What education do I need to become a cybersecurity analyst?
If you scan the job postings for cybersecurity analysts, you’ll note that many ask for a bachelor’s degree in a related field such as computer science, information technology, or (optimally) cybersecurity.
However, the intense demand for cybersecurity analysts means that companies will consider hiring people who don’t have a formal degree, provided they can prove they have the necessary experience and skills for the job.
From the perspective of Matthew Psencik, director, endpoint security at Tanium, truly good cybersecurity analysts need an investigative drive and mindset in addition to any technical skills learned in the classroom or elsewhere. “I’ve also found that this additional skill set allows people from less technical backgrounds to shine,” he says. “Some of the best analysts I know come from backgrounds that have nothing to do with tech.”
Whether or not you choose to pursue a formal degree, it’s critical to learn the fundamentals of cybersecurity, including cloud, network protocols, virtual machines, and on-premises cybersecurity. In addition to classroom and independent work, budding cybersecurity analysts should pursue internships, part-time jobs, or even volunteer opportunities that allow you to apply what you’ve learned in a real-world setting (pursuing bug bounties is never a bad idea, either; you might actually earn some money while making connections and having fun.)
Do cybersecurity certifications matter for cybersecurity analyst jobs?
Once you’ve earned the necessary education and experience, you can begin applying for cybersecurity analyst positions. You may also wonder if you need to obtain certifications for a better shot at securing a good job.
The most common entry-level certification is the CompTIA Security+ certification. Some other popular certifications that can help one stand out in the analyst field include:
Even if you’re very new to cybersecurity analysis, telling potential employers that you’re actively studying for a certification can boost your chances. “Working towards and obtaining an entry-level cybersecurity certification will show employers you’re serious about this career path,” adds Joe Stallings III, director of strategy, privacy and risk at Coalfire.
No matter how quickly you learn crucial skills, however, you won’t be able to obtain some of the most popular cybersecurity certifications immediately. As Stallings notes, some certifications (such as the CISSP) have a minimum experience requirement (“five years in the field,” for instance) to obtain the full certification.
How do I break into cybersecurity analysis?
Entry-level roles for a cybersecurity analyst may include junior security analyst or security analyst I positions. These jobs often involve tasks such as monitoring security access, conducting vulnerability assessments and responding to security incidents under the supervision of more experienced analysts or managers.
A good place to break into the field is with a Managed Security Service Provider (MSSP), as these companies need lots of staff for all roles to provide services to customers.
“They are a great place to gain experience and exposure to a vast number of tools and environments,” says Matthew Psencik, director, endpoint security at Tanium.
The cybersecurity industry is also filled with many niche arenas such as malware analysis, red teaming, detection engineering, and endpoint security (to just name a few), and MSSPs may give you a chance to try out many of these and find what you enjoy the most.
John Bambenek, principal threat hunter at Netenrich, says he likes hiring people as security analysts who have done work in using the underlying technology first: “For instance, I like hiring system and network administrators because they know how things ‘should’ work and have an understanding of normal, so they have the base tools to diagnose problems.”
A good cybersecurity analyst is a generalist who’s aware of how other cybersecurity roles actually work. “It’s a good place to start to round out understanding across disciplines that can help someone eventually be a better red teamer, incident responder, or threat hunter,” Bambenek adds.
How can I boost my cybersecurity analyst skills quickly?
Psencik says that, while the industry has certifications of many different types and cost levels, it’s also intensely valuable to have a small home lab to practice and learn from.
“This counts not only for those new to the field but even for more senior security professionals,” he explains. “The knowledge I’ve gained from working hands-on with many industry tools like Splunk, Elastic, and Arkime—just a few of the hundreds freely available—is invaluable and will catapult your resume above other candidates that only have certifications listed.”
He notes that if he’s interviewing someone and hears them mention a home lab, he normally pivots his questions to ask about their setup. “These questions allow me to see their interests, and if they can explain their setup and how they use those tools in detail, then it gives me far greater confidence in their practical abilities and their willingness to learn new topics,” he says.
How else can I advance my cybersecurity analyst career?
As a cybersecurity analyst gains experience and further training or certifications, they can progress to more senior roles such as senior security analyst, security consultant or information security manager.
“The cybersecurity industry has grown and transitioned over the years, creating more nuanced areas of focus within the industry such as cloud security, DevOps and governance, risk and compliance,” Stallings says. “These are worth exploring as you decide which direction aligns with your skillsets, interest and abilities.”
With sufficient experience and leadership skills, a cybersecurity analyst could eventually become a chief information security officer (CISO) who is responsible for an organization’s overall information security program.
Unfortunately, many organizations do not adequately have programs to promote from within. “Due to the demand in qualified cybersecurity staff, it’s easier to get promotions by working in a role for a year or two and then apply for a higher position in another organization,” Bambeneck says. “If the analyst aggressively pursues professional development, they can quickly mold themselves into a capable incident responder, penetration tester, threat hunter, or cybersecurity data scientist.”
From his perspective, ultimately, there are two paths: leadership or technical subject matter experts (SMEs). “Many organizations promote experts into management, and this is a mixed bag, at best, as management skills are distinct from technical expertise,” he says. “It is OK for technical experts not to want to manage people—though they still should be willing to mentor junior staff.”
Technical SMEs must specialize, but it never hurts to learn as much as possible about other security disciplines. “For those interested in leadership, take the time to add in management skills and people management into professional development,” he adds. “In both cases, having a mentor who has about a decade more experience can be invaluable.”
How can cybersecurity analysts keep current on professional development?
For continued career development, a cybersecurity analyst should stay up-to-date with the latest threats and security tools. That’s in addition to regularly pursuing further training or certifications, combined with practical experience.
“Soft skills like communication and leadership are also important for career advancement,” Stallings adds, noting the top of the career ladder involves setting an overall direction for an organization’s cybersecurity program. You can’t accomplish that sort of thing without securing enthusiastic buy-in from members throughout an organization, which requires extensive people skills.
“It’s also increasingly common for CISOs to have a business background in addition to their technical expertise, as the role often entails making business decisions related to risk management and resource allocation,” he notes.
As you advance in your cybersecurity analyst career, consider participating in professional associations such as the Association of Information Technology Professionals (AITP), Information Systems Security Association (ISSA) and International Information System Security Certification Consortium (ISC2). “These are great ways to stay abreast of important industry trends, become a subject matter expert in focused areas of the industry, and network with other industry professionals,” Stallings says.